Work through each item with your SAP licence administrator and procurement lead. Check off items your organisation has addressed. Any unchecked item in the High risk category represents a live cost or compliance exposure. Use the scoring guide at the bottom to interpret your results and prioritise next steps.
Section 1
FUE Fundamentals & Conversion Ratios
01
Your team understands the three core FUE conversion ratios: 1 Advanced User = 1.0 FUE; 1 Core User = 0.2 FUE (5 Core = 1 FUE); 1 Self-Service User = 0.033 FUE (30 Self-Service = 1 FUE).
High
Expert note: These ratios are not negotiable — they are set by SAP's standard price list. Yet in nearly 60% of engagements we see organisations that have defaulted every user to Advanced status during the initial migration estimate, inflating their quoted FUE count by two to four times what is actually required. Start here before any other sizing exercise.
02
You have confirmed whether your deployment is S/4HANA Cloud Public Edition, Private Edition, or on-premise — and know that FUE applies only to Cloud editions (Public and Private).
High
Expert note: On-premise S/4HANA still uses named-user licence metrics (Professional, Limited, Self-Service), not FUEs. Organisations that have received RISE proposals often conflate the two models, leading to incorrect cost projections. The distinction also affects how you present current spend as a negotiating baseline when converting from ECC.
03
You understand that Developer users consume 2.0 FUE each, and all Developer accounts in your RISE contract have been explicitly identified and counted.
Medium
Expert note: Developer and technical users are frequently overlooked in the initial FUE sizing exercise — particularly users in Basis, ABAP development, and Fiori extension roles. SAP's STAR report does not always cleanly distinguish these; manual review is required. Each omitted Developer represents a 2.0 FUE shortfall at true-up.
04
You have run a formal FUE calculation using a current, accurate user list — not a figure extrapolated from your ECC named-user count or provided by SAP's presales team.
High
Expert note: SAP's sales team has a strong incentive to anchor FUE sizing to your current (often bloated) licence spend. An independent analysis typically finds that 30–50% of named users in legacy ECC deployments can be reclassified to Core or Self-Service in S/4HANA, materially reducing required FUEs. Do not enter contract negotiations without this independent figure.
Section 2
User Classification & Role Assignment
05
Each user's SAP role and authorisation profile has been mapped to the correct FUE category (Advanced, Core, or Self-Service) based on what they are authorised to do — not what they typically do day-to-day.
High
Expert note: This is the most common and costly misunderstanding in FUE licensing. SAP classifies users by their maximum authorised capability, not their actual usage frequency. A warehouse operative who rarely logs in but holds a broad Materials Management role will still count as an Advanced User. Role rationalisation — removing unnecessary transaction codes — is therefore the primary lever for FUE reduction.
06
Inactive users (no login in the past 6 months) have been identified, reviewed, and either deactivated or formally retired from the user master — and are not included in the FUE calculation.
Medium
Expert note: In organisations with high staff turnover — retail, logistics, professional services — inactive accounts typically represent 15–25% of the user master. These accounts still consume FUEs if they remain active. A quarterly inactive-user sweep is standard practice in well-governed SAP estates and typically delivers an immediate 10–15% FUE reduction with zero business impact.
07
Self-Service users have been validated: they interact with S/4HANA only through predefined portals, Fiori apps, or ESS/MSS tiles — and do not hold any authorisations that would trigger a Core or Advanced classification.
Medium
Expert note: Self-Service is the most cost-effective FUE category (30 users per FUE) but also the most easily invalidated. If a Self-Service user has been granted a single back-office authorisation — even as part of a composite role — SAP will reclassify them upward at audit. Keep Self-Service role profiles locked down to read-only and pre-defined self-service scopes.
08
Robotic process automation (RPA) bots, integration users, and background processing accounts have been assessed for their licence implications — and are not being counted as human users.
High
Expert note: SAP does not provide a discounted "bot user" licence type. An RPA bot that logs into S/4HANA using a standard dialogue user ID consumes a licence just as a human would. In the FUE model, bots with broad authorisation profiles will default to Advanced (1.0 FUE each). Organisations running large RPA programmes should evaluate whether Digital Access licensing for document creation is a cheaper alternative to assigning full user licences to bots.
Want our FUE calculation template and RISE negotiation playbook?
