Client Profile
The client is a US food and beverage manufacturer producing branded and private-label products across snack foods, condiments, and beverages. The company operates five production facilities across the southeastern and midwestern United States, employs approximately 6,500 people in manufacturing, supply chain, sales, and corporate functions, and distributes through a combination of direct retail, distributor, and e-commerce channels.
SAP ERP has been the company's core platform for finance, procurement, production planning, and inventory management since 2014. The company has invested significantly in integrating SAP with its operational technology stack — connecting production scheduling software used on the manufacturing floor, a supply chain visibility platform shared with key logistics partners, and a retailer order management portal used to process orders from the company's major retail customers. All three integrations had been developed and maintained by the company's internal IT team and had not been assessed for SAP indirect access compliance since their initial deployment.
The Challenge
SAP's US compliance team delivered an audit notification to the company's IT leadership in August 2024, identifying the three third-party integrations as the basis for an indirect access assessment. SAP's audit scripts analysed the company's SAP ERP system and produced a report claiming indirect access exposure of $3.2 million, calculated by applying per-document rates to aggregate SAP document volumes associated with each of the three integration interfaces over the preceding 36 months.
SAP's analysis attributed the following document volumes to indirect access: 1.4 million production orders and process orders from the production scheduling system integration; 680,000 purchase orders and goods receipts from the supply chain platform integration; and 920,000 sales orders and delivery documents from the retailer order portal. At SAP's standard per-document rate structure, these volumes produced the $3.2M claim figure.
The company's VP of Operations Technology reviewed SAP's audit findings and immediately identified a fundamental problem with the production scheduling element: the company's shop floor supervisors created production orders directly in SAP as part of their normal work process, and the production scheduling system subsequently read those orders to update the scheduling queue. SAP's audit extraction had attributed the full production order volume to the scheduling system interface — without accounting for the fact that the orders themselves were created by direct SAP users, not by the interface. A similar concern applied to a portion of the supply chain platform's goods receipt volumes.
The Approach
Redress Compliance conducted a systematic technical review of all three integration scenarios, examining the actual data flow between each third-party system and SAP ERP, and validating SAP's document count attribution against the company's actual transaction records.
For the production scheduling integration, the review established that the scheduling system's SAP interface was read-only for production order data — it read orders created by direct SAP users and did not create any SAP documents independently. The production order volumes in SAP's audit extraction had been generated entirely by shop floor supervisors using direct SAP access. The scheduling system's only write interaction with SAP was a confirmation status update — a single-field update that did not constitute document creation under SAP's indirect access framework. Redress Compliance documented this finding across a 36-month transaction sample, demonstrating that zero production orders in the audit period had been created through the scheduling system interface.
For the supply chain platform integration, the review identified that approximately 62% of the goods receipt documents attributed to the platform by SAP's audit extraction had been created by direct SAP users in the company's purchasing team, and had been allocated to the supply chain interface because the platform had triggered the goods receipt workflow notification — not because the platform had created the document. The remaining 38% of goods receipts, created by the platform's automated three-way match process, represented genuine indirect access exposure.
The retailer order portal integration was found to represent genuine indirect access across the full volume of sales orders created through the portal, as the portal's integration architecture created SAP sales orders directly without involving a direct SAP user in the creation step. Redress Compliance negotiated DAAP settlement terms for this integration, and for the genuine supply chain goods receipt volumes, incorporating the company's projected growth in e-commerce and retail portal order volumes over the forward DAAP period.
The Outcome
The company's SAP indirect access settlement was agreed at $480,000 via DAAP — an 85% reduction from SAP's initial audit claim of $3.2 million. The production scheduling integration was fully excluded from the settlement, with Redress Compliance's technical documentation accepted by SAP as demonstrating that no indirect access had occurred. The supply chain platform element settled at $85,000, reflecting the 38% of goods receipts that represented genuine indirect access. The retailer portal settlement of $395,000 established a DAAP digital access document allotment sized to the company's actual and projected retail order volumes.
The forward DAAP commercial framework provides the company with a predictable annual digital access cost of approximately $95,000, reflecting the ongoing order volumes from the retailer portal integration. This replaces what would have been an annual indirect access exposure of approximately $320,000 under SAP's unchallenged audit methodology.
Key Takeaways
- Production scheduling system integrations in manufacturing environments are frequently mischaracterised as document-creating by SAP's audit extraction methodology. Shop floor supervisors creating production orders directly in SAP — a near-universal operational practice in manufacturing environments — generate document volumes that SAP's automated scripts routinely attribute to the production scheduling interface. A technical review of the actual data flow is essential before accepting SAP's document count for any production-related integration.
- The distinction between triggering a workflow and creating a document is critical in SAP indirect access analysis. Many supply chain and logistics platform integrations trigger SAP workflow notifications or status updates without themselves creating SAP documents. SAP's audit extraction methodology can conflate the workflow trigger with document creation, producing significantly inflated document count attributions for integrations that have limited or no actual indirect access obligation.
- Food and beverage manufacturers with retailer portal integrations face genuine, growing indirect access exposure that DAAP addresses effectively. Retailer order management portals that create SAP sales orders directly represent genuine indirect access obligation, and their document volumes are growing with the shift to digital ordering and e-commerce. DAAP provides a structured, cost-predictable framework for managing this exposure — including historical amnesty and forward pricing that scales with actual order volumes.
- A 36-month transaction sample is the appropriate scope for challenging historical SAP audit findings. SAP's audit methodology applies a rolling 36-month look-back period for historical indirect access exposure. Challenging SAP's document attributions over this full period, with transaction-level evidence, provides the most comprehensive basis for a successful methodology challenge and the largest reduction in historical exposure.
- Settling genuine indirect access scenarios through DAAP consistently delivers better commercial outcomes than contesting them through the audit process. For integrations where genuine indirect access obligation exists — such as the retailer order portal in this engagement — DAAP settlement terms, particularly for organisations approaching SAP proactively rather than responding to an audit, consistently produce lower forward costs and more favourable per-document rates than audit-driven settlements.
US food or beverage manufacturer receiving an SAP indirect access audit notification?
Redress Compliance has worked with US manufacturers on SAP production system audit responses — challenging double-counting methodology in production scheduling and supply chain integrations to deliver substantial claim reductions.