SlideShare a Scribd company logo

Software Licence Audits - Facts Survival Benefits

Eric Chiu
Eric Chiu
1 of 23
Download to read offline
Software Licence Audits Survive and Take Advantage
For the past two years, I have sensed a gradual change of perception towards Enterprise Software Asset Management (SAM) in the IT community – less so the traditional ‘how hard can counting computers and installations be’, and more focus placed on keywords such as ‘compliance’, ‘licence optimisation’ and ‘cloud-readiness’. Along with the change comes senior management support and investment. Many organisations have now built up dedicated SAM teams, purchased shiny new tool sets or signed up Managed Service Agreements with their LARs or IT Service Providers. So all looks good and promising, except for one small problem – I am still seeing major audit exposures and large unbudgeted pay-outs from companies who invested in SAM. Why? Being part of a well established audit firm that has conducted licensing audits for more than 20 years, and having worked with most of the top 10 software vendors' compliance programmes, I believe my answer to this question will be interesting, and more importantly, useful to you and your organisation when your next “Audit Notification Letter” lands. This will be the first time in the industry that a vendor-appointed audit firm shares audit insights and bullet-dodging techniques. Some of the things you read may be already known, while others will be complete surprises – so please buckle up and I hope enjoy the read. Compliance will be rewarded. Are you ready to comply? Eric is the Director of Fisher IT Asset Consulting, with a team of 20 enthusiastic and highly experienced licence auditors and consultants. Prior to his current role he managed a similar team at one of the “Big Four” audit firms and was responsible for the launch of UK compliance programmes for a number of major software vendors.
Who we are 3 Fisher IT Asset Consulting (FIAC) are part of HW Fisher & Company, a top 30 UK professional services firm founded in 1933. Collaboratively, our team of 20 contract and licensing experts deliver Licence Compliance, Software Asset Management (SAM) and IT Asset Management (ITAM) services to organisations across all industries globally. At its core, our portfolio of services is designed to assist organisations to: Gain total visibility of their IT asset ownership and liability and understand how the assets are being utilised. Identify and reduce risk of over-deploying software licences to prevent vendor audit exposure and significant penalty payments. Optimise IT contracts and improve asset utilisation to reduce overall cost of IT asset ownership. Eric Chiu, Director • Tel: +44 (0) 20 7554 3014 • Mob: +44 (0) 754 0123 970 • echiu@hwfisher.co.uk Stuart Burns, Partner • Tel: +44 (0)20 7380 4964 • sburns@hwfisher.co.uk Rafi Saville • Tel: +44 (0)20 7874 7967 • rsaville@hwfisher.co.uk
What will be covered in this Guide The average settlement fee per audit equates to 34% of a company’s existing annual contract value with the auditing vendor. 4 Facts •Fundamental knowledge of the Licence Audit business Facts •Fundamental knowledge of the Licence Audit business Survival •What happens in an audit and how to watch your every step Survival •What happens in an audit and how to watch your every step Take Advantage •Why licence audit can be good for you and how to reap the benefits Take Advantage •Why licence audit can be good for you and how to reap the benefits Free Assessment •A high-value, no cost independent check of your readiness Free Assessment •A high-value, no cost independent check of your readiness
Facts Fundamental knowledge of the Licence Audit business
Fact 1: There is no escape 8 out the top 10, or 13 out of the top 20 software vendors (by revenue) have active Licence Compliance Audit Programmes globally to safeguard licensing revenue A recent IDC survey shows that 63% of the enterprises in North America and Europe were audited by at least one software vendor for “licence compliance” in the past 12 months. Over one third of the survey respondents said that they paid more than £200,000 for audit settlements and penalties. Adobe, IBM, Microsoft, Oracle, SAP and Symantec are the vendors who initiate the most audits. However, many more software vendors are relying on licence compliance audits today as one of their key revenue contributors under a challenging economy. If your organisation has never been audited before, you probably will receive one of those notorious ‘Audit Notification Letters’ soon. 6
Fact 2: This is not about honesty The average settlement fee per audit equates to 34% of a company’s existing annual contract value with the auditing vendor. 7 This is not about whether your users are downloading cracks or ‘keygens’ from the internet. The traditional whistle-blower-led anti-piracy raids can often be difficult to execute, costly and sometimes political for Software vendors, while generating a limited return. In comparison, checking on paying customers who may have been less than careful in reading contractual terms and obligations, or in controlling the usage of legitimate software, has proven to be a robust and sustainable revenue generating strategy. You might see yourself as an honest customer for spending £1 million a year buying Oracle or IBM licences and support annually. What your supplier sees, however, is a compliance opportunity estimated at £340,000, waiting to be ‘recovered’!
Fact 3: Many names for one goal ‘SAM Engagement’, ‘True-up’, ‘Licence Optimisation’, ‘Baseline’ and many more … no matter how the vendors call it, it is always an audit that will cost you money. 8 Licence audit is costly for all software vendors whether they are using an internal team or working with independent audit firms to conduct the exercise. Yet we have never seen any software vendor that had a compliance programme and decided to ‘switch it off’ – every licence compliance programme that we know is ‘self- funded’ and in most cases, highly profitable. This means that you, the customers, are footing the bill. Some vendors are generous enough to only demand for the licences owed plus back maintenance; others may even ask you to pay for the auditor’s fee.
Fact 4: Can’t outsource the challenge Whoever ‘looks after’ licensing for you, whether it is a LAR, SAM service provider or SAM tool vendor, no one will guarantee your compliance or pay your audit bills 9 As long as you still buy software under your company’s name (an exception will be having no IT department and using an external provider to deliver IT as a Service), licence management remains your responsibility. Outside support can help you automate processes and improve the underlying data quality to make calculation of licensing positions easier and more accurate. However, it is ultimately your (the software licensee’s) responsibility to make sure that you are consuming software licences in accordance with the agreed terms and levels you have with the software vendor. This is why there are many organisations providing Software Asset Management support and services, yet no one sells ‘software licence compliance insurance’.
Survival What happens in an audit and how to watch your every step
Audit Selection 11 What happens Because licence audits are often costly to conduct and sometimes trigger emotional reactions from the customer, the last thing a software vendor wants is an audit that identifies no compliance issues (and subsequently, no revenue). Therefore, very rarely a software vendor will pick its audit targets randomly. To ‘recover’ the maximum amount of revenue under a set compliance budget every year, most vendors use a combination of indicators to gauge the ‘reward level’ of an audit candidate and prioritise their selections accordingly. The most common type of such indicators used are: How to Survive Unfortunately many of the ‘risk indicators’ used by vendors to select audit targets are often beyond your control. However, there are still two practical tips that can be useful to lower your rank on the target list: Maintain an open and transparent relationship with your account managers. Tell them why you are not renewing or buying licences, and tell them how you control and monitor the use of licences Negotiate yourself out of licensing metrics that are difficult to measure, especially when there is no licence consumption reporting mechanism built-in to the software. Customer’s purchase level with the vendor Organisational structure complexity Level of organisational change such as M&A activities Complexity of licensing model agreed Purchase pattern that does not reflect growth SAM maturity intelligence gathered from account team
The Notification Letter 12 How to Survive The first thing you should do is to look for your licence agreements and the audit clause within. You should also notify the relevant stakeholders and assemble a team that can provide both resource and expertise during the audit process. At this point, if you are not confident of your compliance status, you should quickly arrange a mini-audit internally. If this is restricted by in-house expertise or resource level, it will be a good time to seek outside expert assistance. It is vitally important that you have a clear view of your compliance position before the vendor does it. This is not about trying to hide or delete over-used software – because, even if you do, most auditors can still find them. However, most vendors are willing to give significant discounts for up-front settlement for the sake of saving their effort and cost of running an audit What happens You will receive a formal notification from your software vendor or their appointed auditors. This could come in as a letter or an e-mail addressing the contract signatory within your organisation, often requesting a ‘kick-off’ meeting to discuss the audit strategy and expected timeframe of completion. It will often inform you that any additional licences purchased beyond the date of the letter will not be counted towards your licence ownership for the purpose of the audit. Ask Yourself Are you aware of all licence restrictions and obligations stated in the EULA? Can you measure software usage that is not licensed on user or install basis? Does your Discovery tool cover non-Windows or test/dev servers? Is your compliance calculation based on words or validated facts?
