Tips for Surviving a Microsoft EA True Up

Tricks for your Microsoft EA True Up

If you have an Enterprise Agreement (EA) with Microsoft, then you are probably familiar with the EA’s annual True-Up. It’s a straightforward way of condensing a year’s worth of headaches and frustrations around purchasing software licenses into a short period of only 90 days (although hopefully, you’re preparing earlier than that!).

Since these true ups amount to such a large investment for enterprises, it is important that you remain in control of the situation and know what you can and can’t do. Often companies can feel trapped or chained to their chairs in these agreements but with MetrixData 360, we have helped many clients truly harness the potential of their EA. We’ve helped our enterprise clients cut down wastage in their EAs (sometimes hundreds of thousands of dollars have been removed from EA agreements), and we know how to dance this dance with Microsoft.
So in this blog post, we will share some tricks from our experts.

And don’t forget. At any point in reading this article, you would like some further explanation, check out our downloadable EA True Up Guide below:

Tricks for your Microsoft EA True Up


Tricks for your Microsoft EA True Up

If you have an Enterprise Agreement (EA) with Microsoft, then you are probably familiar with the EA’s annual True-Up. It’s a straightforward way of condensing a year’s worth of headaches and frustrations around purchasing software licenses into a short period of only 90 days (although hopefully, you’re preparing earlier than that!).

Since these true ups amount to such a large investment for enterprises, it is important that you remain in control of the situation and know what you can and can’t do. Often companies can feel trapped or chained to their chairs in these agreements but with MetrixData 360, we have helped many clients truly harness the potential of their EA. We’ve helped our enterprise clients cut down wastage in their EAs (sometimes hundreds of thousands of dollars have been removed from EA agreements), and we know how to dance this dance with Microsoft.
So in this blog post, we will share some tricks from our experts.

And don’t forget. At any point in reading this article, you would like some further explanation, check out our downloadable EA True Up guide below:

You Don’t Need to Fill Out Every True-Up Form that Comes Your Way

If you have a reseller supporting you with your EA, then you may receive True-Up forms quite frequently — some of our clients report that they receive them on a monthly basis. You might feel compelled to fill each one of them out, either because your reseller encourages you to do so, and they know best, or because you’d rather not go up against Microsoft. However, unlike your annual True-Up, which will require a mandatory Update Statement (even if you haven’t added to your counts this year), these monthly True-Up forms are completely optional features that you don’t have to fill out.

You Can True-Down to your Original Count…Or Zero!

If this is not your first True-Up, you likely noticed that adding counts to your EA is easy – encouraged even – however, it can be very difficult to true-down or reduce your counts in any way. While it may be difficult, it is not impossible if you are following these steps:

Know Your Data

The first step of Truing-Down is to know what you are truing down to.
There are many ways to check your counts:

  • in your Active Directory;
  • in your SCCM or your SAM Tool (only useful if you’re trying to find your Qualified Device Count); or
  • in your HR Systems and Email Accounts (only useful for finding your Qualified User Counts).

You can also guess based on your number of employees, but while this is something most companies are forced to resort to, this is not something MetrixData 360 advises.

Create a Value Gap

Knowing your data will also allow you to create a Value Gap, and build your argument for truing down based upon cold, hard data. At MetrixData 360, we have built our tools for this task, which can significantly cut down your workload and your guessing.

Start Preparing for Your Microsoft EA True Up Early

You can True-Up pretty much up to the last second, but if you want to True Down, you will have to be prepared well ahead of time and adhere to the deadlines outlined in your agreement. Microsoft will only let you reduce your counts up until 30 days before your True-Up date, so you will have to be ready with your data and your arguments for Truing Down long before then.

Check Your Original Counts

When you are trying to reduce your counts in your EA, there are two things that really prove to be determining factors on how low you can go: if the product is an enterprise-wide purchase and if it is a subscription or a perpetual license.

If you have an enterprise-wide purchase, the only way Microsoft will allow you to reduce your counts is by scaling back online service subscriptions down to their original number that you started with. For example, if your original EA asked for 500 subscriptions and the following year you grew to 1,000, the lowest you can reduce your count to is 500. However, if your purchase is not enterprise-wide, it is possible to reduce the counts, so long as the minimum requirements are maintained.

