by Len Riley

Software audits continue to rise

Jul 18, 2017
CIOIT GovernanceIT Leadership

Understand the software vendor’s audit playbook

committee audit conference
Credit: Thinkstock

Software vendors have developed an array of strategies and tactics to extract revenue from customers beyond an initial transaction. These strategies are evidenced by limitations within the license grant and extend throughout the attachments, orders forms, appendices and pricing guides of every software vendor. Their tactics must be understood and carefully evaluated, in the context of your business, since they serve as the foundation from which vendors preserve the right to create future revenue and legitimize audit findings.

Setting the foundation

As software vendor product development, marketing, sales, and legal organizations collaborate to determine their overall go-to-market strategy, the pricing strategy will be developed and typically comprised of the following limitations. These limitations are well thought out, carefully designed and protected by software contract management and pricing departments to preserve the contractual right to generate future revenue opportunities.

  • Product, Version Limitations
  • Perpetual vs. Term Limitations
  • Company, Affiliate and Acquisition Limitations
  • Revenue / Business Process / Industry Use Limitations
  • Use / User Type / Access Limitations
  • Geographic Limitations
  • Platform / Operating System Limitations
  • Language / Localization Limitations
  • Production / Non-Production / Instance Limitations
  • Third party software integration / Indirect Access Limitations

Creating the event

As one would expect, software sales executives identify and leverage compelling events (e.g., critical project, additional demand, contract renewal, or acquisition) to drive incremental revenue opportunity. In the event a customer-driven business event cannot be leveraged, users should anticipate the potential for software audits and the following behavior from their software vendors:

  • Initial positioning of a heads-up by your account team of a potential compliance matter
  • Offer by the account team to manage or resolve the matter before it is out of their control
  • If disputed with the account team, expect formal notification of an audit by the vendor
  • Second attempt by the account team to resolve the matter before the audit commences
  • If refused, engagement of a third-party consulting firm to conduct an audit
  • Account team will distance themselves from the audit and position themselves as your advocate
  • Issuance of report outlining non-compliance, leveraging previously mentioned limitations
  • Limited reference/continuity between audit report, contract and vendor pricing methodology
  • Request to gain consensus and agreement of audit findings at lower levels of your organization
  • Executive level of executive courtesy reach-out before delivery of the audit settlement cost
  • Re-engagement of your account team to negotiate terms, bundle additional product and/or introduce an enterprise license agreement structure as a means to resolve commercially
  • Request by vendor executive management for a top-to-top meeting to resolve the matter and reset the go-forward partnership given the tension typically associated with these matters.

Mitigating your risk

No executive wants an unbudgeted capital or expense variance, let alone one related to a compliance matter directly or indirectly calling into question the operational effectiveness of their organization. The following are recommendations to enable your organization to mitigate the risk of software vendor audits:

1. Holistic Negotiations: Take the time required to understand and evaluate all components associated with vendor pricing: (i) product packaging, (ii) financial proposals, (iii) agreements, (iv) pricing/value guides and (v) ordering documents in the context of your current and future business needs.

2. Contractual Flexibility: Negotiate the contractual flexibility necessary to re-allocate license entitlements across licensed product. Despite vendor objections, this flexibility can be afforded without impacting software revenue recognition.

3. Self-Assessments: For most organizations, 80% of software spend resides with the top 15 to 20 software vendors. Focus on these vendors and conduct self-assessments, before third-party audits occur. Aggressively evaluate user requirements vs. entitlements, reclaim and re-allocation licenses.

4. License Management: Conduct a market review of software license management best practices and software asset management (SAM) tools that enable compliance to vendor licensing practices.

5. Software Provisioning: Conduct a comprehensive review of your end user and data center provisioning practices and ensure collaboration with your asset management team. In many cases the provisioning teams do not appreciate the licensing and cost implications associated with their provisioning practices.

6. Control the Cadence: Develop your own strategy with respect to management of a potential audit, including: (i) ensure early software vendor executive engagement, (ii) hold vendor executives accountable to vague contract provisions and their business/pricing practices, (iii) reaffirm your understanding of their pricing methodologies to mitigate future risk, (iv) ensure the resolution resolves not only the current compliance matter, but future potential risks, and (v) reposition key principles of any relationship, including, transparency, predictability and mutual accountability.

At this point in time, our market intelligence suggests software audits will continue to rise. Many factors make license compliance especially challenging such as the complexity of software license agreements, the complexity of current IT environments, the size of organizations and the diversity of software providers within the IT portfolio. The more you understand the software vendor’s approach to audits and how best to mitigate them long term, the better enabled your organization will be to focus on value-added projects and initiatives.