Kick-off & Scoping 13 How to Survive There are a number of important steps to safeguard your interest in the kick- off meeting: Ensure that the agreed scope only includes software licences under your direct ownership and management. Do not include subsidiaries or overseas entities unless they are covered by the same licence agreement that is owned and managed by you. Request for NDA to restrict the use of audit data from other purposes. Ask for a reasonable timeline – you are not contractually bound to complete an audit within a set-timeframe, as long as its ‘reasonable’, so do ask for extra time if you are under-resourced or migrating your data centre. What happens This is the initial meeting where you and the auditing software vendor, often with their appointed auditors, sit together and negotiate on the scope, approach and time line for the coming audit. Typically, the audit scope can be geographic, organisational or limited by product families. The auditors will outline the information they will need to gather to conduct the audit, and discuss the methods of collecting such information with you.
Managing Data Collection 14 How to Survive The data collection process needs to be very carefully managed so that only relevant and requested data is submitted to the auditors. The most important tips on managing data collection include: Have your own project manager who understands the audit scope, to oversee data collection, so your ‘techies’ won’t give away more than necessary. Make sure you understand the rationale behind each data request – don’t be afraid to ask ‘what do you need this for?’ or ‘why are you running this script?’ Be extra-careful with what you declare – if you are not sure, spend the time and effort to investigate, instead of giving a ‘half-correct’ answer that will expose you into deeper scrutiny by the auditors later on. What happens The auditors will start the audit by gathering information after the kick-off meeting. The most common types of information gathering exercise include: Interviews: auditors talk to your staff and collect information verbally or through on-screen observations Self-declaration: you will be provided with a guided template to populate software usage information Request existing records: these can be any records that you already own from CMDB reports to HR records In-App reports: the auditors may ask you to generate built-in reports in some applications, such as user or connection reports. Execute scripts / tools: the auditors may ask you to run software they provide to scan your machines
Validating Draft Audit Reports 15 How to Survive If you have done something wrong earlier in the process, whether by supplying outdated user information or including decommissioned servers in your self-declaration, this is your last chance to fix the issue. Once you have ‘accepted’ the report, it will be extremely difficult to reverse what you have said – even if what you have said does not reflect the reality. Therefore, it is vitally important that, at this stage, you: Check the entire report thoroughly. Don’t just look at the summary ELPs; review the underlying datasets at least for the software titles that are in ‘red’ – identified as under- licensed. Ask for clarification if you do not understand any part of the report entirely. It is the auditors obligation to explain how they arrive at their conclusions. Involve the original person who supplied the auditor with raw data in the review process, to make sure the data has not been manipulated or interpreted incorrectly. Try to remove any ‘assumptions’ the auditors made in the report due to lack of data from you, as most of these will not be in your favour. Supply them more data where possible. What happens After the auditors finish collecting the required audit information, they will prepare a Draft Licence Compliance Report with Effective Licence Positions (ELP) for each software title that you licence and consume. Some will share the same draft with the vendor at the same time, but most will ask for your comment, and if possible, your acceptance of the report’s ‘factual accuracy’ before doing so.
Settlement Negotiations 16 How to Survive If you are still on the path of DIY audit defence at this stage, below are some basics that you should know before joining the table alone: Mitigating circumstances: strong and verifiable ‘excuses’ for accidental usage or mis-deployment may be considered as mitigating circumstances Publisher goodwill: collaborating with the vendor’s compliance team, rather than being purposefully obstructive, is more likely to land you goodwill on some liability waivers. Vendor Demand Matrix: like all negotiations this is about give and take. Vendor compliance teams want immediate revenue, increased future revenue and swift payment without upsetting you. Look at what you can afford and choose your tactic accordingly. What happens Any red or minus lines in the Compliance Reports indicates that you owe the vendor money and you will be asked to pay up. Depending on who the vendors are and the degree of non-compliance, you may be asked to purchase the licences owed at full list price without discount, paying back- maintenance and sometimes even the cost of the audit. You will also be asked to clear the payment within a given timeframe, usually at 4 or less weeks upon audit completion. It is likely that your OPEX budget is not big enough to ‘take the hit’, and conversations with CFOs asking for ad-hoc cash are rarely pleasant. Immediate revenue Immediate revenue Future revenue Future revenue Time of payment Time of payment RelationshipRelationship Mitigating circumstancesMitigating circumstances Publisher’s GoodwillPublisher’s Goodwill
Take Advantage Why licence audit can be good for you and how to reap the benefits
Don’t forget the Green lines Most companies do not take action on the green lines in a compliance report – these are the over-licensed positions where you are paying more licences than required. You can’t really blame the auditors or vendors for not emphasising the ‘over-licensed’ positions – after all, it is not in their interest and no EULA has a ‘refund’ clause. Sure, there are sometimes good reasons for why you have purchased more licences than needed – up- coming projects or buying a bit more for the future and for the discount. However, if these licences became excess due to genuine reduction of requirement, you can save significantly and instantly by switching off their annual support & maintenance payment, usually worth around 20% of the full licence cost. You may also want to explore the used-software market, where there are increasing numbers of brokers paying cash to acquire unwanted perpetual licences from end-user organisations. 18
Get up from where you fell down Don’t throw away your compliance report. It is a perfect baseline for you to accurately manage your licence positions going forward, so harvest it. 19 The compliance reports issued by the auditors and vendors will always have limited scope; nonetheless they are the next best thing you can have without major investment in your Software Asset Management practice. With this validated baseline, as long as you carefully track all new licence purchases and deployment post audit, you will maintain good visibility over your licence position of the given vendor. Of course, such tracking is more difficult to say then do. However, before you get that board approval on investments in SAM, this is still a very good ‘interim’ practice to keep your head above water.
Learn from the auditors It takes years of investment for the world’s largest audit firms to find efficient methods to measure licence compliance, and this is shared with you during every audit. 20 We are not talking about counting basic software users or installs here, we are talking about understanding PVUs and RVUs for IBM, Core Factors for Oracle or one of the hundred types of users for SAP, plus all restrictions hidden within those 30-page Enterprise Agreements. Measuring the ownership and consumption levels for complex software licences are often challenges to your LARs or even the vendors’ own sales teams. However, you have been given unique access to the best solution because of the audit. Ask the auditor how they calculate each number, because they will have to explain. Document the process and keep a copy of their data collection instructions. Perform the same process yourself in the future so that your SAM practice will be audit-proof.
Audit Readiness Assessment A high-value, no cost independent check of your readiness
Audit Readiness Assessment 22 What it is A one-day independent assessment of your licence compliance readiness Interviews, on-screen observations plus data and document reviews Focus on ‘what you don’t know’ Same-day presentation of findings, with optional follow-up remote presentations at a later date. Covered by NDA What you get Visibility of licence compliance risks and gaps that were previously unknown Estimated financial exposure and saving opportunities Ammunition for your SAM business case Understanding the limitations of your existing discovery and SAM tools A suggested plan of action, or a high- level requirement specification, should you wish to seek external support Find out more at www.hwfisher.co.uk/fiac or e-mail licensing@hwfisher.co.uk to book an appointment.
Software Licence Audits - Facts Survival Benefits

