A global consumer goods group disputed a SAP BusinessObjects audit claim by reclassifying viewer users, retiring dormant accounts, and challenging the concurrent-session measurement that anchored SAP's position.
Every result on this site is anonymised at the client's request. Specific figures are real and verifiable through a confidentiality-protected reference call arranged on request.
The group runs a global BusinessObjects deployment supporting financial close, sales analytics, supply-chain reporting, and a regional set of operational dashboards in forty-two countries. The deployment was originally licensed in 2017 with a mix of Concurrent Session Licences for the Web Intelligence layer and named-user licences for the Crystal Reports and Analysis for Office layers. Total in-scope users at audit was approximately eighteen thousand four hundred, with a named-user purchase of six thousand and a concurrent-session purchase of one thousand two hundred.
SAP's audit team issued a non-compliance position of seven point eight million dollars covering three lines: a named-user shortfall of approximately four thousand seats based on the Central Management Console population; a concurrent-session overage based on a peak measurement reading from the CMC audit database; and a Crystal Reports developer-licence under-count of approximately two hundred and forty seats.
The group's BI Centre of Excellence had been preparing a license-true-up internally and had estimated the exposure at roughly one point five million dollars, well below SAP's position. The CFO required a defended position before any commercial discussion proceeded.
SAP's CMC user-population count included every account ever provisioned on the deployment, regardless of activation status. Of the eighteen thousand four hundred records, approximately five thousand two hundred had not authenticated in the prior twelve months. A further nine hundred were system accounts, service accounts, or scheduled-job runners that the contract definition excluded from the named-user count.
The concurrent-session reading came from a single peak window during a quarter-end financial close, when global users converge on the financial reporting layer. The contracted measurement protocol called for an average concurrent reading across a representative business cycle, not a single peak point.
The Crystal Reports developer-licence count had been taken from the role membership of a Designer group that included reporting administrators who held the role for permissions but did not perform development. The active developer population was substantially smaller.
We worked four tactics in parallel against the opening claim. Each one rebuilt a measurement against contract definitions and produced documentary evidence at a granularity SAP could not displace.
We extracted the CMC authentication logs for the prior twelve months and identified five thousand two hundred accounts with no authentication. We then ran a rolling thirteen-month window check to capture any accounts active in a single annual cycle. The defendable dormant count was four thousand nine hundred. We documented each account with last-authentication timestamp and presented the disposition for SAP's reconciliation team.
Service accounts and scheduled-job runners are excluded from named-user counts under the contract. We identified eight hundred and forty accounts in this category — ETL service accounts, scheduled-report runners, and integration accounts. The exclusion was supported by configuration documentation showing the absence of interactive login capability.
We requested a re-measurement of concurrent sessions using the contractual protocol of a representative business cycle rather than a single peak point. The reconstituted average reading was eight hundred and ninety concurrent sessions against a contracted one thousand two hundred, leaving the group inside its entitlement on that line.
We audited the actual Crystal Reports development activity across the Designer role membership and identified the active developer population. The verified count was sixty-eight active developers against the claimed two hundred and forty. The contract requires development activity, not role assignment.
The audit closed at two point one million dollars in cash against an opening claim of seven point eight, a seventy-three per cent reduction. The settlement covered a true-up of approximately five hundred Web Intelligence seats and a small concurrent-session reserve, with the Crystal Reports developer line dropped entirely.
Contractually, the measurement protocol for concurrent sessions was redefined as an average across a representative business cycle with a written definition of the cycle window. The dormant-account purge protocol was documented and accepted as a recurring reconciliation right. The service-account exclusion criteria were written into a measurement addendum.
Total elapsed time from the audit notification to signed settlement was fourteen weeks. The matter closed within a single quarter and the contingent liability was removed from the year-end disclosure.
First, BusinessObjects audits anchor on the CMC user population, which is a provisioning record rather than a usage record. Dormant accounts must be purged and documented before any measurement closes.
Second, service accounts and scheduled-job runners are excluded under the contract but only when documented with a configuration evidence trail. The exclusion is a contractual right that requires proof.
Third, concurrent-session measurements taken at peak windows misrepresent the licensed pattern. The contract protocol is the protocol that applies. Fourth, developer-licence definitions rest on activity, not role assignment. Fifth, every BI estate needs a quarterly licence-evidence cycle, not an annual audit-driven reconciliation.
We had the user list. We didn't have the evidence. Once the dormancy data and the configuration trail were in front of SAP, the claim collapsed.
End-to-end audit response across SAP BusinessObjects, ECC, and the analytics layer. We take control the day the letter arrives and validate every measurement before any commercial discussion.
Read the brief →A continuous licence-evidence cycle for the BusinessObjects estate — dormant-account discipline, service-account exclusions, and a documented measurement protocol.
Read the brief →The topic page sets out the licensing structure, the audit triggers, and the negotiation levers across this SAP product line.
A 3,500-word analyst paper covering the methodology behind the defence, with five numbered recommendations and the field evidence.
The pillar article in this cluster covers the licensing structure, the audit triggers, and the defence sequence applicable to estates like this one.
A North American financial services firm reclaimed 2,400 dormant BusinessObjects seats and reduced its renewal by 18%.
A global bank cut a $24M multi-product SAP audit claim to $7.1M across BusinessObjects, ECC, and engine measurements.
One hundred-plus anonymised case files across audit defence, license compliance, contract negotiation, and S/4HANA conversion.
Every engagement opens with a confidential, no-obligation conversation. We listen, test the position, and tell you whether there is a defendable case before any commercial discussion begins.
Contact Us →Every Wednesday. Field reports from active matters, decoded SAP communications, and what to look for in the next audit cycle. Work email only.