A global industrial conglomerate caught the audit letter at the CFO’s office before procurement saw it. We took the file, ran the seventy-two-hour protocol, and re-set the conversation. The opening dropped seventy-nine percent.
Every result on this site is anonymised at the client’s request. Specific figures are real and verifiable through a confidentiality-protected reference call arranged on request.
The audit notification arrived at the CFO’s direct inbox, not at procurement. It carried a fourteen-day response demand, a specific reference to a recent acquisition, and an explicit indirect-access section that named two third-party logistics platforms. By the time it was forwarded internally, ten of the fourteen days had elapsed.
The internal SAM function had logged the letter, opened a USMM run, and started compiling responses. The CFO had asked legal to draft a holding response. Procurement had been told to expect a settlement conversation in the following sprint. Nobody had a view of the total exposure, and nobody had pushed back on the response timeline.
We were brought in on day eleven, with three days to respond. The brief was binary: protect the company, do not give SAP material they could use to widen scope, and keep the CFO’s relationship with the SAP regional VP intact while doing both.
SAP’s opening claim landed at $19.4M, split across three categories with specific dollar values attached to each. The structure of the claim told us what they had measured and, more usefully, what they had not.
Four tactics, run in parallel, against the three claim categories. Each tactic had a numerical target tied to a measurable claim component.
We re-ran USMM with a corrected role-collection mapping. The 4,100 reclassifications that drove the named-user shortfall were re-examined transaction-by-transaction. Of the 4,100, 2,700 had no Professional-tier transactions in the prior twelve months and were returned to Limited Professional. A further 600 were retired entirely as inactive. The remaining 800 were confirmed at Professional. The named-user shortfall claim moved from $6.8M to $1.4M.
We rebuilt the document-flow analysis on the two logistics platforms. Of the 12.4 million documents in SAP’s count, 7.1 million were internal pass-through documents that had been counted once at origin and again at destination. A further 2.6 million were below the materiality threshold for Digital Access licensing. The remaining 2.7 million were submitted for negotiation under Digital Access rather than per-user licensing. The indirect-access claim moved from $9.2M to $1.9M.
The FI and MM engine measurements were re-presented on a four-quarter rolling average rather than three consecutive peak quarters. The contractual measurement clause supported a twelve-month look-back, not a three-quarter snapshot. The recalculated engine position landed at $0.6M against the original $3.4M.
The audit letter referenced clauses from the master agreement that no longer applied after the most recent renewal. We compiled a clause-by-clause map showing which provisions had been superseded. The map was provided to SAP as a structured response, not as an argument — a factual reset that closed three lines of inquiry on its own.
The settlement closed at $4.1M against the $19.4M opening. The named-user component settled at $1.6M, the indirect-access component at $2.1M, and the engine component at $0.4M. The settlement was structured as a credit against the next renewal, not as a cash invoice — a structural shift the CFO had asked for at the start of the engagement.
The settlement letter included three contract amendments: (1) a digital-access definition tied to specific named platforms with a fixed annual document allowance, (2) a measurement clause clarifying twelve-month rolling-average treatment for engine metrics, and (3) a future-acquisition carve-out giving the client a twelve-month integration window before acquired entities are folded into measurement.
The CFO’s relationship with the SAP regional VP was preserved through the engagement. No formal complaint was raised, no executive escalation occurred, and the next renewal conversation was opened on commercial rather than compliance terms.
The reclassification work in this matter was performed on transaction-history data exported under privilege from the client’s SAP estate, with the export scope limited to fields required for the reclassification analysis. The deduplication pass on the indirect-access documents used a hashing methodology that compared origin-and-destination document pairs against the master document table, with the deduplication threshold tuned to the client’s integration architecture. The engine-metric resmoothing was performed against the contractual measurement clauses, not against SAP’s default measurement-period guidance. The methodology was documented in a closed-engagement memo retained by client counsel.
The opening number was designed to make us settle. The number we worked from was the one we built ourselves, transaction by transaction. We never argued with theirs. We replaced it.
Letter-stage response, document control, and through-the-line negotiation. The protocol that turns an audit notification into a manageable commercial conversation.
Read the brief →Post-audit settlement structuring and contract amendment work. Where the protections that prevent the next audit are written into the next renewal.
Read the brief →The first seventy-two hours after an SAP audit letter arrives. The protocol that determines the final number.
The document flow, the deduplication pass, and the conversion decision. Where indirect access risk is actually controlled.
How a $14M indirect-access claim moved to $2.1M after a document-flow rebuild.
Further reading: related white paper · cluster pillar · topic page
An audit notification is not an invoice. It is the opening position of a negotiation. The first conversation is at no cost and under privilege.
Contact Us →Every Wednesday. Field reports from active matters, decoded SAP communications, and what to look for in the next audit cycle. Work email only.