Recommended

Software License Audit Preparation
Software License Audit PreparationSoftware License Audit Preparation
Software License Audit PreparationNPI_Spend_Mgmt
 
How to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for successHow to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for successSarah Fane
 
How your vendor master file is critical to governance, risk management and co...
How your vendor master file is critical to governance, risk management and co...How your vendor master file is critical to governance, risk management and co...
How your vendor master file is critical to governance, risk management and co...Oracle
 
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...Lavante Inc.
 
IDC concur analyst piece
IDC concur analyst pieceIDC concur analyst piece
IDC concur analyst pieceKathleen Wilhide
 
Reasons Why Claims Management Software is a Game Changer For Insurance Companies
Reasons Why Claims Management Software is a Game Changer For Insurance CompaniesReasons Why Claims Management Software is a Game Changer For Insurance Companies
Reasons Why Claims Management Software is a Game Changer For Insurance Companiesinsureedge
 
Software Licensing & Compliance: Two Strategies, One Goal
Software Licensing & Compliance: Two Strategies, One GoalSoftware Licensing & Compliance: Two Strategies, One Goal
Software Licensing & Compliance: Two Strategies, One GoalJeff Gustafson
 
How to Use eBilling to Boost the Bottom Line
How to Use eBilling to Boost the Bottom LineHow to Use eBilling to Boost the Bottom Line
How to Use eBilling to Boost the Bottom LineLeah Beckham
 

Recommended

Software License Audit Preparation
Software License Audit PreparationSoftware License Audit Preparation
Software License Audit PreparationNPI_Spend_Mgmt
 
How to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for successHow to Get Proactive about your Vendor Master Data: 4 tips for success
How to Get Proactive about your Vendor Master Data: 4 tips for successSarah Fane
 
How your vendor master file is critical to governance, risk management and co...
How your vendor master file is critical to governance, risk management and co...How your vendor master file is critical to governance, risk management and co...
How your vendor master file is critical to governance, risk management and co...Oracle
 
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...
Detox Your Vendor Master File Process: How to Sanitize & Stabilize your VMF P...Lavante Inc.
 
IDC concur analyst piece
IDC concur analyst pieceIDC concur analyst piece
IDC concur analyst pieceKathleen Wilhide
 
Reasons Why Claims Management Software is a Game Changer For Insurance Companies
Reasons Why Claims Management Software is a Game Changer For Insurance CompaniesReasons Why Claims Management Software is a Game Changer For Insurance Companies
Reasons Why Claims Management Software is a Game Changer For Insurance Companiesinsureedge
 
Software Licensing & Compliance: Two Strategies, One Goal
Software Licensing & Compliance: Two Strategies, One GoalSoftware Licensing & Compliance: Two Strategies, One Goal
Software Licensing & Compliance: Two Strategies, One GoalJeff Gustafson
 
How to Use eBilling to Boost the Bottom Line
How to Use eBilling to Boost the Bottom LineHow to Use eBilling to Boost the Bottom Line
How to Use eBilling to Boost the Bottom LineLeah Beckham
 
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01Vicky Makhija
 
7steps software-licensing
7steps software-licensing7steps software-licensing
7steps software-licensingsuyashawasthi
 
Merimen eClaims Infographics
Merimen eClaims InfographicsMerimen eClaims Infographics
Merimen eClaims Infographics​Merimen Technologies (Singapore) Pte Ltd
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
The Comprehensive Solution to All Your Legal Invoicing Issues
The Comprehensive Solution to All Your Legal Invoicing IssuesThe Comprehensive Solution to All Your Legal Invoicing Issues
The Comprehensive Solution to All Your Legal Invoicing IssuesAccurate Legal Billing
 
Volume 4 Issue 6 Financial Mgmt[1]
Volume 4 Issue 6 Financial Mgmt[1]Volume 4 Issue 6 Financial Mgmt[1]
Volume 4 Issue 6 Financial Mgmt[1]David Messineo
 
CTRM Value Survey and Analysis
CTRM Value Survey and Analysis CTRM Value Survey and Analysis
CTRM Value Survey and AnalysisCTRM Center
 
APAC CIO Outlook Magazine
APAC CIO Outlook MagazineAPAC CIO Outlook Magazine
APAC CIO Outlook Magazine​Merimen Technologies (Singapore) Pte Ltd
 
