Independent SAP advisory. Not an SAP partner, reseller, or affiliate.
SAP License Consulting

How SAP Counts Users for Audit Purposes

SAP user counting rules drive the largest single line of audit findings at most Fortune 500 customers. The counting definitions the auditor applies, the configuration choices that move users in and out of the counted population, and the reconciliation discipline that produces a defensible counted total before the audit submission.

SAPAudits Research May 18, 2026 10 minute read
License compliance analyst and HR coordinator reviewing SAP active user count across business units at conference table with laptops
In this article
  1. Why user counting drives the largest findings
  2. The active user definition the auditor applies
  3. Configuration choices that move users in and out
  4. Reconciliation discipline before submission
  5. The customer position on contested counts

Why user counting drives the largest findings

Named user findings represent the single largest category of audit exposure at most Fortune 500 SAP customers, frequently accounting for 55 to 75 percent of total audit value. The reason is that named user pricing is volume sensitive, named user populations grow naturally with business growth, and named user classification depends on activity patterns that change over time as employees move between roles. The auditor counts active named users, applies the contract type definitions to each, and produces a finding that reflects the cumulative drift across the period since the last audit.

This article documents the counting definitions the auditor applies, the configuration choices that move users in and out of the counted population, and the reconciliation discipline that produces a defensible counted total before audit submission. Reference our SAP license audit pillar, the named user license types analysis, and the audit defense expertise.

The active user definition the auditor applies

The auditor active user definition typically captures any SAP user record that has logged on within the past 12 months, has an active master record, and is not technical or system. The 12 month lookback is the most common but the contract may specify a different window. The active master record requirement excludes locked or expired records but includes records that are active even if the underlying employee has left the organization. The technical and system exclusion is rule based and depends on user group, naming convention, and role assignment.

The customer position is to verify that the auditor active user definition aligns with the contract language and that the customer reconciliation methodology produces a counted total consistent with the definition. The detail is in our LAW tool guide, the audit data collection methodology, and the audit rights and contractual limits analysis.

Configuration choices that move users in and out

Three configuration choices move users in and out of the counted population. First, the user lock and unlock discipline. Locked users typically do not count as active. The discipline of locking departed employees promptly removes them from the counted total. Second, the technical user naming and group assignment. Users assigned to documented technical groups are excluded from the count. Third, the user activity reconciliation between SAP active and HR active. Users active in SAP but inactive in HR are typically removable from the count with documented evidence.

The customer position is to operate these three controls on a monthly cycle rather than only at audit time. Reference our user misclassification analysis, the LAW measurement methodology, and the self audit framework.

User lock and HR reconciliation discipline operated on a monthly cycle reduces the counted user population by 8 to 15 percent compared with quarterly or annual discipline, translating directly into audit finding reduction.

Reconciliation discipline before submission

The reconciliation discipline that produces a defensible counted total before audit submission has five steps. First, extract the LAW user records. Second, lock inactive users with documented HR evidence. Third, reclassify users whose role has changed to the appropriate contract type with documented role evidence. Fourth, exclude technical and system users with documented group assignment evidence. Fifth, produce a customer maintained counted total with the documented evidence pack that supports each adjustment.

The detail is in our audit evidence pack methodology, the audit data collection methodology, and the LAW tool guide.

The customer position on contested counts

When the auditor counted total differs from the customer counted total, the customer position depends on the strength of the underlying evidence pack. With strong evidence supporting each adjustment, the customer counted total typically prevails. With weak or undocumented evidence, the auditor counted total typically prevails. The implication is that reconciliation discipline must precede audit submission rather than respond to audit findings.

The implementation detail is in our audit findings dispute analysis, the audit settlement negotiation analysis, the legal counsel analysis, and the named user license types paper. The audit defense expertise documents the full senior advisor methodology.

Key takeaway

User counting discipline that produces a defensible counted total

Related white paper

SAP User Counting Methodology Playbook

The Fortune 500 methodology playbook for SAP user counting reconciliation, classification ruleset maintenance, and the audit response posture that defends the counted total against challenge.

Access the paper
SR
SAPAudits Research
Senior practitioners, sap license consulting

The SAPAudits research team includes senior advisors with combined experience supporting more than 500 enterprise SAP engagements. We do not hold any commercial relationship with SAP.

Independent SAP advisory

Facing a similar SAP situation?

Talk to a senior advisor. We respond within 24 hours. No fee, no obligation, no SAP commercial relationship.

Schedule a confidential consultation
Continue reading

Related insights

License Consulting

SAP Named User License Types Explained

The full reference for SAP named user categories, definitions, and the consumption rules of each.

13 minute read
License Consulting

SAP User Misclassification Findings

The top audit finding that produces 35 to 55 percent of named user exposure and how to prevent it.

9 minute read
License Consulting

Practical Guide to the SAP LAW Measurement Tool

The LAW configuration choices that drive the user counting output.

12 minute read