What the LAW tool measures and how the auditor uses the output
The LAW measurement tool, formally the License Administration Workbench, is the SAP delivered utility that aggregates user and engine consumption data across the customer SAP landscape and produces a consolidated measurement that the auditor reviews during the technical measurement phase of a license audit. The tool is delivered as a transaction in the central SAP system, configured by the customer SAP basis team, and run on a schedule that the customer controls between audit cycles. Between audits the LAW output is the customer self assessment of license position. During an audit the LAW output is the data the auditor reviews and audits.
This article documents the five LAW configuration choices that materially affect the measurement outcome, the data extraction steps the customer should run before any submission to the auditor, and the reconciliation discipline that prevents avoidable findings. Reference our SAP license audit pillar, the LAW measurement during audits analysis, and the audit defense expertise.
Configuration choice one: the consolidation scope
The first material configuration choice is the consolidation scope. The LAW tool can be configured to aggregate every SAP system in the customer landscape, a subset of systems, or only the central system. The choice of scope determines the data the auditor sees. A consolidation scope that excludes a subsidiary system may produce a clean LAW output and an unclean audit finding when the auditor requests subsidiary data separately. A consolidation scope that includes too many systems may produce duplicate user records and an inflated finding the customer must rebut after the fact.
The customer position is to configure consolidation scope to align with the contract scope, with every system in the contract scope included in LAW and no system outside the contract scope contributing duplicate records. The detail is in our subsidiary compliance analysis and the audit data collection methodology.
Configuration choice two: user classification rules
The second material configuration choice is the user classification ruleset. The LAW tool applies a customer maintained ruleset to classify each named user into a contract license type, typically based on user role, profile, and activity. The classification ruleset determines whether a user appears as a Professional, a Limited Professional, an Employee Self Service, or an Employee user in the final output. The auditor accepts the classification when the ruleset is documented and defensible and challenges the classification when it is not.
The customer position is to maintain a documented classification ruleset with explicit justification for each rule, version control, and a quarterly review cycle. Reference our named user license types analysis, the user misclassification analysis, and the how SAP counts users analysis.
The user classification ruleset is the single highest leverage point in the LAW configuration. A defensible ruleset reduces named user findings by 35 to 55 percent compared with the SAP delivered default classification logic.
Data extraction steps before submission
The data extraction discipline that prepares the LAW output for audit submission has five steps. First, run the LAW measurement on the agreed consolidation scope. Second, extract the underlying user records to a customer maintained workpaper. Third, reconcile the user records against the customer HR active user list to identify inactive users that should be excluded. Fourth, reconcile the user records against the customer license register to identify users whose contract classification differs from the LAW default. Fifth, document each reconciliation adjustment with the underlying evidence the customer will produce on request.
The detail is in our audit data collection methodology, the audit evidence pack methodology, and the self audit framework.
Reconciliation discipline and customer position
The reconciliation discipline that turns LAW from an audit risk into a license optimization tool has three components. First, a monthly LAW run that produces an internal customer view with no submission to SAP. Second, a quarterly reconciliation that updates the classification ruleset based on observed user activity changes. Third, an annual review that confirms the consolidation scope and the classification ruleset remain aligned with the current contract and with the current organizational structure.
The customer position is to treat LAW as a continuous management discipline rather than an audit response activity. The detail is in our compliance framework pillar, the audit readiness analysis, and the license audit playbook. The license optimization expertise documents the senior advisor methodology.
LAW configuration choices that materially affect the audit outcome
- Consolidation scope must align with contract scope, with every contract system included and no outside system contributing duplicate records
- The user classification ruleset is the single highest leverage point and should be documented, version controlled, and reviewed quarterly
- The data extraction discipline includes HR reconciliation, license register reconciliation, and documented evidence for each adjustment
- LAW should be run monthly as a customer self assessment, not only as an audit response activity
- The annual review should confirm consolidation scope and classification ruleset remain aligned with the current contract and organizational structure
- A defensible classification ruleset reduces named user findings by 35 to 55 percent versus the SAP delivered default logic