Roche Considers Enterprise Contract Management Software from Icertis
Roche Considers Enterprise Contract Management Software from IcertisRoche Considers Enterprise Contract Management Software from Icertis
Roche Considers Enterprise Contract Management Software from IcertisIcertis
 
Dit yvol5iss36
Dit yvol5iss36Dit yvol5iss36
Dit yvol5iss36Rick Lemieux
 
Kofax: Next Practices in Insurance
Kofax: Next Practices in Insurance Kofax: Next Practices in Insurance
Kofax: Next Practices in Insurance Mainstay
 
Software Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in IndiaSoftware Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in Indiafranc24
 
The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...
The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...
The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...SigortaTatbikatcilariDernegi
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud ComputingJoseph Williams
 
Aavenir.com mastering it contracts management tips to optimize it vendor mana...
Aavenir.com mastering it contracts management tips to optimize it vendor mana...Aavenir.com mastering it contracts management tips to optimize it vendor mana...
Aavenir.com mastering it contracts management tips to optimize it vendor mana...Aavenir
 
Legal Trends for Solo Business Growth Beyond COVID
Legal Trends for Solo Business Growth Beyond COVIDLegal Trends for Solo Business Growth Beyond COVID
Legal Trends for Solo Business Growth Beyond COVIDClio - Cloud-Based Legal Technology
 
Optimize Costs & Deliver Value through Enterprise Contract Management Software
Optimize Costs & Deliver Value through Enterprise Contract Management SoftwareOptimize Costs & Deliver Value through Enterprise Contract Management Software
Optimize Costs & Deliver Value through Enterprise Contract Management SoftwareIcertis
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)NCTechSymposium
 
Economic Model
Economic ModelEconomic Model
Economic ModelFabien Pinckaers
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Managementmackelworth
 
Open Source Basics
Open Source BasicsOpen Source Basics
Open Source BasicsRoss Gardler
 
JISC Webinar - An introduction to free and open source software
JISC Webinar - An introduction to free and open source softwareJISC Webinar - An introduction to free and open source software
JISC Webinar - An introduction to free and open source softwareJisc
 

More Related Content

What's hot

Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01Vicky Makhija
 
7steps software-licensing
7steps software-licensing7steps software-licensing
7steps software-licensingsuyashawasthi
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliantDivya Kothari
 
The Comprehensive Solution to All Your Legal Invoicing Issues
The Comprehensive Solution to All Your Legal Invoicing IssuesThe Comprehensive Solution to All Your Legal Invoicing Issues
The Comprehensive Solution to All Your Legal Invoicing IssuesAccurate Legal Billing
 
Volume 4 Issue 6 Financial Mgmt[1]
Volume 4 Issue 6 Financial Mgmt[1]Volume 4 Issue 6 Financial Mgmt[1]
Volume 4 Issue 6 Financial Mgmt[1]David Messineo
 
CTRM Value Survey and Analysis
CTRM Value Survey and Analysis CTRM Value Survey and Analysis
CTRM Value Survey and AnalysisCTRM Center
 
Roche Considers Enterprise Contract Management Software from Icertis
Roche Considers Enterprise Contract Management Software from IcertisRoche Considers Enterprise Contract Management Software from Icertis
Roche Considers Enterprise Contract Management Software from IcertisIcertis
 
Kofax: Next Practices in Insurance
Kofax: Next Practices in Insurance Kofax: Next Practices in Insurance
Kofax: Next Practices in Insurance Mainstay
 
Software Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in IndiaSoftware Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in Indiafranc24
 
The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...
The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...
The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...SigortaTatbikatcilariDernegi
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud ComputingJoseph Williams
 
Aavenir.com mastering it contracts management tips to optimize it vendor mana...
Aavenir.com mastering it contracts management tips to optimize it vendor mana...Aavenir.com mastering it contracts management tips to optimize it vendor mana...
Aavenir.com mastering it contracts management tips to optimize it vendor mana...Aavenir
 
Optimize Costs & Deliver Value through Enterprise Contract Management Software
Optimize Costs & Deliver Value through Enterprise Contract Management SoftwareOptimize Costs & Deliver Value through Enterprise Contract Management Software
Optimize Costs & Deliver Value through Enterprise Contract Management SoftwareIcertis
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)NCTechSymposium
 

What's hot (18)

Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
Kpmgsam Maturity Survey Oct08 123675516403 Phpapp01
 
7steps software-licensing
7steps software-licensing7steps software-licensing
7steps software-licensing
 
Merimen eClaims Infographics
Merimen eClaims InfographicsMerimen eClaims Infographics
Merimen eClaims Infographics
 
When does a company need to be PCI compliant
When does a company need to be PCI compliantWhen does a company need to be PCI compliant
When does a company need to be PCI compliant
 
The Comprehensive Solution to All Your Legal Invoicing Issues
The Comprehensive Solution to All Your Legal Invoicing IssuesThe Comprehensive Solution to All Your Legal Invoicing Issues
The Comprehensive Solution to All Your Legal Invoicing Issues
 
Volume 4 Issue 6 Financial Mgmt[1]
Volume 4 Issue 6 Financial Mgmt[1]Volume 4 Issue 6 Financial Mgmt[1]
Volume 4 Issue 6 Financial Mgmt[1]
 
CTRM Value Survey and Analysis
CTRM Value Survey and Analysis CTRM Value Survey and Analysis
CTRM Value Survey and Analysis
 
APAC CIO Outlook Magazine
APAC CIO Outlook MagazineAPAC CIO Outlook Magazine
APAC CIO Outlook Magazine
 
Roche Considers Enterprise Contract Management Software from Icertis
Roche Considers Enterprise Contract Management Software from IcertisRoche Considers Enterprise Contract Management Software from Icertis
Roche Considers Enterprise Contract Management Software from Icertis
 
Dit yvol5iss36
Dit yvol5iss36Dit yvol5iss36
Dit yvol5iss36
 
Kofax: Next Practices in Insurance
Kofax: Next Practices in Insurance Kofax: Next Practices in Insurance
Kofax: Next Practices in Insurance
 
Software Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in IndiaSoftware Asset Management (SAM) Maturity landscape in India
Software Asset Management (SAM) Maturity landscape in India
 
The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...
The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...
The Future Of Underwriting Transformation by Talent & Technology - Sanda Caga...
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud Computing
 
Aavenir.com mastering it contracts management tips to optimize it vendor mana...
Aavenir.com mastering it contracts management tips to optimize it vendor mana...Aavenir.com mastering it contracts management tips to optimize it vendor mana...
Aavenir.com mastering it contracts management tips to optimize it vendor mana...
 
