What is a Microsoft License Verification Process?

In the trying times of the 2020’s no organization is safe from the Microsoft License Verification Letter. Small or large businesses have been receiving these in higher frequency than in normal years. Let’s take a dive into this phenomenon:

A Microsoft License Verification is not actually a software audit. It’s more like a tax return where you report what your Microsoft licensing holdings are. It’s also an optional review, designed to help organizations stay compliant and (more than less) to help protect Microsoft’s intellectual property.  Maybe even generate a little back end revenue on the non-compliance fines too. But that’s not official.

Although this is an optional procedure it is recommended to always respond to it in a timely manner. This is because ignoring one could lead to an actual mandatory software audit due to Microsoft thinking you may have something to hide. It could also lead your team to forget about it, which could harm your standing if this leads to heated negotiations down the line.

Either way, when you receive one of these letters, you need to prepare a few things and take certain steps to make sure you come out unscathed.

These steps are:

  1. Contact an expert
  2. Gather all proofs of licensing purchases
  3. Run a report on your software inventory
  4. Review findings – share only what you need to
  5. Create an accurate licensing position
  6. Submit a Deployment Summary to Microsoft
  7. Negotiate with Microsoft

 

Now negotiating with Microsoft on the technicalities of what you should and shouldn’t be paying for can be the dragon many people don’t want to slay. Which is why step one is so important. Having an expert in arms length that can negotiate on your behalf is going to safeguard you from falling prey to Microsoft’s dubious reporting practices and keep their assumptions at bay.

If you have received a License Verification Letter from Microsoft, please book a meeting with one of our negotiation experts to help set you on the right track. Don’t forget to check out the video as well.

Data Collection During the Software Audit Process

The Auditors Handed You an Estimated License Position: Now What?

Negotiating the Final Settlement of a Software Audit

What Happens After a Software Audit?

Surviving an Audit from the BSA

How To Prepare for a BSA Software Audit

Receiving a BSA software audit can be just the thing to ruin your day or your month. The Business Software Alliance (BSA) is an industry trade group that acts to defend its members, including large software corporations like Microsoft, from copyright infringement. They are also the top advocate for technological innovation.

The BSA’s software audits are a special kind of painful, and MetrixData 360 has just the remedy for that type of pain. Having spent many years in the software asset management industry, we’ve been able to get our clients out of the stickiest situations. So, let’s talk about BSA audits and how you can prepare for one.

What Is a BSA Software Audit

 

Software audits are the review or analysis of a piece of software to ensure several different regulations are being properly adhered to. The reasons for instigating an audit vary, but include:

    • Checking Compliance
    • Ensuring that the piece of software is working properly
    • Investigating the proper configuration of a piece of software within an environment

 

Generally, software audits form an excellent stream of revenue for software vendors, since compliance gaps are often resolved with the purchase of more licenses to drive up the vendor’s sales and market value.

Having a strong defense for software audits is critical to ensure that you are not left paying out millions of dollars in unneeded fines.

What Causes a BSA Software Audit?

Regular software audits from a software vendor occurs for a variety of reasons.

  • Their revenue has taken a sudden dip and they are trying to make up for the losses
  • Your company has gone through a merger and acquisition, and it’s likely that your software licensing environment is messy after the move
  • Random selection, some software vendors issue routine software audits on a regular basis regardless of whether their clients have shown any red flags for compliance issues. There’s little you can do about it just being your turn.
  • You have rolled back on purchased licenses suddenly and without explanation
  • You have gone through a software audit before and the results revealed a huge compliance gap. The software vendor will assume you’ve fallen back into old habits.
Related: Avoid inciting an audit. Check out our article:
How to Avoid Software Audits

However, the thing that incites a BSA audit is a little different.

The BSA has telephone hotlines and radio stations where they encourage disgruntled employees and vendors to make anonymous reports and complaints about companies in violation, regardless of size.

These informants are further incentives by the potential of a reward for any leads into instances of the unlawful installation of software.

