Responding to Software Audits and Compliance Claims
Traditional software vendors have seen slow growth in the last few years. Their response? Hit their clients with more audits! Those dreaded software audit letters are so common now, that few organisations will be surprised by them – but prepared, hmmm perhaps not!
5 responses to a software audit request or compliance claim
- If the software vendors is claiming that you are out of compliance, the first thing to do is examine exactly how the software product is being used and then study the licensing language in the contract to determine any grey areas and whether or not the vendor has a valid argument. A common mistake is that people will look into the matter and come to the opinion that the supplier is wrong in claiming a compliance issue. They then let the software in to audit them, or they provide detailed usage to the software vendor thinking that they are “safe”, but the software will always be able to find something. Even if they don’t, by providing information or allowing the software vendor to audit, you are setting a precedent and they will expect the same openness the next time they come knocking for a software audit.
- This second tip may sound obvious, but check that the software vendor has the right to audit you. What does your licensing agreement say? (When negotiating a licensing agreement this is a right I always recommend to push back hard on. Refusing the audit right outright might be difficult, but you should at least seek to limit the audit right to a self-audit or an audit by a mutually agreed third party.) If the contract is in any way vague on audit rights, then push back hard and propose a limited self-audit.
- Make the all of your internal stakeholders aware of the compliance claim or software audit request. This should include the relevant level of management (your direct stakeholders might not be keen on making their bosses aware of liabilities resulting from the software audits or compliance claim).
- Form a team of experts to respond to the software audit. This team should include a technical person who knows (or can find out) exactly how the software is being used, the budget owner impacted, the procurement person responsible for the supplier relationship and a legal counsel.
- Make it known to the wider organisation that this team exists and that all requests for information by the software vendor should be answered only by this team. This should be done when you are facing a specific compliance claim or software audit request, but you should also try to make this part of the general knowledge of the organisation. In the same way that IT departments try to make all employees aware of data security and email viruses, as a software procurement professional or software asset manager, you should try to instil into the culture of the organisation that requests for information by software vendors should not be answered without your involvement.
5 points to remember when negotiating a settlement
- Negotiate with the vendor. Just because the vendor is asking for $250,000 to resolve the compliance claim, does not mean you have to accept that. Even if the figure is based on the licence prices you have paid in the past for additional licences. Whatever the software vendor puts on the table as the price of becoming compliant, this is merely an opening position in the negotiations. Your primary argument can always be: “this is an unexpected windfall for you and an unbudgeted cost for us”. Call into question future business with the software vendor. Perhaps the maintenance and support contract could be renegotiated as part of the settlement and extended for a longer term. Whatever you can include in the negotiations, do so.
- Remember, the software vendor has no costs associated with whatever payment you finally agree to make, so negotiate hard. Also, threats of legal action are easy to make, but expensive to carryout. Hold your nerve when the software vendor threatens legal action. Of course they will make this threat. Put yourself in their shoes; it is just a card to play in the negotiations, but taking legal action costs time and money.
- Be prepared for a game of good cop/bad cop. During compliance negotiations, the official communication between the parties is often extremely formal and legalistic. Both parties are writing as if what they are communicating may be read by a judge. However, you should also try to find a communication channel with the other party that is informal and as friendly as possible in order to explore the options to arrive at a resolution whilst the lawyers trade blows.
- Consider offering to implement an automated software asset management solution as part of the settlement. By proposing this, you demonstrate a willingness to be collaborative and you should expect the software vendor to reciprocate by lowering the compliance fee or some other advantage for your organisation such as no software audits for the next X years.
- When you do come to an agreement, make sure that this is clearly documented and sign a formal settlement agreement which clearly states that the software vendor releases your organisation from any future claims related to the dispute and the facts that led to the dispute.
If you have any questions about how to respond to a software audit, or how to negotiate a compliance claim or settlement, please post your question in the SoftwareSpend group on LinkedIn. Alternatively, send me an email at firstname.lastname@example.org and I will be happy to help you.
Image credit: Audit by Simon Cunningham, Creative Commons, Flickr.com