Legal Trends for Solo Business Growth Beyond COVID
Legal Trends for Solo Business Growth Beyond COVIDLegal Trends for Solo Business Growth Beyond COVID
Legal Trends for Solo Business Growth Beyond COVID
 
Optimize Costs & Deliver Value through Enterprise Contract Management Software
Optimize Costs & Deliver Value through Enterprise Contract Management SoftwareOptimize Costs & Deliver Value through Enterprise Contract Management Software
Optimize Costs & Deliver Value through Enterprise Contract Management Software
 
Info Security & PCI(original)
Info Security & PCI(original)Info Security & PCI(original)
Info Security & PCI(original)
 

Viewers also liked

Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Managementmackelworth
 
Open Source Basics
Open Source BasicsOpen Source Basics
Open Source BasicsRoss Gardler
 
JISC Webinar - An introduction to free and open source software
JISC Webinar - An introduction to free and open source softwareJISC Webinar - An introduction to free and open source software
JISC Webinar - An introduction to free and open source softwareJisc
 
Software Licensing Issues
Software Licensing IssuesSoftware Licensing Issues
Software Licensing Issueshaansmulder
 
A Study of Licence Terms for Electronic Resource Management: Survey Results
A Study of Licence Terms for Electronic Resource Management: Survey ResultsA Study of Licence Terms for Electronic Resource Management: Survey Results
A Study of Licence Terms for Electronic Resource Management: Survey ResultsElectronic Resources & Libraries
 
Open source Software: pros and cons
Open source Software: pros and consOpen source Software: pros and cons
Open source Software: pros and consygpriya
 
How SAM can help our company
How SAM can help our companyHow SAM can help our company
How SAM can help our companyurad74
 
OPEN SOURCE SEMINAR PRESENTATION
OPEN SOURCE SEMINAR PRESENTATIONOPEN SOURCE SEMINAR PRESENTATION
OPEN SOURCE SEMINAR PRESENTATIONRitwick Halder
 
What is SAP| SAP Introduction | Overview of SAP
What is SAP| SAP Introduction | Overview of SAPWhat is SAP| SAP Introduction | Overview of SAP
What is SAP| SAP Introduction | Overview of SAPGlobustrainings
 
SAP INTRO
SAP INTROSAP INTRO
SAP INTRODr.Ravi
 
Introduction to SAP ERP
Introduction to SAP ERPIntroduction to SAP ERP
Introduction to SAP ERPhasan2000
 
Basics of SAP for noobs (dummies)
Basics of SAP for noobs (dummies)Basics of SAP for noobs (dummies)
Basics of SAP for noobs (dummies)vins049
 

Viewers also liked (19)

Economic Model
Economic ModelEconomic Model
Economic Model
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Management
 
Open Source Basics
Open Source BasicsOpen Source Basics
Open Source Basics
 
JISC Webinar - An introduction to free and open source software
JISC Webinar - An introduction to free and open source softwareJISC Webinar - An introduction to free and open source software
JISC Webinar - An introduction to free and open source software
 
Software Licensing Issues
Software Licensing IssuesSoftware Licensing Issues
Software Licensing Issues
 
A Study of Licence Terms for Electronic Resource Management: Survey Results
A Study of Licence Terms for Electronic Resource Management: Survey ResultsA Study of Licence Terms for Electronic Resource Management: Survey Results
A Study of Licence Terms for Electronic Resource Management: Survey Results
 
Open source Software: pros and cons
Open source Software: pros and consOpen source Software: pros and cons
Open source Software: pros and cons
 
IBM License management
IBM License managementIBM License management
IBM License management
 
How SAM can help our company
How SAM can help our companyHow SAM can help our company
How SAM can help our company
 
Presentation introduction to sap
Presentation introduction to sapPresentation introduction to sap
Presentation introduction to sap
 
OPEN SOURCE SEMINAR PRESENTATION
OPEN SOURCE SEMINAR PRESENTATIONOPEN SOURCE SEMINAR PRESENTATION
OPEN SOURCE SEMINAR PRESENTATION
 
What is SAP| SAP Introduction | Overview of SAP
What is SAP| SAP Introduction | Overview of SAPWhat is SAP| SAP Introduction | Overview of SAP
What is SAP| SAP Introduction | Overview of SAP
 
SAP INTRO
SAP INTROSAP INTRO
SAP INTRO
 
SAP Basics
SAP BasicsSAP Basics
SAP Basics
 
Licensing,Ppt
Licensing,PptLicensing,Ppt
Licensing,Ppt
 
Open Source Technology
Open Source TechnologyOpen Source Technology
Open Source Technology
 
Introduction to SAP ERP
Introduction to SAP ERPIntroduction to SAP ERP
Introduction to SAP ERP
 
SAP for Beginners
SAP for BeginnersSAP for Beginners
SAP for Beginners
 
Basics of SAP for noobs (dummies)
Basics of SAP for noobs (dummies)Basics of SAP for noobs (dummies)
Basics of SAP for noobs (dummies)
 

Similar to Software Licence Audits - Facts Survival Benefits

ThirdPartyOversight
ThirdPartyOversightThirdPartyOversight
ThirdPartyOversightMolly Dowdy
 
Moving up the Software License Optimization Maturity Curve to Drive Business ...
Moving up the Software License Optimization Maturity Curve to Drive Business ...Moving up the Software License Optimization Maturity Curve to Drive Business ...
Moving up the Software License Optimization Maturity Curve to Drive Business ...Flexera
 
What Does it Take to Achieve Software License Optimization?
What Does it Take to Achieve Software License Optimization?What Does it Take to Achieve Software License Optimization?
What Does it Take to Achieve Software License Optimization?Flexera
 
Video ip audit by clive bonny
Video ip audit by clive bonnyVideo ip audit by clive bonny
Video ip audit by clive bonnyClive Bonny
 
Software Audit Assist Introduction forLinkedIn
Software Audit Assist Introduction forLinkedInSoftware Audit Assist Introduction forLinkedIn
Software Audit Assist Introduction forLinkedInSean Gilbert
 
EY Software Asset Management Advisory
EY Software Asset Management AdvisoryEY Software Asset Management Advisory
EY Software Asset Management AdvisoryMohit Madan
 
Why Outsource Application Management?
Why Outsource Application Management?Why Outsource Application Management?
Why Outsource Application Management?oneneckitservices
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firmoneneckitservices
 
Escrow Presentation2010
Escrow Presentation2010Escrow Presentation2010
Escrow Presentation2010simongreaves
 