Check Additional Products that are Available as Subscription Licenses

There are a few different products which are included in the EA, such as Enterprise Products, Enterprise Online Services, Additional Products, Additional Products Online Services. Additional Products that have subscriptions can be reduced to a count of zero! We’ve pulled such a move before at MetrixData 360, which resulted in our client saving $800,000!

Watch Out for Complicated Products

While Microsoft may have products that are easy to use, there are, of course, the challenging ones that are difficult to wrap your head around, let alone manage. Make sure to pay close attention to your deployment data around these products, ensuring that you have a strong understanding of your contract’s language and deployment data. Some of Microsoft’s more complicated products include:

At MetrixData 360, we put extensive effort into understanding both products and have a wide collection of material to read and tools to assist you in gaining a strong handle on these two products in your software environment.

Need Help Getting Ready for Your True-Up?

With your True-Up approaching, it’s important to have a few tricks up your sleeve. Closing such deals could mean the difference between optimizing your spending and spending copious amounts of money that you don’t need to.

The Microsoft reps may be nice, but there is only so much that they will be willing to help you save when their job is to make sure you do exactly the opposite. That is why you need someone who can support you and have your back during this engagement.

MetrixData 360 is here for you. We have many Fortune 500 customers who we have helped to minimize the impact of their EA on their software budget.

If you would like to learn more about getting ready for your Microsoft True-Up, you can download our free booklet, Preparing for a Microsoft True-Up.

Oracle’s 2020 Q4 Report Is In, Does It Mean An Audit For You?

Oracle released their 2020 Q4 report and it may mean that there are Oracle Audits coming. Software audits can be a living nightmare if you find yourself unprepared, leaving the possibility for things to spiral out of control until the next thing you know you’re facing outlandishly large compliance gaps no idea how to prove them wrong. Oracle audits are no exception to this and many of their customers find themselves at a loss when confronted with one. While we have covered how to handle a general audit, there are a few things about Oracle audits that make them unique, which is what we’ll go over today. At, MetrixData 360, we have gone up against the biggest software companies in the software industry today and have empowered our clients with the knowledge they need to walk away from such audits with minimal damage to their IT budget.

Oracle’s Results Released for Q4

On June 16, 2020, Oracle released its Q4 report for their fiscal year and the results show case exactly how hard Oracle has been hit by the COVID-19 pandemic . The report showed four areas of Oracle’s business that were suffering. First, the Cloud services and licenses support, which saw only a 1% increase in revenue over the past year, which is a considerably weak increase since, historically, Oracle has seen a 4% increase in that same category. Their other main streams of revenue have declined with hardware seeing a 9% dip, services seeing an 11% dip, and cloud licenses and on-prem licenses seeing a staggering nosedive of 22%.

Those are 2008-recession levels of bad and it doesn’t help that Oracle’s traditionally highest grossing month is May, where they haul in almost 40% of their year’s total revenue. May was also the same month that saw the worst of the pandemic lock down, where the last thing on anyone’s mind was buying more software. Part of this may be just a COVID-19 blip, with Oracle having only to make it to the other side of this truly terrible year before they can see their usual numbers again. However, these numbers have many of Oracle’s customers sweating at what this might mean for Oracle audits.

From the Beginning: What Attracts an Oracle Audit, and How to Respond to Receiving One

With this news, there is a strong chance that there will be an increase in audits, and it’s suspected that these audits will be aimed towards small to medium size companies with lower investments in Oracle, while companies who have large investments in Oracle are not expected to feel any significant changes. But while there might not be any significant increase for these large companies when it comes to Oracle audits, there will certainly not be a decrease in them any time soon, so it’s important that you are prepared all the same. While some software companies have routine audits or send out audits at random, Oracle tends to be a bit more precise when it comes to who they audit.