Download the SAP Audit Defence Framework — covers FUE sizing, DDLC modelling, and RISE contract clauses.
Section 3
Indirect Access & Digital Access Licensing (DDLC)
09
You have identified every third-party system (Salesforce, Workday, ServiceNow, custom portals, IoT platforms, etc.) that creates, reads, updates, or deletes data in S/4HANA without users logging in directly.
High
Expert note: SAP's Digital Access / DDLC model charges by the number of documents created in S/4HANA via indirect channels — not by human users. A Salesforce integration creating 10,000 sales orders per month is creating 10,000 potentially licensable documents. SAP auditors now routinely run scripts to count these documents across all interfaces. The exposure can exceed $5M for companies with complex integration landscapes.
10
For each indirect integration identified, you have determined the applicable SAP document type (sales orders, purchase orders, goods movements, production orders, etc.) and estimated annual document volumes.
High
Expert note: DDLC pricing is document-type specific. Different SAP document types carry different per-document prices, and volume tiers create significant discounts above certain thresholds. Accurate volume data is essential before any DDLC negotiation — organisations that enter discussions without this data invariably overpay or accept SAP's inflated estimates as a baseline.
11
Your RISE with SAP contract explicitly addresses Digital Access obligations — or you have confirmed in writing whether Digital Access is covered by the RISE subscription or requires a separate add-on.
High
Expert note: This is a contract trap that catches many RISE buyers. Indirect access is NOT automatically included in a standard RISE subscription. If your contract is silent on Digital Access, SAP can — and does — raise a separate audit claim after go-live. Ensure a written clarification or addendum addresses this before signing. Our RISE review engagements find this gap in approximately 40% of contracts reviewed.
12
You have assessed whether switching specific integrations to SAP-endorsed API pathways (such as SAP Integration Suite) would reduce or eliminate DDLC exposure for those flows.
Medium
Expert note: SAP offers preferential Digital Access treatment for integrations routed through its own Integration Suite. For high-volume interfaces — particularly those creating sales orders or goods movements — the cost of using SAP Integration Suite can be substantially lower than paying DDLC document fees. Run a cost comparison before assuming your current architecture is optimal.
Section 4
RISE with SAP Migration Considerations
13
You have a clear picture of your current ECC named-user licence inventory — including shelfware percentage — before entering any RISE conversion discussion with SAP.
High
Expert note: SAP's standard approach is to anchor your new RISE FUE cost to your current ECC spend. If your current ECC estate carries significant shelfware (typically 20–35% in large organisations), allowing SAP to use that bloated baseline as a starting point for FUE sizing means you pay for unused capacity in the new model too. Document and present your actual active user count, not your contracted user count.
14
You have negotiated — or are planning to negotiate — dual-use rights: explicit written permission to run ECC and S/4HANA concurrently during migration without incurring double licensing costs.
High
Expert note: The largest hidden cost in an S/4HANA migration is paying full maintenance on ECC while also funding RISE subscriptions during a 12–24 month parallel-run period. SAP does not grant dual-use rights automatically — it requires explicit contract language. Without this clause, the double-payment period can add 15–25% to the total migration cost. Get it in writing before signing.
15
The RISE contract specifies what happens if FUE consumption exceeds the contracted amount — and you have negotiated an overage buffer or a process for mid-term true-up at pre-agreed rates.
Medium
Expert note: RISE contracts typically include annual true-up provisions. If you exceed contracted FUEs, the additional units are billed at list price unless you have negotiated a committed pricing floor. For organisations in growth mode, building a 10–15% FUE buffer into the initial contract — at the contracted discount rate — is usually cheaper than buying expansion units at list price two years later.
16
You have evaluated whether SAP's migration credits (for unused ECC maintenance prepayments) are available and have been formally requested — and have confirmed their applicability to FUE costs.
Low
Expert note: SAP's migration credit programmes vary by region and are subject to change. When available, they can offset a meaningful portion of first-year RISE costs. These credits are not automatically applied — they must be explicitly raised during negotiation. The timing matters: migration credits are typically only available during certain contract phases and cannot be claimed retrospectively.
Section 5
Contract Negotiation & FUE Pricing Protection
17
The RISE contract locks in the per-FUE price or discount percentage for the full contract term — not just the first year — protecting against SAP's annual price increases (historically 3–9% per year).
