You’ve almost made it through your software audit and you can see the light at the end of the tunnel. You’ve collected the data despite how much of a drain it was on your resources; you gave your best defense. And yet, it seems, your software auditor is ignoring you.
Now what?
On the one hand, it’s pretty great to be ignored; you can finally get back to business. If the auditors gave you the silent treatment before you settled, then any day where you aren’t writing a big fat cheque to the software auditors is a day well spent.
But on the other hand, this unexpected and uncertain silence has got you on edge, what happens if they come back? You want this audit to be over so you can rest easy at night but that can’t happen until it’s come to a satisfying conclusion.
At MetrixData 360, we have gone through many software audits before and we have helped our clients get out of the stickiest situations.
So, what do you do without that bitter conclusion to this otherwise unpleasant story? In this article we’ll cover what to do if the software auditors have given you the silent treatment.
Why Are the Software Auditors Ignoring You?
The software auditors are not exactly angry romantic partners. If they aren’t talking to you, you’re not about to send them a bunch of text messages, fill up their voicemail and send them apologetic flowers just to get them to talk to you again.
Oftentimes, you may feel like not seeing them again is preferable, but it is important to know why they have decided to take the approach that they have so you can approach this issue with confidence. After all, you need closure.
Many of our team members are ex-auditors themselves, so they know what is going through the minds of auditors when they give you the cold shoulder.
The Investment is No Longer Worth it
One of the main reasons why the auditors may have gone silent is due to the sheer dwindling of incentives. A software audit is supposed to be the software vendor’s cash cow, with your compliance gap expected to be large enough to force you to contractually foot the bill of the software audit process or, at the very least, cover the expenses of the investment.
Before a software audit even begins, the vendors and the auditors create a rough estimate of what they think your compliance gap will be and how much revenue they expect to accumulate during the process.
However, if your software environment is far cleaner than the software vendors anticipated, then the auditors can already see that they are not going to get the money that they thought they would before your software audit has even ended.
When faced with this conundrum, the software auditors may try to stretch your software audit into other products, this is called scope creep and can be avoided if you clearly define the scope of the audit during the kickoff meeting. If they can go digging for their anticipated revenue elsewhere, then your audit will be shelved for a later date, so that the auditors can work on more lucrative projects.
They Are Hoping to Use Your Data in Your “Next” Audit
You’ll find there is an audit clause in your licensing contracts (it’s almost impossible to get rid of it). This clause states that the software vendor has the right to audit their software for whatever reason they deem appropriate.
However, your audit clause may have a few more elements to it. For instance, it may outline how long of a down period your software vendor must give you between audits with the usual minimum time period being a year.
It is also possible to negotiate for other requirements such as forbidding your software vendor from carrying your data from one audit to another. This prevents you from being held accountable for compliance issues you’ve already resolved in the last audit.
However, the way the software vendors get around this obstacle is by keeping a software audit open for as long as possible. They can’t be in breach of their contract for auditing you twice in one year if you are still technically in the same audit, and they will be allowed to use the data they collected in the first half of the audit and bring it over to the second half if it is all technically one audit.
They are Worried About Your Relationship with Them
The software vendors want your money, but they also want your continued business. One of the less common reasons why an auditor may pull back from a software audit is if things have gotten heated, and they are worried about the long-lasting effects this will have on your relationship.
That is not to say that they have dropped the audit altogether, especially if there is evidence of a compliance gap because that means there is still money to be made. Instead, they may just be waiting for things to cool off between you two before starting things up again.
What Can You Do If You Can’t Get a Response from Your Software Auditors
You Have the Right to Push Back
It might seem nerve-wracking and rather exasperating to push for something you never wanted in the first place. But if you are confident in the quality of your software data and you feel like you are prepared and can no longer take advantage of this downtime, reach out to the software auditor to demand closure.
The ammunition for your cause is the fact that the time and resources you’ve put into this audit might amount to nothing. If the software audit lies dormant for too long, the data you have collected may quickly become worthless as your software environment changes.
If you decide to leave things unresolved, then you must be prepared to potentially start from scratch if your software auditors initiate your software audit again.
Should You Let Sleeping Auditors Lie?
The silence of the auditors can give you a much-needed reprieve to build a rock-solid defense for yourself and may allow your business a much-needed break from auditing pressures and the ability to get back to business as usual.
However, the only reason you would want an unsatisfactory conclusion to your software audit is if you know you have a large compliance gap.
It is a rare thing for those kinds of audits to go away quietly. It’s usually the audits that are not going to be as profitable as anticipated where enthusiasm is lost.
Take these things into consideration when you are planning your next move. A silent and unwilling auditor may be a good sign that your compliance gap will not be as painful as anticipated.
What Can You Do to Prevent This?
The best thing to do is avoid this situation entirely, if you can. If you are entering a software audit or if you’d like to get ready for your next audit without encountering non-responsive auditors, here are just a few things that you can do in order to prevent this from happening again.
Negotiate a Turn Around Time in the Kick-Off Meeting
Every software audit begins the same way, with a kick-off meeting. During the kick-off meeting, there are a number of things that you will need to bring up including the scope of the audit, the non-disclosure agreement that will be set up between the third-party auditors and yourself, and of course, the timeline. The timeline is a very important thing that you will have to negotiate because should the software vendors have their way, they will create a very unreasonable and tight turnaround time in order to get things done all the faster.
It is important you create a timeline that accommodates your business’s needs including your busy season, your working hours, or even your holidays. Never think that you need to give up your days on the beach just because the auditors have given you an arbitrary timeline.
Ensure that the timeline reflects what you believe is a reasonable length of time to perform the tasks they are asking. If left unnegotiated, we have seen companies have to review thousands of rows of data in only fifteen days.
Negotiate what kind of response time is reasonable for both yourselves and the auditors during the kick-off meeting. Bake it straight into your NDA that should the auditor not respond for a certain period of time (such as four weeks), then the software audit can be considered closed, which means at that time you’ll be in the clear to rest easy and not have to worry about an audit from that software vendor for another year.
Keep Careful Tabs of the Auditors’ Response Times
Now that you have a reasonable response time outlined, keep careful tabs of how promptly the auditors are responding. Try to keep things prompt and timely on your end because it is never a good idea to go dark on the auditors. Ignoring them will make it look like you are dragging your feet to participate in the software audit. Not participating in a software audit can result in you being found in breach of contract. So, keep the pressure on them and make note of any slow response times, this may be an indication that your software auditors are losing steam.
Have a Proper Response for Your Software Auditors
Software auditors may be a puzzle to deal with; they may have vague requests and tight turnaround times, but nothing is more confusing than when all you get from them is radio silence.
At MetrixData 360, we know that there are many issues that can crop up during a software audit, and it can be unnerving trying to figure out your best response, especially when the software auditors are giving you very little to work with. We know what the software auditors are thinking because we’ve been on the other side of things, and we know how to create a perfectly timed response to the auditors’ most vague and puzzling responses. If you’d like to learn more about the kind of services we offer, check out our audit defense service page.