MTC Skopos is an SAP SoD analysis tool made for consultants who work across client landscapes. It is a portable desktop application with zero footprint on the client's systems: data comes in via standard table exports or RFC, the analysis runs on your laptop, and nothing is installed or left behind. The license is a flat $6,718/year per seat with no per-client or per-user fees, so the same license serves every engagement, on SAP and non-SAP ERPs alike.
| MTC Skopos for consulting work | |
|---|---|
| Client footprint | Zero: no installation, no agent, no account required |
| Data intake | SAP table exports or direct RFC extraction |
| Multi-client use | Unlimited clients and systems per license |
| Systems covered | SAP ECC, S/4HANA, Odoo, Dynamics NAV, Sage, PeopleSoft, Kyriba, generic format for anything else |
| Deliverables | Risk register, remediation plan, did-do evidence, reusable ruleset (converts to SAP GRC format) |
| Pricing | $6,718/year per seat flat, $650 per additional seat |
Can I use one license across multiple clients?
Yes, that is the core of the model. Per-user, per-system GRC pricing makes no sense for a consultant: your tooling cost would balloon with every new engagement, and you cannot carry a client-licensed platform to the next project. The MTC Skopos license is tied to your seat. Analyze five client landscapes this quarter and seven the next; the cost stays $6,718 for the year.
This also changes how you scope proposals. SoD analysis stops being a line item that depends on the client's user count and becomes a capability you simply bring.
How do I run analysis on a client system without installing anything?
Two intake paths:
- Table exports: the client's Basis team exports the standard authorization tables (USR02, AGR_USERS, AGR_1251, UST12). MTC Skopos includes an extraction guide; the export takes minutes. You work fully offline from there.
- RFC extraction: if the engagement gives you SAP access anyway, pull the data directly via RFC and skip the file handover.
Either way, nothing is deployed in the client landscape. There is no server to provision, no software to get approved by the client's IT, and no cloud upload to clear with their security team. For clients in regulated industries, "your authorization data never leaves your premises" usually ends the data privacy discussion before it starts.
What about clients who don't run SAP?
Mid-market clients increasingly run mixed landscapes. MTC Skopos analyzes Odoo, Microsoft Dynamics NAV/Navision, Sage, PeopleSoft, and Kyriba natively, and anything else through a generic user-privilege format. Cross-system rules catch the conflicts single-system tools miss, like a user who creates vendors in SAP and approves payments in a treasury system. One tool covers the whole engagement instead of one tool per ERP.
What does flat-rate pricing mean for engagement economics?
Enterprise GRC suites price per user and per connected system, which puts them out of reach as consultant tooling. The comparison is straightforward:
| Per-user GRC suite | MTC Skopos | |
|---|---|---|
| Cost basis | Client's user count and system count | Your seat |
| Carrying it to the next client | New license, new negotiation | Same license |
| 10,000-user client | Six figures | $6,718/year, unchanged |
| Implementation before first result | Weeks to months | Same day |
For the full market picture, see the 8 SAP SoD tools comparison and the feature matrix.
What do I hand over at the end of an engagement?
Consulting deliverables, not tool screenshots:
- A complete risk register with per-user, authorization-level findings
- Did-do evidence showing which conflicts are exercised, not just theoretical
- A concrete remediation plan generated by the Advanced Remediation engine
- The tuned SoD ruleset, reusable on the follow-up engagement and convertible to SAP GRC format if the client later implements a GRC suite
Frequently asked questions
Can I use one MTC Skopos license across multiple clients?
Yes. The license is tied to your seat, not to a client, user count, or system. You can analyze as many client landscapes as you want during the license year, including running several client datasets side by side for benchmark or follow-up work.
Do I need to install anything on the client's SAP system?
No. MTC Skopos is a portable desktop application. The client exports standard authorization tables (USR02, AGR_USERS, AGR_1251, UST12), or you pull them via RFC if you have access, and the analysis runs on your own machine. Nothing is deployed in the client landscape and no client data is uploaded anywhere.
Does it work on non-SAP ERPs?
Yes. Beyond SAP ECC and S/4HANA, MTC Skopos analyzes Odoo, Microsoft Dynamics NAV/Navision, Sage, PeopleSoft, Kyriba, and any other system via a generic user-privilege format. Cross-system rules detect conflicts that span two different ERPs.
What do I deliver to the client at the end of an engagement?
Exportable risk registers, per-user conflict details with authorization-level traceability, did-do execution evidence, remediation step recommendations, and the tuned ruleset itself. The ruleset converts to SAP GRC format, so clients moving to a GRC suite keep the value of your work.
Is there a plan for freelance consultants?
Yes, there is a modular Freelance edition of the same software, scoped for independent consultants. Pricing for it is shared on request; see the freelance consultants article or get in touch for details.
Related reading: SAP SoD for freelance consultants · SAP Access Risk Analysis · SoD tool for auditors · SAP SoD tool pricing