Of course, the BSA will consider any installation without a proper receipt or proof of purchase as an unlawful download. For each report, the BSA will decide if they will request a self-audit or if they will go straight to a lawsuit but usually, they will ask you to conduct a self-audit first.

A self-audit will give you the chance to run your own internal resources and use your own software audit team to compile your defense.

The Tools and Process of a BSA Audit

Since the BSA audit will be a self-audit, you will be allowed to use an internal staff or a third-party firm to gather your relevant information, which will include proof of purchases or receipts for all the versions of software and all the computers that you have in your software infrastructure. Make sure you pay close attention to this collection phase, since the BSA may mark free versions or old versions of the software as unlicensed.

The BSA may offer you software tools in order to collect the relevant data, but these free discovery tools may easily miss critical information. They may mark free or test/dev software as fully licensable or they may fail to accurately capture the intricacies and uniqueness of your software environment.

When in doubt it’s always best to use your own software inventory tools.

Related: Want to learn more about SAM tools? Get started with the basics:
What are Software Asset Management (SAM) Tools: Functions, Advantages, and Disadvantages

What Are the Fees Associated with a BSA Software Audit

The most worrisome difference, and the one that is on everyone’s mind, is the price tag associated with the BSA audit.

A regular software audit is sent out by the software vendor on a systematic basis to their customers to ensure the proper use of their software. They usually send you one of two types of software audits: a review or an audit.

Reviews are voluntary and the only payment you have to make is the purchase of the licenses you are found to be owing.

Official Software Audits are distinctly not voluntary, and if you are found out of compliance to a significant degree (every software vendor is different but for Microsoft, you only need to be out of compliance by 5%) you will be asked to pay for the missing licenses, along with additional fees, and you will be burdened with covering the expense of the software audit.

Those are the two types of fees you can expect when the software vendor audits you. When the BSA audits you, it’s a whole different story.

When the BSA audits you, they will expect you to perform your own internal audit and provide them with the results. After receiving your findings, the BSA will fine you based on any illegal duplications or unauthorized use. This may be difficult to prove and, in some cases, even something like a proof of purchase will not be enough to satisfy the BSA standards. If that is the case, the fee can be staggeringly high — up to $150,000 USD per infringement, which is a reeling sum, especially for smaller businesses.

What Should You Do When You Receive a BSA Audit Request?

  • Respond

While one must be always worried about legitimate claims from untrustworthy sources, if you can affirm that the letter does in fact come from the BSA (and feel free to verify it with a lawyer), then it is always best to respond.

Even if the only thing they are asking for is a self-audit, refusing to comply will result in the BSA escalating things straight to litigation. If you were to refuse the demands of the BSA, it will make it look as though you have something to hide and will send a red flag to your software vendors.

  • Ensure Confidentiality

Set up a confidentiality agreement between yourself and the BSA, this will determine the scope of BSA’s investigations and will limit the BSA’s ability to use the data you provide to them in court. If they provide you with a NDA to sign, make sure to read it carefully to ensure it protects your own rights as well as that of the software vendor.

  • Start to Gather all the Relevant Material

You’ll need to compile all the data that will be required for this self-audit. This will probably take about 3 to 4 months to gather completely, depending on the size of your software licensing environment, so it’s best to get started early.

The types of things you’ll be gathering are:

  • List of software products that are part of the BSA membership that have been installed as of the date the BSA letter was issued.
  • Proof of purchases — usually an invoice will be fine when it comes to the BSA.
  • A list of your software inventory

How to Handle Software Audits with Confidence

Software Audits are no one’s cup of tea, and when it comes to the software audits that the BSA dishes out, they tend to come with an extra dose of difficulty that can leave many companies stupefied.

Being stuck paying out millions of dollars in fines that you don’t owe is hardly an ideal scenario and, what’s worse, is that it is completely avoidable. There’s a way to get around this.

At MetrixData 360, we know how to deal with these types of audits and we have defended our clients in the most challenging times. If you’d like to learn more about MetrixData 360’s approach to audits, you can download our Audit Defense Procedure for an in-depth step-by-step look into handling an audit.

