Join Mike Austin as he shares his insights and cuts through the confusing jargon with straight talk! Mike Austin has been involved in countless Microsoft negotiations and audits and has negotiated over $1B in software cost reductions.
Trusted globally by some of the world’s most well-known enterprise companies, MetrixData360 is the leading provider of expertise and negotiation services around Enterprise software contracts. Combining an unparalleled knowledge of the DNA that make up software agreements with the ability to understand company’s individual requirements, MetrixData360 is able to drive out significant costs and align agreements to business priorities NOT to those of software vendors and their programmatic objectives. Using technology, process and knowledge derived from the analysis and negotiation of more than a thousand contracts, we help put explanation around the unknowns that create compliance gaps and control spiraling costs associated with Enterprise software agreements.
Our Sean McIntosh was recently interviewed as he is a presenter at the upcoming Compliance Manager Summit where he will discuss how to challenge your audit findings.
Out of every $1 million in noncompliance found in a Microsoft audit, about 50 percent will be wrong, says Sean McIntosh of MetrixData360, a consulting firm specializing helping organizations with license compliance and audits.
And the worst part is that a lot of companies won’t even argue effectively.
“Some people, when they get a call from a vendor, assume they have basically no rights,” says McIntosh, a featured presenter at the 2017 Compliance Manager Summit (March 13-14 in San Francisco). “Often, when software auditors throw a lot of legal terms and conditions around, companies will just cave in, turn over their data, and pay up.”
But this is changing. More companies are challenging their audit findings, negotiating better settlements, and pushing back.
McIntosh is an expert on the tactics and grey areas that software vendors of all kinds (and their auditors) use today to drive up the cost of compliance settlements. Although he’ll go into detail at his Compliance Manager Summit session, here are a few key points.
Know the rules
“It really doesn’t matter what software vendor your dealing with because they all follow a very similar approach to audits,” says McIntosh. “They put a data request in and compare that data against their entitlement data and find the gap—the largest gap possible by applying the most conservative rules possible.” However, the first thing you should do, says McIntosh, is go back and read the contract that you signed to confirm what your rights actually are. Know exactly what data you have to turn over, how many licenses you purchased, and a host of other terms you agreed to that may enable you to lessen some of those gaps.
For example, in one audit that McIntosh worked on with a client, he found that Microsoft was applying the most current product rights and conditions, but the actual application in use was a few versions older. “When the current product use rights were applied to their SQL Server licenses the initial gap was upwards of $2 million. But when we applied the correct usage rights—the ones assigned at the time of the license agreement—their gap was really around $500K.”
Microsoft auditors will always try to impose the most current usage rights because they are almost always the strictest. “The company was within their legal rights to follow an older version of usage specifications, but it still took a lot of arguing with the auditors,” McIntosh says.
Know your own data
Although companies often will just turn over usage data (or access to usage data) to software compliance auditors, McIntosh says, not so fast!
“When you get involved with one of the boutique auditors hired by Microsoft, make sure you get an nondisclosure agreement in place that allows you to review any and all data the auditor plans to send on to Microsoft,” McIntosh cautions.
The reasons you want a data review are many, but generally you want a chance to explain any abnormalities and offer proof to the contrary, says McIntosh. “There can be a lot of technical errors in the first pull of your data, that, if Microsoft gets a stab at it they will forecast an audit finding base on it. So it’s important to work with the auditor to find simple and easily explained anomalies, supply the data to back up your story, and remove these from the final data submitted on to Microsoft.”
For example, another MetrixData360 client owned the rights to 500 copies of Microsoft Office Professional that they were not using. The client had installed 500 copies of Office Standard that they did not have entitlements for. “In a situation like this the auditor will demand that the company buy 500 copies of Office Standard, which is technically correct, but that’s not the way it really works in most cases,” says McIntosh. “In a negotiation, you can fairly quickly get that auditor to accept the licenses for Pro in place of Standard.”
Escalate above the auditors
Another tip McIntosh has for companies as a last resort to challenge their audit findings is to go over the auditor directly to the software vendor.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.