Vendor Compliance Management software
Vendor Compliance Management softwareVendor Compliance Management software
Vendor Compliance Management softwarejugnuRana2
 
Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentationlucydavidson
 
Why Choose the Nalpeiron Licensing Service vs. Building Your Own
Why Choose the Nalpeiron Licensing Service vs. Building Your OwnWhy Choose the Nalpeiron Licensing Service vs. Building Your Own
Why Choose the Nalpeiron Licensing Service vs. Building Your OwnJon Gillespie-Brown
 
What the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to KnowWhat the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to KnowChris Mullins
 
AMB100: Ivanti Asset Management Suite from the Ground Up
AMB100: Ivanti Asset Management Suite from the Ground UpAMB100: Ivanti Asset Management Suite from the Ground Up
AMB100: Ivanti Asset Management Suite from the Ground UpIvanti
 

Similar to Software Licence Audits - Facts Survival Benefits (20)

ThirdPartyOversight
ThirdPartyOversightThirdPartyOversight
ThirdPartyOversight
 
Moving up the Software License Optimization Maturity Curve to Drive Business ...
Moving up the Software License Optimization Maturity Curve to Drive Business ...Moving up the Software License Optimization Maturity Curve to Drive Business ...
Moving up the Software License Optimization Maturity Curve to Drive Business ...
 
What Does it Take to Achieve Software License Optimization?
What Does it Take to Achieve Software License Optimization?What Does it Take to Achieve Software License Optimization?
What Does it Take to Achieve Software License Optimization?
 
Q2_2016_Sircon Newsletter
Q2_2016_Sircon NewsletterQ2_2016_Sircon Newsletter
Q2_2016_Sircon Newsletter
 
Video ip audit by clive bonny
Video ip audit by clive bonnyVideo ip audit by clive bonny
Video ip audit by clive bonny
 
Software Audit Assist Introduction forLinkedIn
Software Audit Assist Introduction forLinkedInSoftware Audit Assist Introduction forLinkedIn
Software Audit Assist Introduction forLinkedIn
 
EY Software Asset Management Advisory
EY Software Asset Management AdvisoryEY Software Asset Management Advisory
EY Software Asset Management Advisory
 
Why Outsource Application Management?
Why Outsource Application Management?Why Outsource Application Management?
Why Outsource Application Management?
 
How to Evaluate a Managed Services Firm
How to Evaluate a Managed Services FirmHow to Evaluate a Managed Services Firm
How to Evaluate a Managed Services Firm
 
Pragmatic software governance
Pragmatic software governancePragmatic software governance
Pragmatic software governance
 
Create your own enterprise apps store
Create your own enterprise apps storeCreate your own enterprise apps store
Create your own enterprise apps store
 
Escrow Presentation2010
Escrow Presentation2010Escrow Presentation2010
Escrow Presentation2010
 
Vendor Compliance Management software
Vendor Compliance Management softwareVendor Compliance Management software
Vendor Compliance Management software
 
Escrow Presentation
Escrow PresentationEscrow Presentation
Escrow Presentation
 
The Complete Guide to Vendor Onboarding Process.pptx
The Complete Guide to Vendor Onboarding Process.pptxThe Complete Guide to Vendor Onboarding Process.pptx
The Complete Guide to Vendor Onboarding Process.pptx
 
Why Choose the Nalpeiron Licensing Service vs. Building Your Own
Why Choose the Nalpeiron Licensing Service vs. Building Your OwnWhy Choose the Nalpeiron Licensing Service vs. Building Your Own
Why Choose the Nalpeiron Licensing Service vs. Building Your Own
 
What the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to KnowWhat the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to Know
 
Top 8 Ways to Improve Underwriting Workflow
Top 8 Ways to Improve Underwriting WorkflowTop 8 Ways to Improve Underwriting Workflow
Top 8 Ways to Improve Underwriting Workflow
 
AMB100: Ivanti Asset Management Suite from the Ground Up
AMB100: Ivanti Asset Management Suite from the Ground UpAMB100: Ivanti Asset Management Suite from the Ground Up
AMB100: Ivanti Asset Management Suite from the Ground Up
 
Q4_2015_Sircon Newsletter
Q4_2015_Sircon NewsletterQ4_2015_Sircon Newsletter
Q4_2015_Sircon Newsletter
 