Is Your Software Auditor Ignoring You?

You’ve almost made it through your software audit and you can see the light at the end of the tunnel. You’ve collected the data despite how much of a drain it was on your resources; you gave your best defense. And yet, it seems, your software auditor is ignoring you.

Now what?

On the one hand, it’s pretty great to be ignored; you can finally get back to business. If the auditors gave you the silent treatment before you settled, then any day where you aren’t writing a big fat cheque to the software auditors is a day well spent.

But on the other hand, this unexpected and uncertain silence has got you on edge, what happens if they come back? You want this audit to be over so you can rest easy at night but that can’t happen until it’s come to a satisfying conclusion.

At MetrixData 360, we have gone through many software audits before and we have helped our clients get out of the stickiest situations.

So, what do you do without that bitter conclusion to this otherwise unpleasant story? In this article we’ll cover what to do if the software auditors have given you the silent treatment.

Why Are the Software Auditors Ignoring You?

The software auditors are not exactly angry romantic partners. If they aren’t talking to you, you’re not about to send them a bunch of text messages, fill up their voicemail and send them apologetic flowers just to get them to talk to you again.

Oftentimes, you may feel like not seeing them again is preferable, but it is important to know why they have decided to take the approach that they have so you can approach this issue with confidence. After all, you need closure.

Many of our team members are ex-auditors themselves, so they know what is going through the minds of auditors when they give you the cold shoulder.

The Investment is No Longer Worth it

One of the main reasons why the auditors may have gone silent is due to the sheer dwindling of incentives. A software audit is supposed to be the software vendor’s cash cow, with your compliance gap expected to be large enough to force you to contractually foot the bill of the software audit process or, at the very least, cover the expenses of the investment.

Before a software audit even begins, the vendors and the auditors create a rough estimate of what they think your compliance gap will be and how much revenue they expect to accumulate during the process.

However, if your software environment is far cleaner than the software vendors anticipated, then the auditors can already see that they are not going to get the money that they thought they would before your software audit has even ended.

When faced with this conundrum, the software auditors may try to stretch your software audit into other products, this is called scope creep and can be avoided if you clearly define the scope of the audit during the kickoff meeting. If they can go digging for their anticipated revenue elsewhere, then your audit will be shelved for a later date, so that the auditors can work on more lucrative projects.

They Are Hoping to Use Your Data in Your “Next” Audit

You’ll find there is an audit clause in your licensing contracts (it’s almost impossible to get rid of it). This clause states that the software vendor has the right to audit their software for whatever reason they deem appropriate.

However, your audit clause may have a few more elements to it. For instance, it may outline how long of a down period your software vendor must give you between audits with the usual minimum time period being a year.

It is also possible to negotiate for other requirements such as forbidding your software vendor from carrying your data from one audit to another. This prevents you from being held accountable for compliance issues you’ve already resolved in the last audit.

However, the way the software vendors get around this obstacle is by keeping a software audit open for as long as possible. They can’t be in breach of their contract for auditing you twice in one year if you are still technically in the same audit, and they will be allowed to use the data they collected in the first half of the audit and bring it over to the second half if it is all technically one audit.

They are Worried About Your Relationship with Them

The software vendors want your money, but they also want your continued business. One of the less common reasons why an auditor may pull back from a software audit is if things have gotten heated, and they are worried about the long-lasting effects this will have on your relationship.

That is not to say that they have dropped the audit altogether, especially if there is evidence of a compliance gap because that means there is still money to be made. Instead, they may just be waiting for things to cool off between you two before starting things up again.

What Can You Do If You Can’t Get a Response from Your Software Auditors

You Have the Right to Push Back

It might seem nerve-wracking and rather exasperating to push for something you never wanted in the first place. But if you are confident in the quality of your software data and you feel like you are prepared and can no longer take advantage of this downtime, reach out to the software auditor to demand closure.

