Own the process
If you are passive, the auditor will dictate timelines and terms which are unlikely to be beneficial to you or the desired outcome. Take control in a firm but positive manner.
Through my time in the world of SAM, I have seen a wide range of responses to the news of an audit letter landing, from pure panic to misplaced nonchalance. The obvious risk to everyone is being found incompliant, having difficult negotiations against a publisher holding all the cards, and ultimately a large unbudgeted spend that leads to some tough conversations with the finance department.
The CIO of a large London law firm once told me he'd calculated the resource costs at over £100k for an IBM audit, which I'd assume he would have much preferred to spend on exciting innovation projects instead. Safe to say, apart from for those with masochistic tendencies, audits are never fun for those on the receiving end.
However, the reality is that the negative impacts of an audit can be minimised with some fairly straight forward steps, and so you too can learn to no longer fear the audit engagement. Here's some thoughts from my many audit experiences, and considerations to take both ahead of time, and when the notification hits:
If you are passive, the auditor will dictate timelines and terms which are unlikely to be beneficial to you or the desired outcome. Take control in a firm but positive manner.
As this is ultimately a legal process, even if the lawyers aren't involved, it's key to ensure the correct documentation is in place. This also takes some time, which enables some of the below steps.
The burden is on the publisher and/or auditor to let you know what they're trying to review and a simple 'everything' is not an acceptable answer. Covering this off at the start allows us to make an accurate project plan and avoids dragging the timeline out later in the process.
While most EULAs/contracts include an audit clause, your obligations are to provide data in a way that doesn't impact your business. Reasonable delays are normally acceptable to the auditor, as long as we have a plan, we can all agree on. This also allows us to achieve our goals on the below steps…
Auditors are targeted on speed of delivery and will have resource limits (i.e. timesheets) to ensure the project is profitable to them. This doesn't always lead to thorough work, and if they're taking shortcuts, you can bet it's to the advantage of the publisher not the customer.
As software licensing rules often have a swath of grey areas, and auditors are rewarded for finding shortfalls, we can be confident they will apply the terms to deliver the publishers best outcome. We need to use our expertise to ensure those terms most beneficial to us are applied. It's also worth noting that auditors often use junior resources to put the data together, so honest mistakes are often found.
The auditor will press to have the results agreed as soon as possible so they can close the project and collect their fee. However, this result is the starting point for the settlement negotiation, so we only want to agree to the accurate numbers (50% discount off something you didn't need is still 50% wasted spend).
To steal George W. Bush's favourite saying "fool me once, shame on you, fool me twice, shame on me". The very last thing we want to do post audit settlement is to be caught in the same scenario 12 months or 3 years later. We have to take the learnings from each scenario, ensure proper licensing management processes are in place and/or understand how our existing process failed this time and fix them.
While you digest this information, our experts at SoftwareOne are here to help. Reach out for personalised advice and expert solutions.
While you digest this information, our experts at SoftwareOne are here to help. Reach out for personalised advice and expert solutions.