Software Licence Audits - Facts Survival Benefits

  • 2. For the past two years, I have sensed a gradual change of perception towards Enterprise Software Asset Management (SAM) in the IT community – less so the traditional ‘how hard can counting computers and installations be’, and more focus placed on keywords such as ‘compliance’, ‘licence optimisation’ and ‘cloud-readiness’. Along with the change comes senior management support and investment. Many organisations have now built up dedicated SAM teams, purchased shiny new tool sets or signed up Managed Service Agreements with their LARs or IT Service Providers. So all looks good and promising, except for one small problem – I am still seeing major audit exposures and large unbudgeted pay-outs from companies who invested in SAM. Why? Being part of a well established audit firm that has conducted licensing audits for more than 20 years, and having worked with most of the top 10 software vendors' compliance programmes, I believe my answer to this question will be interesting, and more importantly, useful to you and your organisation when your next “Audit Notification Letter” lands. This will be the first time in the industry that a vendor-appointed audit firm shares audit insights and bullet-dodging techniques. Some of the things you read may be already known, while others will be complete surprises – so please buckle up and I hope enjoy the read. Compliance will be rewarded. Are you ready to comply? Eric is the Director of Fisher IT Asset Consulting, with a team of 20 enthusiastic and highly experienced licence auditors and consultants. Prior to his current role he managed a similar team at one of the “Big Four” audit firms and was responsible for the launch of UK compliance programmes for a number of major software vendors.
  • 3. Who we are 3 Fisher IT Asset Consulting (FIAC) are part of HW Fisher & Company, a top 30 UK professional services firm founded in 1933. Collaboratively, our team of 20 contract and licensing experts deliver Licence Compliance, Software Asset Management (SAM) and IT Asset Management (ITAM) services to organisations across all industries globally. At its core, our portfolio of services is designed to assist organisations to: Gain total visibility of their IT asset ownership and liability and understand how the assets are being utilised. Identify and reduce risk of over-deploying software licences to prevent vendor audit exposure and significant penalty payments. Optimise IT contracts and improve asset utilisation to reduce overall cost of IT asset ownership. Eric Chiu, Director • Tel: +44 (0) 20 7554 3014 • Mob: +44 (0) 754 0123 970 • echiu@hwfisher.co.uk Stuart Burns, Partner • Tel: +44 (0)20 7380 4964 • sburns@hwfisher.co.uk Rafi Saville • Tel: +44 (0)20 7874 7967 • rsaville@hwfisher.co.uk
  • 4. What will be covered in this Guide The average settlement fee per audit equates to 34% of a company’s existing annual contract value with the auditing vendor. 4 Facts •Fundamental knowledge of the Licence Audit business Facts •Fundamental knowledge of the Licence Audit business Survival •What happens in an audit and how to watch your every step Survival •What happens in an audit and how to watch your every step Take Advantage •Why licence audit can be good for you and how to reap the benefits Take Advantage •Why licence audit can be good for you and how to reap the benefits Free Assessment •A high-value, no cost independent check of your readiness Free Assessment •A high-value, no cost independent check of your readiness
  • 5. Facts Fundamental knowledge of the Licence Audit business
  • 6. Fact 1: There is no escape 8 out the top 10, or 13 out of the top 20 software vendors (by revenue) have active Licence Compliance Audit Programmes globally to safeguard licensing revenue A recent IDC survey shows that 63% of the enterprises in North America and Europe were audited by at least one software vendor for “licence compliance” in the past 12 months. Over one third of the survey respondents said that they paid more than £200,000 for audit settlements and penalties. Adobe, IBM, Microsoft, Oracle, SAP and Symantec are the vendors who initiate the most audits. However, many more software vendors are relying on licence compliance audits today as one of their key revenue contributors under a challenging economy. If your organisation has never been audited before, you probably will receive one of those notorious ‘Audit Notification Letters’ soon. 6
  • 7. Fact 2: This is not about honesty The average settlement fee per audit equates to 34% of a company’s existing annual contract value with the auditing vendor. 7 This is not about whether your users are downloading cracks or ‘keygens’ from the internet. The traditional whistle-blower-led anti-piracy raids can often be difficult to execute, costly and sometimes political for Software vendors, while generating a limited return. In comparison, checking on paying customers who may have been less than careful in reading contractual terms and obligations, or in controlling the usage of legitimate software, has proven to be a robust and sustainable revenue generating strategy. You might see yourself as an honest customer for spending £1 million a year buying Oracle or IBM licences and support annually. What your supplier sees, however, is a compliance opportunity estimated at £340,000, waiting to be ‘recovered’!
  • 8. Fact 3: Many names for one goal ‘SAM Engagement’, ‘True-up’, ‘Licence Optimisation’, ‘Baseline’ and many more … no matter how the vendors call it, it is always an audit that will cost you money. 8 Licence audit is costly for all software vendors whether they are using an internal team or working with independent audit firms to conduct the exercise. Yet we have never seen any software vendor that had a compliance programme and decided to ‘switch it off’ – every licence compliance programme that we know is ‘self- funded’ and in most cases, highly profitable. This means that you, the customers, are footing the bill. Some vendors are generous enough to only demand for the licences owed plus back maintenance; others may even ask you to pay for the auditor’s fee.
  • 9. Fact 4: Can’t outsource the challenge Whoever ‘looks after’ licensing for you, whether it is a LAR, SAM service provider or SAM tool vendor, no one will guarantee your compliance or pay your audit bills 9 As long as you still buy software under your company’s name (an exception will be having no IT department and using an external provider to deliver IT as a Service), licence management remains your responsibility. Outside support can help you automate processes and improve the underlying data quality to make calculation of licensing positions easier and more accurate. However, it is ultimately your (the software licensee’s) responsibility to make sure that you are consuming software licences in accordance with the agreed terms and levels you have with the software vendor. This is why there are many organisations providing Software Asset Management support and services, yet no one sells ‘software licence compliance insurance’.
  • 10. Survival What happens in an audit and how to watch your every step
  • 11. Audit Selection 11 What happens Because licence audits are often costly to conduct and sometimes trigger emotional reactions from the customer, the last thing a software vendor wants is an audit that identifies no compliance issues (and subsequently, no revenue). Therefore, very rarely a software vendor will pick its audit targets randomly. To ‘recover’ the maximum amount of revenue under a set compliance budget every year, most vendors use a combination of indicators to gauge the ‘reward level’ of an audit candidate and prioritise their selections accordingly. The most common type of such indicators used are: How to Survive Unfortunately many of the ‘risk indicators’ used by vendors to select audit targets are often beyond your control. However, there are still two practical tips that can be useful to lower your rank on the target list: Maintain an open and transparent relationship with your account managers. Tell them why you are not renewing or buying licences, and tell them how you control and monitor the use of licences Negotiate yourself out of licensing metrics that are difficult to measure, especially when there is no licence consumption reporting mechanism built-in to the software. Customer’s purchase level with the vendor Organisational structure complexity Level of organisational change such as M&A activities Complexity of licensing model agreed Purchase pattern that does not reflect growth SAM maturity intelligence gathered from account team
  • 12. The Notification Letter 12 How to Survive The first thing you should do is to look for your licence agreements and the audit clause within. You should also notify the relevant stakeholders and assemble a team that can provide both resource and expertise during the audit process. At this point, if you are not confident of your compliance status, you should quickly arrange a mini-audit internally. If this is restricted by in-house expertise or resource level, it will be a good time to seek outside expert assistance. It is vitally important that you have a clear view of your compliance position before the vendor does it. This is not about trying to hide or delete over-used software – because, even if you do, most auditors can still find them. However, most vendors are willing to give significant discounts for up-front settlement for the sake of saving their effort and cost of running an audit What happens You will receive a formal notification from your software vendor or their appointed auditors. This could come in as a letter or an e-mail addressing the contract signatory within your organisation, often requesting a ‘kick-off’ meeting to discuss the audit strategy and expected timeframe of completion. It will often inform you that any additional licences purchased beyond the date of the letter will not be counted towards your licence ownership for the purpose of the audit. Ask Yourself Are you aware of all licence restrictions and obligations stated in the EULA? Can you measure software usage that is not licensed on user or install basis? Does your Discovery tool cover non-Windows or test/dev servers? Is your compliance calculation based on words or validated facts?