Generally, you can expect an Oracle audit once every 3-4 years, unless your last audit was restricted to only a single Oracle product or area of your software environment, then you can expect to be audited more frequently. Your Oracle audit may have been brought on by any of the following factors occurring in the past 24 months at your organization:

  • You’ve gone through a merger or acquisition
  • You are still in possession of old or outdated Oracle software whose metrics are no longer used by Oracle
  • You’ve conducted a hardware environment refresh
  • Your organization has seen an organic growth of 10% or greater
  • You have trimmed back on Oracle products in any way such as cancelling or reducing support from Oracle
  • You have an Unlimited Licensing Agreement (ULA), since it is suspected that Oracle will be focusing its auditing efforts on either getting you to renew your ULA or switch to a perpetual ULA

When you receive either an Oracle License Review or an Oracle License Audit, don’t let the different names distract or tempt you to take the Review as less serious than the Audit. They are essentially the same in both process and stakes. The only real difference between the two is that ‘review’ is a friendly, less threatening term when compared to an audit.

LMS and Oracle Tools: Dealing with Both

Oracle Licensing Management Service (LMS) is the internal team from Oracle that you will likely be dealing with throughout your audit. Although it is possible for Oracle to outsource the project to their partners, and other departments of Oracle will perform audit-like services such as reviews, their internal audit team is the only department authorized to perform License Audits on behalf of Oracle.

When you interact with Oracle’s LMS, one consistent element that you’ll run into is that they will want you to run their own, Oracle approved, SAM tools to collect the data from your software environment. Your first goal in this audit is to make sure that your tools are used instead, an argument which we cover in length in our Software Audit Defense Procedure . While you are required to comply with the audit, nowhere in your contract does it require you to install their SAM tools. So long as you can prove that your own SAM tools can accurately retrieve the data that Oracle is asking for, then there is nothing wrong with using your own tools.

Who Foots the Bill? The Old Oracle vs. the New Post COVID Oracle

In the past, Oracle’s audits and their sales reps had the same goal: sales for the sake of sales. Sales reps got commission annually for every transaction, these numbers were usually 1% of the contract value, and if it was cloud services they were selling, that number rose to a tantalizing 5-10%. So, sales reps preferred cloud services and at the end of an audit, it was often the case that cloud services would come up when it was time for settlement. Oracle has essentially offered its audited customers get-out-of-jail free cards in exchange for the purchase of cloud services at a much smaller cost than your compliance gap, even if you didn’t need the cloud solution you are purchasing. All the sales rep really cared about was selling the services, it didn’t matter to them if you never used it again afterwards, since they got to walk away with that 5%-10% commission jingling in their pockets.

Now, however, Oracle has made a few changes to their sales rep models. They have significantly cut back on their staff numbers, and have put the vast majority of the remaining sales reps on the task of exclusively selling cloud services, and will only see that same level of compensation if their customers use the cloud services that were sold to them. This means that you will not see be seeing any cloud service deals at the end of your audit, you’ll just be expected to pay the compliance gap, which will be painfully more expensive than the previous alternative.

Now, however, Oracle has made a few changes to their sales rep models. They have significantly cut back on their staff numbers, and have put the vast majority of the remaining sales reps on the task of exclusively selling cloud services, and will only see that same level of compensation if their customers use the cloud services that were sold to them. This means that you will not see be seeing any cloud service deals at the end of your audit, you’ll just be expected to pay the compliance gap, which will be painfully more expensive than the previous alternative.

In addition to these costs, if you are found to be out of compliance by a significant degree, then you will be forced to cover the expenses for the entire software audit, including any expenses that Oracle racks up.

 

How Should I prepare?

Once you have received a software audit notice from Oracle, you will have about 45 days to respond. During that time, you need to get the following ready:

  • A Non-Disclosure Agreement: This will ensure that any information that you give to the auditors must remain between you and them unless they ask for your consent to send it to the rest of Oracle’s higher ups. This will allow you to remain in control of how Oracle perceives your organization and your compliance, both of which will become important when you enter into the negotiation and settlement phase of the audit.
  • A Single Point of Contact (SPC): You will need to make sure that you have a team to act as a single point of contact (ideally with legal, technical, and Oracle specialization) in place who will exclusively deal with communications with Oracle’s audit team. The auditors will only talk to the SPC and anything that is passed from your organization to the auditors will pass under the SPC’s eyes first. Anyone who is planning to be interviewed by Oracle will discuss with the SPC what they are planning on saying and how they should answer Oracle’s questions. This isn’t done for the sake of hiding anything from Oracle, but this will help to keep track of where you stand with Oracle and ensures your negotiation strategies remain uncompromising.
  • A Scope for the Audit: This is done so that, in the case that you are not so far out of compliance as Oracle originally thought, they do not keep looking through your software environment trying to find the profit they anticipated, also referred to as ‘scope creep’.