The ammunition for your cause is the fact that the time and resources you’ve put into this audit might amount to nothing. If the software audit lies dormant for too long, the data you have collected may quickly become worthless as your software environment changes.

If you decide to leave things unresolved, then you must be prepared to potentially start from scratch if your software auditors initiate your software audit again.

Should You Let Sleeping Auditors Lie?

The silence of the auditors can give you a much-needed reprieve to build a rock-solid defense for yourself and may allow your business a much-needed break from auditing pressures and the ability to get back to business as usual.

However, the only reason you would want an unsatisfactory conclusion to your software audit is if you know you have a large compliance gap.

It is a rare thing for those kinds of audits to go away quietly. It’s usually the audits that are not going to be as profitable as anticipated where enthusiasm is lost.

Take these things into consideration when you are planning your next move. A silent and unwilling auditor may be a good sign that your compliance gap will not be as painful as anticipated.

What Can You Do to Prevent This?

The best thing to do is avoid this situation entirely, if you can. If you are entering a software audit or if you’d like to get ready for your next audit without encountering non-responsive auditors, here are just a few things that you can do in order to prevent this from happening again.

Negotiate a Turn Around Time in the Kick-Off Meeting

Every software audit begins the same way, with a kick-off meeting. During the kick-off meeting, there are a number of things that you will need to bring up including the scope of the audit, the non-disclosure agreement that will be set up between the third-party auditors and yourself, and of course, the timeline. The timeline is a very important thing that you will have to negotiate because should the software vendors have their way, they will create a very unreasonable and tight turnaround time in order to get things done all the faster.

It is important you create a timeline that accommodates your business’s needs including your busy season, your working hours, or even your holidays. Never think that you need to give up your days on the beach just because the auditors have given you an arbitrary timeline.

Ensure that the timeline reflects what you believe is a reasonable length of time to perform the tasks they are asking. If left unnegotiated, we have seen companies have to review thousands of rows of data in only fifteen days.

Negotiate what kind of response time is reasonable for both yourselves and the auditors during the kick-off meeting. Bake it straight into your NDA that should the auditor not respond for a certain period of time (such as four weeks), then the software audit can be considered closed, which means at that time you’ll be in the clear to rest easy and not have to worry about an audit from that software vendor for another year.

Keep Careful Tabs of the Auditors’ Response Times

Now that you have a reasonable response time outlined, keep careful tabs of how promptly the auditors are responding. Try to keep things prompt and timely on your end because it is never a good idea to go dark on the auditors. Ignoring them will make it look like you are dragging your feet to participate in the software audit. Not participating in a software audit can result in you being found in breach of contract. So, keep the pressure on them and make note of any slow response times, this may be an indication that your software auditors are losing steam.

Related: Get our Software Audit Defense Procedure in order to be prepared and ready for whatever your auditors throw at you.

Have a Proper Response for Your Software Auditors

Software auditors may be a puzzle to deal with; they may have vague requests and tight turnaround times, but nothing is more confusing than when all you get from them is radio silence.

At MetrixData 360, we know that there are many issues that can crop up during a software audit, and it can be unnerving trying to figure out your best response, especially when the software auditors are giving you very little to work with. We know what the software auditors are thinking because we’ve been on the other side of things, and we know how to create a perfectly timed response to the auditors’ most vague and puzzling responses. If you’d like to learn more about the kind of services we offer, check out our audit defense service page.

How to Prepare for an SAP Audit

Getting Ready for a Software Audit with SAP? 
Five tips to keep in mind  

Of all the software publishers out there, SAP is known for dealing out particularly vicious audits with high numbers that are dreaded by SAP customers. 

But living in constant fear of being audited is no way to live your life. 

If you have SAP software of any substantial scale, then it is only a matter of time before your SAP audit is at your door. The best thing you can do is simply prepare. 

At MetrixData 360, we have gone up against SAP in enough audits to know what to expect.

In this article,  we’ll share with you the five ways you can prepare for an SAP-specific audit. 