  • 13. Kick-off & Scoping 13 How to Survive There are a number of important steps to safeguard your interest in the kick- off meeting: Ensure that the agreed scope only includes software licences under your direct ownership and management. Do not include subsidiaries or overseas entities unless they are covered by the same licence agreement that is owned and managed by you. Request for NDA to restrict the use of audit data from other purposes. Ask for a reasonable timeline – you are not contractually bound to complete an audit within a set-timeframe, as long as its ‘reasonable’, so do ask for extra time if you are under-resourced or migrating your data centre. What happens This is the initial meeting where you and the auditing software vendor, often with their appointed auditors, sit together and negotiate on the scope, approach and time line for the coming audit. Typically, the audit scope can be geographic, organisational or limited by product families. The auditors will outline the information they will need to gather to conduct the audit, and discuss the methods of collecting such information with you.
  • 14. Managing Data Collection 14 How to Survive The data collection process needs to be very carefully managed so that only relevant and requested data is submitted to the auditors. The most important tips on managing data collection include: Have your own project manager who understands the audit scope, to oversee data collection, so your ‘techies’ won’t give away more than necessary. Make sure you understand the rationale behind each data request – don’t be afraid to ask ‘what do you need this for?’ or ‘why are you running this script?’ Be extra-careful with what you declare – if you are not sure, spend the time and effort to investigate, instead of giving a ‘half-correct’ answer that will expose you into deeper scrutiny by the auditors later on. What happens The auditors will start the audit by gathering information after the kick-off meeting. The most common types of information gathering exercise include: Interviews: auditors talk to your staff and collect information verbally or through on-screen observations Self-declaration: you will be provided with a guided template to populate software usage information Request existing records: these can be any records that you already own from CMDB reports to HR records In-App reports: the auditors may ask you to generate built-in reports in some applications, such as user or connection reports. Execute scripts / tools: the auditors may ask you to run software they provide to scan your machines
  • 15. Validating Draft Audit Reports 15 How to Survive If you have done something wrong earlier in the process, whether by supplying outdated user information or including decommissioned servers in your self-declaration, this is your last chance to fix the issue. Once you have ‘accepted’ the report, it will be extremely difficult to reverse what you have said – even if what you have said does not reflect the reality. Therefore, it is vitally important that, at this stage, you: Check the entire report thoroughly. Don’t just look at the summary ELPs; review the underlying datasets at least for the software titles that are in ‘red’ – identified as under- licensed. Ask for clarification if you do not understand any part of the report entirely. It is the auditors obligation to explain how they arrive at their conclusions. Involve the original person who supplied the auditor with raw data in the review process, to make sure the data has not been manipulated or interpreted incorrectly. Try to remove any ‘assumptions’ the auditors made in the report due to lack of data from you, as most of these will not be in your favour. Supply them more data where possible. What happens After the auditors finish collecting the required audit information, they will prepare a Draft Licence Compliance Report with Effective Licence Positions (ELP) for each software title that you licence and consume. Some will share the same draft with the vendor at the same time, but most will ask for your comment, and if possible, your acceptance of the report’s ‘factual accuracy’ before doing so.
  • 16. Settlement Negotiations 16 How to Survive If you are still on the path of DIY audit defence at this stage, below are some basics that you should know before joining the table alone: Mitigating circumstances: strong and verifiable ‘excuses’ for accidental usage or mis-deployment may be considered as mitigating circumstances Publisher goodwill: collaborating with the vendor’s compliance team, rather than being purposefully obstructive, is more likely to land you goodwill on some liability waivers. Vendor Demand Matrix: like all negotiations this is about give and take. Vendor compliance teams want immediate revenue, increased future revenue and swift payment without upsetting you. Look at what you can afford and choose your tactic accordingly. What happens Any red or minus lines in the Compliance Reports indicates that you owe the vendor money and you will be asked to pay up. Depending on who the vendors are and the degree of non-compliance, you may be asked to purchase the licences owed at full list price without discount, paying back- maintenance and sometimes even the cost of the audit. You will also be asked to clear the payment within a given timeframe, usually at 4 or less weeks upon audit completion. It is likely that your OPEX budget is not big enough to ‘take the hit’, and conversations with CFOs asking for ad-hoc cash are rarely pleasant. Immediate revenue Immediate revenue Future revenue Future revenue Time of payment Time of payment RelationshipRelationship Mitigating circumstancesMitigating circumstances Publisher’s GoodwillPublisher’s Goodwill
  • 17. Take Advantage Why licence audit can be good for you and how to reap the benefits
  • 18. Don’t forget the Green lines Most companies do not take action on the green lines in a compliance report – these are the over-licensed positions where you are paying more licences than required. You can’t really blame the auditors or vendors for not emphasising the ‘over-licensed’ positions – after all, it is not in their interest and no EULA has a ‘refund’ clause. Sure, there are sometimes good reasons for why you have purchased more licences than needed – up- coming projects or buying a bit more for the future and for the discount. However, if these licences became excess due to genuine reduction of requirement, you can save significantly and instantly by switching off their annual support & maintenance payment, usually worth around 20% of the full licence cost. You may also want to explore the used-software market, where there are increasing numbers of brokers paying cash to acquire unwanted perpetual licences from end-user organisations. 18
  • 19. Get up from where you fell down Don’t throw away your compliance report. It is a perfect baseline for you to accurately manage your licence positions going forward, so harvest it. 19 The compliance reports issued by the auditors and vendors will always have limited scope; nonetheless they are the next best thing you can have without major investment in your Software Asset Management practice. With this validated baseline, as long as you carefully track all new licence purchases and deployment post audit, you will maintain good visibility over your licence position of the given vendor. Of course, such tracking is more difficult to say then do. However, before you get that board approval on investments in SAM, this is still a very good ‘interim’ practice to keep your head above water.
  • 20. Learn from the auditors It takes years of investment for the world’s largest audit firms to find efficient methods to measure licence compliance, and this is shared with you during every audit. 20 We are not talking about counting basic software users or installs here, we are talking about understanding PVUs and RVUs for IBM, Core Factors for Oracle or one of the hundred types of users for SAP, plus all restrictions hidden within those 30-page Enterprise Agreements. Measuring the ownership and consumption levels for complex software licences are often challenges to your LARs or even the vendors’ own sales teams. However, you have been given unique access to the best solution because of the audit. Ask the auditor how they calculate each number, because they will have to explain. Document the process and keep a copy of their data collection instructions. Perform the same process yourself in the future so that your SAM practice will be audit-proof.
  • 21. Audit Readiness Assessment A high-value, no cost independent check of your readiness
  • 22. Audit Readiness Assessment 22 What it is A one-day independent assessment of your licence compliance readiness Interviews, on-screen observations plus data and document reviews Focus on ‘what you don’t know’ Same-day presentation of findings, with optional follow-up remote presentations at a later date. Covered by NDA What you get Visibility of licence compliance risks and gaps that were previously unknown Estimated financial exposure and saving opportunities Ammunition for your SAM business case Understanding the limitations of your existing discovery and SAM tools A suggested plan of action, or a high- level requirement specification, should you wish to seek external support Find out more at www.hwfisher.co.uk/fiac or e-mail licensing@hwfisher.co.uk to book an appointment.