Managing a publisher audit
Auditing is a legitimate right of the software publisher. An audit is intended to monitor the conditions of use of software. A “compliance audit” consists of verifying the consistency between contractually defined user authorizations (licenses and rights) and the actual usage of the software.
How to minimize the impact of license audits?
In the event of an audit, we first help the customer create a safe framework for the audit. What is the scope? Does the vendor agree with your entitlements list? Can the vendor provide a detailed description of metrics as an appendix to the audit protocol?
We help perform a data collection and a compliance analysis in parallel or ahead of that conducted by the auditor, so as not to fuel unnecessary conflicts with erroneous data. We anticipate situations where unclear advice, unintentional mistakes, or false positive elements could threaten your company.
As need be, we provide a well-argued and comprehensive counter-report, taking into account favorable clauses that your company may have signed as well as unfavorable clauses that were not presented to your company for approval.
Thanks to our tools, we know how to optimize your allocations, reduce your risks and thus minimize or even eliminate the financial impact of the audit. We take the same approach to all publishers and products.
Case study: Managing software compliance in preparation for an audit
Situation and problem
We had been providing Software Asset Management advice to this client for several years. Our client was particularly interested in understanding the nature of their Oracle deployments. They engaged Elée to identify the Oracle deployments and to compare them with the various purchases and renewals of maintenance.
There were several complicating factors:
- The organization owns complex Oracle middleware products with many interdependencies between products
- Oracle databases and middleware are deployed on the VMWare virtualized environment
- License purchases have different restrictions depending on the product, which are often poorly defined in contracts and subject to interpretation.
In order to ensure the client’s compliance position, our Oracle experts helped implement a remediation plan and assisted with communication with the publisher.
Elée then helped this client to manage an Oracle software audit.
Approach
For this engagement, our Oracle experts carried out the software inventory process in four main stages:
- Understanding the client context: sizing elements of the project, number of servers, technologies used
- Collection of deployment data (identification of installations, using the Discovery tool, architecture and technical specifications) and purchasing data (contracts, purchase orders, maintenance renewals)
- Compliance analysis: escalation of risks identified for each Oracle product, and action plan to reduce or eliminate these risks. This can include decommissioning, reducing user access lists, or changes in architecture or technology.
- Follow-up of the action plan: identification of those responsible for actions on the client side and weekly follow-up of actions. Updates of compliance positions to reflect the rights and deployments of the customer both in real time and after remediation.
An actual audit carried out by Oracle a few months after our intervention validated our analyses and the compliance position we had developed.
We supported our client until the end of the audit. The client had no penalties to pay.
Results
- Precise picture of compliance position by product
- Achievement of risk reduction objectives as a result of remediation actions
- Elimination of risk of non-compliance thanks to action plan
Key points about managing a license audit
Our services for managing publisher audits
Elée offers a complete service to help organizations prevent and manage software license audits. This type of service is often called “counter-audit” or “audit defence”.
-
Risk anticipation: Software license audit prevention plan
We help our clients anticipate potential audits through Publisher Audit Prevention Plans, intended to understand the client’s context, identify triggering factors and assess audit risks over the coming year. We conduct mock audits and remediation plans in order to make you audit-ready.
Deliverable: Annual prevention plan for software audits
Pricing model: Fixed price
-
Risk anticipation: Audit protocol preparation
Upon receipt of the audit letter, we help you leverage your legitimate rights to a fair and balanced audit process. Audit protocols bring a valuable framework to all parties and reduce the risk of an audit report creating false representation.
Deliverable: Advice during audit protocol negotiation and appendix creation (scope, reference documents, metrics).
Pricing model: Package or Time spent
-
Risk anticipation: Compliance analysis and remediation
Upon receipt of the audit letter, the purchasing and IT teams need to analyse the compliance situation and initiate remedial actions before sending data to the publisher. The objective is to conduct a compliance analysis in order to identify non-compliance and reduce this as much as possible before allowing the auditor in.
Deliverables: Inventory of purchases and acquisitions, inventory of facilities and usage, compliance position and financial risk assessment, optimization and remediation plan.
Pricing model: Package
-
Support with managing the audit and managing the relationship with the publisher or auditor
How should you respond after receiving an audit letter? Who should be in contact with the auditor? When should you send the data? What are your rights and those of the auditor? How can you make sure that you are not making a mistake and that the publisher’s claim is justified? Elée’s experts support you at each stage of a license audit, answer your questions and train your teams.
Deliverables: Ongoing advice (emails, presentations, letters, etc.)
Pricing model: Time spent
-
Counter-audit report
Our experts analyse the audit reports. We detect negotiation levers, possible errors or approximate calculations, and legal “vagueness” that can be used to your advantage. With this information, we establish a counter-audit report that you can present to the publisher. A strong counter-audit report puts you in a very powerful position.
Deliverable: Counter-audit report and associated explanations
Pricing model: Fixed price or Time spent
-
Settlement support
Our experts help you orient yourself. We help you convince your top management to buy licenses that are really missing, and not to sign up for bolt-on deals that the vendor may be promoting but that have nothing to do with your real needs.
Our experts help you weigh the interest of buying beneficial and recent technology from the vendor (score card solutions) together with older products for which usage has grown beyond your real entitlements, as a commercial lever.
We also help you show the vendor that your legal team has a strong case and that the vendor will be unlikely to win in a court of law.
We help you analyse vendor quotations, vendor settlements contracts, strange or new clauses, URLs, and enhanced duties and limitations for your company in the future.
Deliverable: Advice on products and settlements negotiation. Business cases. Arguments against invalid audit claims. Managerial meetings. Advice on new offers, and documentation of settlements.
Pricing model: Fixed price or Time spent
Discover SamBox.io
Request a callback from an expert
Describe to us your situation and your availability for a conversation, and one of Elée’s experts will contact you.