Know What Triggers an SAP Audit 

Expect an SAP audit at least every two years. You may receive a software audit from SAP more frequently if:

  • you are a larger corporation 
  • your company has gone through a merger or acquisition which has led to substantial growth
  • you have purchased a new SAP product
  • you are deemed a ‘high risk’ customer based on the findings of a previous audit

Basically, if your last audit didn’t go so well, then in SAP’s mind, two years is a long enough time for old habits to flare back up and for disorganization to creep back in.  

While it is not a rule set in stone, SAP may initiate audits as a reactive measure to events that are occurring within their company. If SAP has lost a competitive bid, if their sales are slowing down, if they have released a new licensing model, it may increase the likelihood of you seeing an audit sooner rather than later.  

Know Your SAP Software Contract  

SAP contacts have the tendency to be needlessly complex, with over 100 separate Agreements/Order Forms/Exhibits/and so forth. These contracts all contain custom wording that can be difficult to understand but this comprehension of your agreements is critical if you want to avoid the brunt of an audit. Take something so simple as SAP’s definition for Use, as an example.  

Isn’t it great when a software publisher slightly changes the use of a seemingly commonly understood word? For SAP that word is “use.” 

According to SAP’s Software License Agreement, Use is defined as the ability to load, execute, access, employ the software or display the information resulting from those capabilities. This is a fancy way of saying basically any interaction or capability of interaction with SAP’s software can be defined as Use and any Use requires a license.

Since the definition is so broad, it means that it could prove a challenge in an upcoming audit for companies who do not have a strong understanding of Use according to SAP.  

In particular, you should make sure that your company has a strong understanding of the following terms as laid out in your specific agreement since they are often subject to customization:  

  • Named User 
  • Definition of your particular license metric, with close attention to any exceptions that your company could qualify for.  
  • Indirect Access or wording related to Indirect Access such as External user, interfaces, etc. Pay attention to even the smallest clause.  

SAP Indirect Access  

Many SAP systems have a dual-licensing system that relies on two main components.  

  • Packaged licensing: is what you paid for and what you use. I couldn’t tell you which metric SAP will use since SAP uses every metric under the sun and it will vary from product to product.  
  • Named User License: allows a user to use any number of SAP applications that can be found in the packaged licenses. Every user needs at least one license and to access any package you need a packaged license and a named user license. Confused yet? 

Taking the SAP definition of Use as seen in the last section, Indirect Use can be interpreted as Use through a custom-built application or a third-party application. So basically, anyone who touches SAP data or software in any way could be considered having Indirect Access.   

Make sure that you have a clear map of your SAP environment, including any SAP architecture not linked to your main ERP environment and affiliate system that might be interlinking with your SAP environment. 

Risk Management for SAP  

Before you start organizing your briefcase full of money to hand over to SAP for the purchasing of more licensing, there are a few strategies you can implement that can address the compliance issues of an SAP audit even before you are found in the middle of one. License purchasing should only be used after all other methods have been exhausted. 

  • License Identification: You may already have the licenses required to cover unique and seemingly unlicensed scenarios. You need to figure out if you are even in trouble before you start paying for it.  
  • Software Reconfiguration:With issues like indirect access, a reconfiguration of your software architecture may be just the thing you need to get you out of the compliance risk hotseat. 
  • System Clean-up: It’s important that you are using up-to-date software, and a system cleanup can be a great way to reduce your exposure. 

Have the Right People on Your Side 

Above all else, it’s important that you have the right team to handle an SAP audit. This isn’t a side project your IT department can get done in their spare time. 

Depending on the size of your software licensing environment, you may very well need to hire a team of people for the job, either in-house or an expert. Each option comes with its own advantages and drawbacks. 

An in-house software asset management team, while they may be more integrated into the culture of your company, will need to be versed in licensing and contracts from every vendor in your profile, negotiation skills, expertise in technology and so many more. 