High
Expert note: SAP's list prices have increased consistently year-over-year. Without a price-lock clause, the per-FUE rate at renewal in year 3 or 4 of a RISE agreement can be materially higher than the rate you signed at. Lock in either the absolute per-FUE price or a defined maximum annual escalation (typically CPI or 3%, whichever is lower) as a contractual floor. This is almost always achievable if requested — but very rarely offered proactively.
18
You have run the SAP STAR report (S/4HANA Trusted Authorization Review) internally — and reviewed it with independent advisors — before sharing results with SAP or allowing SAP to use it as a sizing basis.
High
Expert note: Submitting the STAR report to SAP without first reviewing and remediating its findings is one of the most costly mistakes an SAP licence manager can make. The STAR report captures current role assignments — including every over-permissioned Advanced User account. If submitted in raw form, SAP uses it to justify a high FUE count. Run the report internally first, reclassify where possible, then share the cleaned output.
Section 6
Ongoing Monitoring & Audit Readiness
19
A quarterly FUE review process is in place: user access changes, new joiners, and role modifications are reviewed against FUE implications before they are applied — not after.
Medium
Expert note: FUE compliance is not a one-time exercise. User populations change: new joiners are provisioned with broad roles, project accounts accumulate additional authorisations, and departmental role templates drift over time. Without a quarterly review cycle, organisations that were compliant at go-live find themselves materially over-consumed by the first annual true-up. Integrate FUE impact assessment into your identity governance and access provisioning workflow.
20
You have a documented response plan for an SAP licence audit — including who owns the process, what data must be collected, and which external advisors will be engaged — before an audit notification arrives.
Medium
Expert note: SAP licence audits are rarely preceded by long notice periods. Organisations that prepare audit response plans in advance — including pre-agreed talking points, a designated single point of contact, and a relationship with an independent SAP licensing specialist — consistently achieve better outcomes than those who begin scrambling upon receipt of the audit notification. The preparation investment is trivial compared to the potential exposure.
Interpreting Your Score
Count the number of items you have checked. Use the ranges below to assess your current FUE licensing posture and determine urgency of action.
0–7
High Exposure
Significant FUE over-licensing and/or audit risk. Immediate independent review recommended before next SAP engagement.
8–14
Moderate Risk
Material gaps remain. Prioritise unchecked High-risk items and schedule an independent FUE sizing exercise within 90 days.
15–20
Well Controlled
Strong FUE governance foundation. Maintain quarterly review cadence and monitor contract pricing protections at renewal.
"In our experience reviewing hundreds of SAP S/4HANA and RISE contracts, the organisations that achieve the lowest FUE costs have one thing in common: they completed an independent user classification analysis before — not after — entering contract discussions with SAP."
— Morten Andersen, SAP Licensing Practice Lead, Redress Compliance
— Morten Andersen, SAP Licensing Practice Lead, Redress Compliance
Why FUE Licensing Complexity Translates Directly to Overspend
SAP introduced the Full User Equivalent model for S/4HANA Cloud as a simplification over its legacy named-user licensing structure. In theory, FUEs provide flexibility: instead of purchasing fixed quantities of each user type, organisations buy a pool of FUE points and allocate them across Advanced, Core, and Self-Service users as their workforce needs evolve.
In practice, the flexibility cuts both ways. The model rewards organisations that invest in accurate user classification and role governance — reducing their FUE requirement by up to 83% compared to a default Advanced-user approach. But it penalises organisations that enter the model without preparation, who end up paying for far more FUEs than their workforce actually requires.
The indirect access dimension compounds this risk. Every integration between S/4HANA and a non-SAP system — whether it is a Salesforce CRM, a custom e-commerce portal, or an RPA bot — is a potential source of Digital Access (DDLC) exposure. SAP auditors are now well-equipped to identify and quantify this exposure, and the resulting claims regularly run into seven figures for organisations with complex integration landscapes.
The 20-point checklist above is designed to surface both cost-saving opportunities and audit risk exposures before they become contractual or financial problems. Work through it systematically, prioritise the High-risk items, and use the SAP Audit Defence Framework download below for the supporting templates and modelling tools.