This needs to be laid out during the kick-off meeting and it’s important that you do not let the data collection phase begin without those three things in place.

Want to become an Expert a Handling Software Audits?

No one will claim software audits are easy or simple, and if they claim it’s anything other than a thinly veiled attempt to squeeze more money out of your company, then they’re kidding themselves. Oracle audits can be especially tricky, considering the sheer size of Oracle’s company and the vast amount of resources you’ll be going up against. It can feel like you’re outnumbered and out of your depth as you’re surrounded by sharks who do this for a living. Which is why you don’t have to go through this experience alone. At MetrixData 360, we have created a whole reservoir of resources in order to better equip you to face any software audit that comes your way. If you would like to download our free e-book on a step-by-step process on handling software audits, you can click the link below.

How to Avoid Software Audits

It’s no crime to not enjoy software audits, who would? They’re stressful, unpleasant experiences that can result in crippling audit penalties and the feeling of being powerless when it comes to your own software. Humans naturally want to avoid things that cause us distress, so is there any way to avoid software audits? The short answer is no, there is no guaranteed way to completely eliminate the chance that you’ll be audited but there are ways you can decrease the frequency and likelihood of your company being audited. At MetrixData 360, we have noticed a pattern in the behavior of the auditors, and we’d like to share our findings in what can lower your chances of getting audited.

Why Do Software Audits Happen?

The first step in understanding how to decrease your chances of incurring a software audit is understanding why software audits happen.

(Un)Luck of the Draw

There is a sense of randomness to software audits, as some software vendors send out audit notices either regularly to their customers or through picking unfortunate names out of a hypothetical hat. So, there’s little you can do to stop it from simply being your turn. However, many companies think this is the only reason for software audits and so hang their heads and accept their fate, but there are other things that can cause a software audit as well.

Money

I wish I could tell you it’s more complicated than that, but in the world of business the heart and soul are plated in gold. Software publishers will often use software audits as a source of revenue, and if the software audit plays out the way they want it to (with you being out of compliance and writing a check to them with many, many zeroes on it), then they won’t even have to cover the expenses for the software audit process, that will instead be handed to you. However, if their goals are purely fiscal, then that means they’ll target companies that are guaranteed to reap massive rewards. Companies that the software publishers have strong reason to assume are out of compliance enough to yield a large return on investment might as well coat themselves in barbeque sauce, because all the software publishers will see is a meal.

Sales

Software Audits are also used to meet sales quotas because at the end of a software audit, you’re forced to purchase all your missing licenses at full price (no historical or contractual discounts will be included, sadly). It also puts you in a pressured position to buy, they’ve got you in a corner, they wait until they see the glint of panicked sweat on your brow and then they deliver to you a sales pitch.

The Payout for Hyper Complex Software Contracts

There are plenty of legitimate reasons why software contracts are as discouragingly complicated as they are: technology is constantly changing and licenses constantly struggle with dealing with that complexity, and many customers request hand-tailored licensing options. However, that doesn’t eliminate the fact that software vendors make no effort to simplify the matter into something their customers can actually understand.

How to Lower Your Risk of Being Audited

Now that we understand why software publishers conduct software audits, we can talk about what you can do to reduce the risk of software audits.

Demonstrate Organization and Understanding to the Software Vendor

This is especially true if you are a sizable company with multiple branches or if your company has recently gone through a merger or acquisition. Such situations will make you susceptible to disorganization and from there it increases the likelihood that you’ve missed something. If you are asked questions by the software auditors, it is important that you answer them effectively and completely to demonstrate a strong understanding of your software contracts. To gain full insight into your software estate, you will need to perform internal audits regularly, have a SAM tool in place that manages your software estate, and a team in charge of the project.

