BUSINESS

SAP: CFOs must address the unnecessary risk of Indirect Access

By Matt Fisher, VP at Snow Software

Matt Fisher

Matt Fisher

For many organisations, SAP forms a critical part of business infrastructure. Enabling companies to run their business processes effortlessly across multiple functions, be they accounting, sales, production, human resources or payment in an integrated environment, SAP isan essential cog in the business technology machine.

Though SAP has never been fondly looked upon by CFOs, many have been forced to accept consistently increasing bills as organisations increase their reliance on its software. This has led to SAP becoming a necessary evil for the finance department, where paying unscrutinised high costs is significantly less risky than the potential consequences.

However, SAP’s  changing relationship with its customers is now becoming one to make CFOs sit up and pay attention. In recent months, the software giant’s approach to retrospectively recouping license fees has raised eyebrows, as the firm is pursuing its own clients for what it stipulates are unpaid fees for Indirect Access to its software.

In February 2017, the UK High Court ruled in favour of SAP against British multinational alcoholic beverages firm Diageo for £54 million, in an Indirect Access case stemming from unpaid fees.

Just two months ago brewing giant Anheuser-Busch InBev (AB InBev) revealed in a US Securities and Exchange Commission filing that SAP is seeking £471 million (US $600 million) in compensation for unlicensed use of its software.That’s a big deal, one that gets the attention of CFOs, CEOs and the board.

But, what is Indirect Access, and how can other multinationals avoidthe agony of stumping up for the huge unbudgeted, unplanned fees?

Understanding Indirect Access

Previously, licensing reviews and system measurements for SAP focussed on direct usage for an organisation’s SAP environment. A definition for direct usage involves a single user accessing SAP data through the SAP interface.

Indirect Access arises when an SAP system is accessed, or queried, via a third-party application. For example, if a Sales-force report is linked back to an organisation’s SAP system to generate a weekly performance report, every sales person may be able to access it even if they’re not a licensed user.

Although no two contracts from SAP are the same, the core principles are. Both the number of users, and their level, is measured for SAP licensing. Moreover, while previously SAP didn’t monetise Indirect Access, most contracts stipulate that every type of usage must be paid and accounted for – whether direct or indirect.

Cause for concern?

Theoretically, any SAP customer running applications that indirectly access their SAP system is as much at risk of financial penalty as Diageo and AB Inbev (proportionate to annual turnover, of course). However, those at the greatest risk are undoubtedly organisations with operations involving high volumes of transactions, which require data flowing out of, and back into the SAP system. A prime example being those with complex supply chains or partner networks, such as in the Consumer Packaged Goods (CPG) industry.

The risks are also heightened for SAP’s larger users, who have often upped their investment in SAP systems year-on-year, to the point that it has become a business-critical piece of IT infrastructure. Replacing SAP systems with a different ERP system, for such users, would be comparable to relocating both the offices of an entire organisation and its partnering outposts simultaneously – an unthinkable task.

In very simple terms, the bigger and more complex your supply chain and partner network, the more of a target you are likely to be.

Changing how you approach SAP

The true cost of an SAP implementation can be unknown within a large enterprise, with no single owner of all SAP investments.Adoption may have occurred over years as organisations have merged and grown.The resulting lack of centralised clarity of spend has in some cases meant that spending on SAP has, in effect, been beyond scrutiny.

CFOs need to change how they approach SAP, moving away from begrudgingly signing off rising costs, to scrutinising the deployment and its associated risks. Only with greater visibility into how SAP is being used organisation-wide can CFOs hope to avoid being in the same position as AB Inbevand Diageo.

To reduce the business’s immediate financial vulnerability and mitigate risk, CFOs must ensure that their SAP teams have the means to uncover future risks before they arise. The first thing organisations should do is produce a full schematic of the SAP infrastructure with routes both in and out of the system, in order to accurately evaluate indirect licensing costs, as well as dig deeper into direct licensing costs too.

Only once full visibility into the full usage of SAP is known can it reveal any potential risk to the business.

You can find out more information about how to minimise exposure by watching our webinar – SAP Indirect Usage risk is real: Five-step plan to minimize exposure here.

To Top