To get all the resources you need, you will be required to hire a whole team of experts and it may take them a while to get up to speed. An external expert may come at a higher starting price but their immediate expertise and scalability to match your project can make it easy to gain massive returns on your investment. 

If you’d like more information about the pros and cons of hiring a SAM expert vs. doing it yourself, check out our article!

End on a Good Note!  

The frequency of software audits are only accelerating, and SAP is no exception. Ignoring what you have in your software licensing environment until your SAP audit is upon you will only create further problems, along with copious amounts of unneeded stress for you and your company. Imagine being able to approach a software audit with confidence in your own compliance and a rock solid defense to back your claims? 

At MetrixData 360, we have all the tools you need to get yourself ready for any audit that might be thrown your way, regardless of which software vendor it comes from. So, get ahead of your audits today!

Software Audit Checklist

A software audit is typically considered to be an overwhelming and confusing experience, complete with a mountain of work you need to do in an unreasonably short amount of time. It provides you with stress and a sense of overwhelming helplessness that you’d just rather not deal with. Having an internal software audit checklist will make sure that you will have everything in order when the inevitable happens.

At MetrixData 360, we’ve been through so many software audits and have been able to help our clients succeed in seemingly hopeless situations. How? Kept a cool head, remained calm, and had a clear list of things to do at every stage of the software audit. Even if you aren’t in an audit yet, it is always better to be prepared because there’s a good chance you’ll be in one soon.

So we’ve taken a look at each stage and have compiled a software audit checklist of the most important things you’ll need to do.


Phase One: Notification

Upon receiving a notification that you have been selected for a software audit, you will need to do these first steps immediately.

  1. Determine If You Must Respond

While you are legally obligated to participate in a software audit, not everything that is dressed up to look like a software audit is one. Reviews are similar to software audits in that they go through the same process.

However, reviews (or whatever flowery, less aggressive name your particular software vendor gives them) are not audits. They are voluntary, they often result in lighter fines, and they can be conducted internally.

Therefore, determine if you have to respond and plan accordingly.

At MetrixData 360, we advise that you respond to reviews and treat them with the same severity of a software audit since refusing a review often results in the same vendor sending you an audit, which you can’t refuse. It will set the process off to a rocky start, with your software vendor knowing you were dragged to the software audit kicking and screaming.

Related: For a Deeper look into the difference between a Software Review and a Software Audit, you can check out our article: Software Asset Management (SAM) Review vs Audit: What’s the Difference?
  1. Get an NDA

Before any data is handed over to the auditors, you need to set up a three-way non-disclosure agreement between the third-party auditor, the software vendor, and your company. This will keep the third-party auditors from disclosing any data with the software vendor without your approval. While many companies have their own NDAs, you should be wary if the software vendor provides you with an NDA to sign, since it will usually have language that will offer you minimal protection. For just one example, a contract may have language that allows scripts to be run in your software environment but does not hold the software vendor legally responsible for any impacts that might have on your production environment.

  1. Ensure that the Scope is Clearly Defined

In order to avoid scope creep, make sure that the scope of the audit is clear regarding the regions that will be included and if the vendor has several products, which products will be examined.

  1. Begin Creating Your Own ELP

Immediately start to create your Estimated Licensing Position (ELP) by gathering data on the relevant products; this will give you a strong case to oppose the auditor’s findings, which will most likely have an over-inflated compliance gap. Your Estimated License Position should effectively compare your deployment data with your purchased licenses regarding the scope of the audit.

  1. Designate a Single Point of Contact (SPC)

It is important to immediately establish who is responsible for corresponding with the auditors throughout the process. Having a single point of contact controlling the flow of information to the auditors will give you a clear picture on what the auditors know and where you stand with them. The SPC should be someone who has a strong understanding of negotiations, software licensing, deployment data and software contracts.

Phase Two: Kick Off Meeting

Scheduled to mark the beginning of the software audit, the kick-off meeting will be composed of (either in-person or online) the software vendor, their auditors, and any other stakeholders who will be involved in the process. The Statement of Work or its equivalent will be presented and topics including timeline and scope will be discussed.