For more information on getting someone to manage your SAM or if you’re in the market to buy SAM tools, check out our articles: How to Hire a SAM Expert and 5 Factors to Consider When Buying a Software Asset Management Tool.

Have a Plan in Place

Educate your employees on the value of software asset management and have a defense strategy in place in case of a software audit. Even if you do receive a software audit, having the process be organized, streamlined, and resulting in minimal penalties will prove to the software vendor that you are not an easy target. Getting organized means having your licenses in order, having a defined person in charge of your organization’s response to a software audit, and having an audit defense plan in place. Software audits tend to have tight response times, so this cannot exactly be a ‘learning on the job’ scenario. By knowing what to do, it will mean that any software audit that is presented to you will go smoothly with minimal damages, so you are less likely to be audited again in the future.

Know What is in Your System

Have an effective asset life cycle in place, including a means of purchasing and a means of retiring any assets to ensure they are effectively tracked. We have seen rogue purchasing and ineffective asset retirement result in a quiet drain on IT budgets through the purchasing of multiple unneeded licenses.

Your Active Directory is the place most software auditors will look when attempting to compile your compliance gap. Many companies do not have access to their Active Directory and as such their AD will consist of every device and every account that has passed through their software architecture, not just the ones that are currently in use. Employees that have left the company, and devices that have been sitting in storage collecting dust will all be present in your Active Directory and the auditors will argue that they will all need a license.

For More Audit Defense Information

Software audits are on the rise and they aren’t slowing down anytime soon. There’s no magical cure to repel auditors for good, but there are ways to reduce your risk of software audits. Your best weapon of defense is to be prepared. If you’d like to learn more about how to get ahead and stay ahead of the audits, you can download our Audit Risk Checklist, which will give you a breakdown of all areas where we see our clients struggle with compliance.

Getting Ready for a Microsoft True-Up

Your annual Microsoft true-up is approaching. You’ve used Microsoft products throughout the year and now the anniversary of your purchase is drawing near and it’s time to pay for anything that is net-new or to accommodate for any growth that your company has seen. Time to dust off your Microsoft true-up process once again. You do have one of those, right?

 

Your Microsoft True-Up Process

If you’re one of the many businesses with a Microsoft Enterprise Agreement, then you will need to have everything organized at least 30 to 60 days before your true-up date. But how do you go about gathering all the information you need?

How do you even begin to get ready for your Microsoft True-Up?  

At MetrixData 360, we have helped our clients get through countless Microsoft True-ups in one piece and want to share with you what to expect and how to prepare. 

Table of Contents

 

Don’t forget to fill out the form to download our free Microsoft True-Up guide:



Microsoft Enterprise Agreements: The Basics

Having an Enterprise Agreement (EA) comes with many delightful advantages, namely it provides tempting pricing, discounts, and added benefits for your IT infrastructure.

The agreement also provides flexibility. Instead of grinding your business’s growth to a screeching halt every time you need to buy new licenses, you simply add any changes to your technological landscape to your tab, so to speak, and your true-up is then adjusted to account for any software you’ve used over the previous year.

However, the agreement is not without its faults. For instance, EAs are one of the more complex agreements Microsoft offers. They require high up-front payments and, while it is easy to scale up, you’ll find it will be quite painful to reduce any of your subscriptions.

The EA’s New Look

Recent changes to EA licensing have made things a little bit more difficult for customers who already have an EA in place.

As we covered in our article, Microsoft Changes Minimum Enterprise Agreement Qualified User/Device Count, in 2016 Microsoft changed the minimum number of user/device count customers required in order to qualify for an EA license. The change expanded to a 500 device minimum, with a breathing period for customers with less than 500 devices/users who already had an EA in place prior to July of 2016. For those “breathing room” clients, they could renew their licenses after an additional 36 months.

July 2019 saw the end of that grace period, with customers who had an EA in place but less than 500 users/devices being forced to either pay for 500 licenses (even if they didn‘t need them) in order to meet the minimum or consider alternative licensing options with this upcoming renewal.

Microsoft also announced in October 2018 that the programmatic discounts that were once offered to Level A EA customers (customers with anywhere from 250–2,399 devices/users) have been removed.

