The first things to check are around the types of profile in SAP. Particularly whether they are of type generated.
If the type is 'G' then the profile can be directly assigned to roles. If manually created then it can't
Perform the following checks in SAP.
1) Transaction SU02. Is the profile available for editing in this screen?
2) Check the table AGR_PROF. Is the profile showing as assigned to the role?
3) Check the table USR10. What is the type specified?
4) Take one employee, who has a SAP account with this profile. Is it provisioned from D1IM, or is it all administered in SAP?
If D1IM validate how the employee got this profile (through SAP role, directly assignment, business role, department etc).
At it's most basic, the current methos of security setup in SAP is to generate profiles, that are directly assigned to Roles. But as per earlier releases, if the profile is manually created, it cannot be directly assigned to a role.