  1. Pay Close Attention to the Timeline

The auditors will want the process done as quickly as possible to ensure return on investment, but you need to push back against unreasonable turnaround times and fight for a timeline that works for you.

Unless you negotiate for more time, you could easily be left with having only fifteen days to slosh through thousands of rows of data.

Negotiate a timeline that works with your schedule because you shouldn’t have to sacrifice your time off, your busy season and your sleep just to meet an unrealistic and arbitrary deadline. Not to mention a rushed-out response will likely not provide you the solid defense you need.

  1. Prepare a Defense for the Accuracy of Your SAM Tools

The auditors will most likely say that your SAM tools fail to collect all the data that they need in order to complete the audit. They will then demand to exclusively use their own. This will be the case even if you have an inventory tool that the auditing software vendor has approved.

However, it is in your best interest that your own tools are used. You should push for a position that allows the auditors to either supplement any missing data from your inventory tools with their own or extract data samples from your SAM tool to test its accuracy.

  1. Clarify the Data Requirements

The auditors may be intentionally vague about a few things, including the metrics that will be used to count your deployment data; your licenses, your user counts, or your authorized users, etc.

You’ll need to make a point of clarifying what the auditors have left unclear to make sure you understand what exactly they will be asking for and why they need to see that data. Not everything they ask for will be relevant to the audit.

Phase Three: Data Collection

After the kick-off meeting has concluded, the data collection phase will begin. Often seen as the most time-consuming and costly part of an audit, the data collection phase will involve the auditors asking you and your staff to run scripts and pull data.

They will most likely not come on-site (think of the travel expenses they’d rack up if you had international locations!), but the auditors may visit to verify certain data points. They may interview staff, or they may observe your staff running specific scenarios.

  1. Verify that Any Employees Who will be Interviewed are Prepared

Make sure everyone who will be interviewed by the auditors is aligned on what will and won’t be said. While you should never strive to hide things from the auditor, you should have a clear understanding of what your stance is with the vendor. You will also need to ensure that employees give answers that are complete and accurate.

  1. Review all Data Requests

Your Single Contact Point (SCP) needs to be reviewing all data requests sent from the auditor to make sure the requests are reasonable and within the scope of the audit. Keep asking questions and make sure you always understand why the auditors are asking for something and understand the impact each piece of data will have on your overall stance with the vendor.

The SCP should also review each piece of data that is sent to the vendor so that you fully understand your stance with the vendor.

  1. Your SCP Should Be Your Only Contact with the Vendor

All communication with the vendor must be done exclusively through your SCP. Again, this is not done to keep things from the vendor, this will simply make it easier to keep effective tabs on your position with the vendor during the process. You need to know what the vendor knows to effectively frame your argument during the negotiations.

  1. Review Data Quality

Make sure that all the data you give to the auditors are of good quality and do not conflict with each other. You also need to check that the data released is not providing any unnecessary data that can be used to make assumptions against you.

Phase Four: ELP Creation

After the data has been gathered, the auditors will present you with their Estimated License Position (ELP) of your software environment, which will consist of your deployment data, compared against your licenses to create a compliance gap. They will ask you to review their findings before they send it over to the software vendor to correct them on any errors.

The ELP will be composed of thousands of rows of data and will be tremendously difficult to read through in the amount of time the auditors will give you.

  1. Compare the Auditor’s ELP with Your Own

Being able to cross compare the auditor’s findings with your own will allow you to effectively challenge auditor’s conclusions. Common tactics for challenging the auditor’s findings include:

  • Investigate any area of the auditor’s case that you know, suspect, or even feel to be inaccurate.
  • Look into which team provided the data that the auditors used in their inaccurate assumptions and ask for validation.
  • Seek clarification on unclear items and have the auditors explain what they’re planning on telling your vendor.
  • Highlight any disagreements that you have on the auditor’s findings, submit explanations for any grey areas or propose plans to fix any shortcomings.
  1. Negotiate the Timeframe

After the data has been sent off and the fact-finding portion of the audit is closed, the vendor will begin setting up a timeframe for purchasing any license shortfalls. It is important to realize this is not a settlement but a negotiation at this point, so push for a timeframe that works for your company’s goals and interests, not the vendor’s fiscal goals.