Without these discounts in place, the EA no longer offers the most appealing pricing model compared with other volume licenses. Unless, of course, you care to get into a contract negotiation with Microsoft.

What Type of Products are Part of Your Microsoft True-Up?

There are four different types of products that are a part of your EA true-ups. The type of product you have determines your rights and limitations during the true-up.

Enterprise

If the sum of the products in your true-up can be classified as Enterprise, it means that the products fall under the definition for Qualified Device (in the case of Enterprise Products) or Qualified User (In the case of Enterprise Online Services).

For this reason, you need to license all of your Enterprise Products by devices or all your Enterprise Online Services by users as Microsoft defines Qualified Device or Qualified User.

The only way you can get out of licensing your enterprise products this way is by exempting them in a legally sound way. The Enterprise Agreement allows you to purchase products that are counted only at the time that the true-up order is placed, which can be worked to your advantage.

On your Customer Price Sheet (CSP), which is a list of the products that are in your EA along with your discounted prices, if you have any, the Enterprise products will be listed at the top, followed by the Enterprise Online Services.

  • Enterprise Products: More traditional products, such as Office Pro, Core CAL, Windows Desktop OS.
  • Enterprise Online Services: Online services such as Office 365 E1, E3, E5, SCE E3/5, SPE E3/5

Additional Products

This is Microsoft’s little wild card that we have seen clients struggle to compensate for.

The nature of the EA is that you can add additional licenses to your agreement quickly and easily, and you will simply have to pay for any additional licenses that you have acquired over the year at your true-up.

This kind of setup encourages a mindset where you only need to worry about your licensing count when your true-up date approaches. However, when it comes to additional products, you must pay for the maximum number of licenses you have had since the last true-up.

Such a requirement means that to have additional products means that you need to be constantly monitoring them. Even though this only applies to the Additional Products, Microsoft will often play it off as though the true-up for the Enterprise products needs to be paid according to this rule as well, where you pay for the maximum number of products you possessed throughout the year, despite the fact that there is no evidence that you need to do so outlined in your EA.

Your additional products can be found on the second half of your CSP, usually buried down at the bottom, after your Enterprise Products and your Enterprise Online Services.

  • Additional Products: Products that aren’t classified as Enterprise, such as Windows/SQL Server, Project Visio

Online Services

Online services are only slightly more difficult than the additional products to understand. According to your EA, online services provide you with the option to defer payment for your monthly fee up until the point where you’ve installed the product. If you have only been running it for three months upon the approach of the true-up, then you’ll be paying only for those three months and you’ll only see an invoice on the anniversary date if you have a reservation.

How do you know what your reservation is? You can find your reservation report on your Office 365 portal. This will tell you what kind of licenses you have reserved and how many.

 

  • Additional Products Online Services: Online products that do not classify as Enterprise, such as Power BI and Lock Box

Where Do I Find My Counts?

After you have established how you will be expected to license your products, now there is the hurdle of finding the numbers you need to give an accurate report on your usage. To find these numbers, you have a few methods at your disposal:

 

  • Your Active Directory:

    This should be the first place you check on your way to compliance. However, many organizations do not look here. Looking elsewhere will make it difficult to determine things like line or work. By just going off of the raw data that other inventory systems can provide to you, it will be very difficult to draw any sort of meaningful conclusions.

  • Your SCCM or Your SAM Tool (Use for your Qualified Device Count only):

    Whatever tool you have implemented is a great way to monitor and subsequently count what you have in your software environment. However, it is important to ensure that these are accurate numbers that your tools are reporting, as faulty numbers will undermine your whole SAM process and it will fail to provide you with a true reflection of your data.

  • HR Systems and Email Accounts (Use for your Qualified User Count only):

    While it may not be as defendable in a software audit as the count in your Active Directory, the numbers pulled from either your HR systems or simply your email accounts may be enough for your true-up.

  • Guess-timation:

    We have often seen with our customers, when they do not have access to the data, they are forced to simply make a rough guess. If you have 1,000 employees and you know each employee has a desktop, that means you need 1,000 licenses and the job is done, right? Obviously, at MetrixData 360, we do not advocate for such a method.

