So, you’ve received your “invitation” to take part in a software audit. What lies ahead ? If you were asked to describe what you thought would happen during the process of an audit what would be your response ?
- “The auditors will employ a duty of care to ensure that all the necessary data is collected and diligently analysed in an open and logical fashion so that my license position is correctly identified”
- “Once the necessary data has been collected the auditors will use their experience and a degree of common-sense to understand that maintaining an optimal license position in a modern fast moving enterprise with complicated software consumption models is a herculean task and we will be given a reasonable opportunity to resolve any issues before penalties are applied”
- “The auditors will not visit site until I’ve filled in my self-assessment, run some scripts and returned the data. Then when they do visit, the sole purpose will be to get me to agree to a pre-written “draft” report where I will be pressured into agreeing the findings even though the associated costs for those findings are not available to me and will only be made available as part of the commercial resolution process.”
Which one do you think is closest to how some enterprise software vendors run their audits?
If I told you it wasn’t the first two options, would you be surprised ?
The “audit” practices of some of the enterprise software vendors is little short of sharp practice.
A lot of audits happen without an auditor coming into contact with any of your systems, they don’t need to, they get you to do all the running. A little like the game of Hangman.
Armed with the information you supply in a self-assessment document, where you list the devices, the software running on there and the roles they perform; the auditor will ask you to run some scripts on some of the more interesting devices and roles (the ones that are known to be complex, problematic from a licensing perspective, or even, perhaps the most lucrative?) and then return the output of those scripts to them for assessment. Once the data has been returned and an analysis commenced you may be asked to run further scripts or to answer what appear to be oblique questions with little or no rationale to the logic behind the questions.
Then the day comes when the auditor arranges to visit you and “discuss” the findings.
The auditor will come armed with a final-draft of the report and walk you through the findings. There will be no commercial or pricing information supplied in this document, it is simply a statement of findings which you are asked to agree with.
Once you agree with the findings then a final version of the document will be issued and then you will be handed over to the “commercial resolution” team.
Because you have already agreed to the report findings and it is considered final, there is no room for manoeuvre on the items which require licensing (your chance to do that was during the presentation of the draft findings). The only negotiation opportunities you have now is the commercial ones, and you will be negotiating from a poor position because the vendor holds all the cards now.
Welcome to the commercial resolution zone..
The commercial resolution is likely to follow a process similar to this
- You have already agreed to the findings report, the list of required software is set in stone now.
- Your commercial options will be presented in a manner that serves one party only (and that’s not you), they are often presented in a slide deck with no written version
- There will be an “obvious” resolution option which is presented as “making logical and financial sense” because that’s the one they wish for you to take.
- The first price presented to you will be the “shock and awe” number
- You will be allowed to “negotiate” the number down and you’ll be congratulated on driving a hard bargain
- After buying the resolution deal you will never see the commercial team again.
So, how did that feel to you ? Fair ? Equitable ? Was it the ideal customer experience ?
Do you feel the audit process was designed to benefit you or the vendor ?
What about if I told you that the number you agreed in the commercial negotiation was more than likely pre-defined by a regional sales manager who identified that your organisation hadn’t bought enough software last year or had reduced expected spend in the last few quarters ?
Remember, we all have KPI’s and targets to achieve, software vendors are no different. If your organisation is on a sales region list and there is a number next to your name for “expected revenue” and you aren’t looking like buying… what would you do ? call in the auditors to shake the money tree perhaps ?
So, when is an audit not an audit ? When it’s a charade with a pre-ordained outcome that benefits only one party and delivers no value whatsoever to the “valued” customer.
How do I know these activities are charades, well, try asking for a certificate of completion or compliance after the audit resolution process has occurred. You will be waiting for a very, very long time.
One last thing..
In the majority of situations, at any time in the audit process you can make it all go away by offering to move straight to commercial resolution. It will, more often than not, be accepted. That’s how important the empirical answer is to these organisations. You won’t get a certificate of compliance (but then when do you anyway?) but you will save yourself a lot of pain and effort to get to the same endpoint where you pay money for something you don’t need or want !