Phase Five: Negotiation and Settlement

Going off of the compliance gaps the software auditors have found, the vendor will sit down with you to hash out a negotiation for how you will make up for any shortfalls.

This is often where companies feel disheartened, tired, and cornered. They just want the issue to go away and feel as if the compliance gaps the auditors have found is set in stone.

It’s important to remember the data is up for interpretation and you have more wiggle room than you might think. It’s important to stay positive during this stage, with the help of MetrixData 360, our clients were able to greatly reduce their compliance gaps and the amount they had to pay out.

  1. Consider the Multiple Stakeholders

There are many people involved in the audit from the vendor’s side that are reporting to managers with different agendas from one another. Stakeholders involved in the audit include:

  • The License Compliance Team
  • The Technical Resource Team
  • The licensing or contract group, who may not be licensing experts, but are certainly responsible for selling licenses
  • The Sales Team, which will include your account manager
  • The vendor’s legal team, including the lawyers

All of these different teams might be compensated in different ways: one team might be paid based on the revenue they manage to obtain, while another on whether this audit is conducted according to legal standards or on how satisfied you are with their work.

When the vendor’s representative says they need to obtain internal approval, these are the people they are consulting. You need to word your requests in a manner that appeals to all stakeholders involved.

  1. Stay Calm

Take comfort in the fact that you have done everything you possibly can to prepare for this software audit. Do not be pressured into timelines. Do not be forced into a settlement that is not accurate because you were not given enough time.

  1. Be Prepared

Be ready to research the licensing terms and other claims the vendor makes.

  1. Leverage

Be willing to leverage senior executives within your company and the vendor’s. A well-timed call to the right person can be very effective to unblock a stalemate in the process.

  1. Stay Focused

Your goal is to purchase only what you need. Often software audits are used as a sales tactic.

Just when you feel cornered in the software negotiations, you can expect to be pushed towards purchasing new products. You must stay focused and strategic with your software purchases regardless of the pressure the software audit puts you under.

Coming to the Meeting with the Right Persona can Make all the Difference! Learn the type of personality it takes to Win Contract Negotiations in our article: 5 Key Traits to Winning Contract Negotiations.

  1. The Four Factors

During the negotiation process it is important to remember that it is a balancing act between four key factors.

four factors software audit

Future Revenue vs. Immediate Revenue
The software vendor will try to lean more towards immediate revenue while you should try to put most of your argument towards future revenue.
Time of Payment vs. the Relationship Between the Vendor and You as a Client
The vendor will try to push for getting their payment quickly and it would be helpful if you pushed from the angle of keeping the health of your relationship with that vendor intact.
  1. The Closing Statement

Make sure you get a closing statement after final figures have been decided at the end of the negotiation. Some vendors may indemnify you from future audits by looking back past the date the audit closed. A closing statement will give you the freedom of not having to worry about another audit from that vendor for a minimum timeframe or else they will be at liberty to audit you using findings that date back prior to the close of the audit.

Have a Strong Defensive Strategy for your Next Software Audit!

Software audits can be exhausting and probably far outside the scope of what you were thinking your job would look like. However, it is possible to get through just fine by following the software audit checklist, remaining calm, staying focused, and having the right people on your side. Question everything the software vendor asks for, and don’t be afraid to push back when you don’t agree with certain findings. Let’s not dance around the issue, the vendors are here for your money whether it is owed to them or not and you need to know how to defend yourself.

MetrixData 360 not only takes care of all the heavy lifting during a software audit, but we’ll teach you what we’re doing so that you’ll be prepared the next time around. If you’d like to learn more about our software audit services, you can contact us and one of our sale’s reps will get back to you in under 24 hours.