What Will Happen During a Microsoft True-Up?

There are a few things that you can expect from Microsoft leading up to your True-up.

 

90 Days Before: You can expect to hear from your reseller or your Microsoft Account Team concerning your upcoming true-up. They’ll ask for an update as to how many software licenses you’ve added to your software architecture.

60 Days Before: Microsoft has given you the assignment and now they’re going to check back in with you, asking what you’ve discovered concerning your licensing changes.

30 Days Before: Microsoft’s team will get back to you with a true-up order which reflects changes to your EA. If you complete your true-up past this date, Microsoft will not allow you to do subscription reductions. They will simply bill you automatically based on what your bill was the year before. If you owe them more, Microsoft will never say no to more money, but any reductions will be out of the question at this point.

Immediately Before: You’ll get another call from your account rep to check in on your True-Up process

15 Days After Your True-Up: Your reseller or account rep will review your True-up order and place it with Microsoft.

Consider Your Options: The Cloud Solution Provider (CSP) Program

Microsoft has been extremely aggressive in recent years with pushing both its Cloud Platform (Azure) and its many cloud offerings, including its Cloud Solution Provider (CSP) Program onto its customer-base.

In fact, there’s a good chance that the recent removal of the EA discounts and the increase of its minimum seating has been Microsoft’s attempts to make their Cloud-based solutions more appealing to their customers.

So, what is CSP? Compared to the EA, which is more concerned with standardizing the licenses throughout a company with one large upfront payment, a CSP is the pay-as-you-go, monthly fee model that we’ve seen become the industry standard with Cloud platforms.

Thinking of Reducing Your Subscription?

It’s easy to scale up with Microsoft, they love it; but as you’ll quickly discover, the real challenge comes when you want to reduce your subscriptions or even keep them the same. However, if you look at your EA, you’ll find that there is actually a section that allows for a reduction in subscriptions.

If you have an enterprise-wide purchase, when they say “reduce,” what Microsoft means is that you are allowed to scale your online service subscriptions back to the original number that you started with. So, if I purchased a subscription of a hundred users, regardless of my purchases throughout the year, the lowest number I could ever reduce that subscription to is a hundred users, the original number I purchased.

If the subscription was not a part of an enterprise-wide purchase, you’re free to reduce but only if the initial order minimum requirements are maintained.

With Additional Products that are available as Subscription Licenses, you are allowed to reduce the license count to zero. By utilizing this clause, MetrixData 360 saved one of our past clients $800,000 by reducing two of their Additional Product subscriptions that they weren’t using down to zero!

How to Get Ready for Your Microsoft True-Up

You never want to be left scrambling for things at the last minute, being prepared when it comes to your software is a great rule to live by, whether you are getting ready for an audit, a contract negotiation, or your EA renewal.

So here are some tips that can help you get ready for your EA renewal long before your anniversary date.

 

  • Don’t guess your count. Guessing will either leave your numbers too high, which will be a waste of money, or too low, which will leave you exposed to auditing penalties. You need accuracy to get useful results.
  • Have a clear Asset Life Cycle for licenses and devices that are a part of your EA, including processes around both the deployment and retiring of old assets.
  • Have all the proper and updated documentation in place for everything (devices, servers, and users) that is applied to your EA. Monitor your EA products once a quarter or at least every six months.
  • Make sure you have a full understanding of your enrollment terms (especially regarding the new license changes).
  • Unexpected SQL server consumption fluctuation often proves to be especially troublesome when creating your True-Up Declaration, so make sure that you have a strategy in place to effectively capture this data.
  • Utilize perpetual licenses whenever possible.
  • Have your True-up Declaration or your Zero True-up ready at least 60 days before your anniversary. Don’t put it off until the last minute, now is definitely not the time to procrastinate.
  • Make sure that your Active Directory is cleaned up with a clear count for your users and devices.
  • Repurpose your licenses when you aren’t using them. It beats buying yet another license.
  • Know the language of your contracts.

 Getting Ahead of Your Microsoft Enterprise Agreement True-Up

Having a strong sense of your licensing position will give you the ability to ensure that your EA contract renewal goes as smoothly as possible.

At MetrixData360, we have helped hundreds of our clients successfully navigate a Microsoft true-up so that what they pay actually reflects their usage. If you’d like to learn more about how MetrixData 360 can represent your interests in your next EA renewal, you can check out our contract negotiation page by clicking the link below.

Software Audit Risk Assessment Checklist

Below is an excerpt from our Software Audit Risk Checklist, which is available as a free download for subscribers to our newsletter. This is the same checklist that we use in our primary assessment of client environments.

Software Audit Risk Checklist

 

Software audits are considered an unpleasant and inevitable factor of business. Once, it may have been possible for a company to remain compliant with their software vendors with only a few spreadsheets managed by someone extremely organized. Now, however, software deployments and contracts have become so complex that this is simply not practical.

As technology has evolved, the way that software is used and deployed has become more complicated. Software publishers themselves have not made it any easier with their perplexing software contracts that are convoluted and difficult to read. The temptation to skip over the entire document, agree to the terms and conditions, and move on with our days can be irresistible.

Despite how the software vendors may be stacking the situation in their favor, preparation is your greatest tool of defense. In this document we’ll discuss how you can prepare for a software audit.

Understanding the Risks of a Software Audit

 

Are You Inviting a Software Audit?

Some software vendors will send audit and Software Asset Management (SAM) review requests at random or on an annual basis; such events are unavoidable. While most software vendors will provide little to no criteria for initiating audits, the fact that there are different kinds of audits should be an indicator that not every audit is born from the same kind of evidence or circumstance.

Vendors have discovered that software audits are an excellent source of revenue, especially if their customer’s compliance gap is large enough to force them to cover the cost of the software audit. Software audits can have a high return on investment, making it well worth the software vendor’s time and money. It is towards these safe ROIs that the software vendors will turn their interest.

Therefore, if there are indicators that a company is out of compliance enough to yield a profit, they can risk their vendor initiating the audit. If you are concerned about your company’s exposure to a software audit, below are the risk factors that increase the likelihood of an audit occurring.


IBM Software Audit: How to Prepare a Defense and Handle it Like a Pro

IBM Software Audit: How to Prepare a Defense and Handle it Like a Pro

An IBM Software Audit can be an utterly grueling experience. While there is no way to completely eliminate your risk of incurring an audit from IBM as long as you have their products, being prepared for an audit, should one occur, is your best means of defense. We at MetrixData360 have helped countless clients prepare for an IBM audit and successfully defend themselves against IBM auditors. Here are our recommendations for making sure you’re properly prepared for your IBM audit.

Our Process and Recommendations:

Have a Non-Disclosure Agreement (NDA) At The Ready

IBM strives to have an audit engagement with their customers at least once a year as outlined in the terms of their contracts. Due to this, it is advisable to put in place a Non-Disclosure Agreement (NDA) or confidentiality agreement for IBM’s auditor to sign so you can protect the data that will be collected from your environment. This step is essential in every audit situation.

Have IBM’s License Metric Tool (ILMT) Properly Deployed

ILMT comes with many benefits, namely providing you with protection when faced with an IBM software audit. To summarize, IBM’s License Metric Tool (ILMT) is a software asset management tool freely available to IBM’s customers that is used to monitor consumption of IBM’s products.

It is compulsory for any customer who wishes to benefit from IBM’s sub-capacity licensing and its primary function is to make sure a customer is within compliance and using the products efficiently.

Most organizations do not adequately configure, manage, or maintain their IBM License Metric Tool (“ILMT”) and are relaxed about Sub-Capacity (“SC”) reporting. The current IBM Passport Advantage Agreement (“IPAA”) relevant language is:

“For Sub-Capacity usage of EPs, Client agrees to install and configure the most current version of IBM’s license metric tool (ILMT) within 90 days of Client’s first Sub-Capacity-based Eligible Sub-Capacity Product deployment, to promptly install any updates to ILMT that are made available, and to collect deployment data for each such EP”

“Reports (generated by ILMT or manual if Client meets manual reporting exemptions) must be prepared at least once per quarter and retained for a period of not less than 2 years. Failure to generate Reports or provide Reports to IBM will cause charging under full capacity for the total number of physical processor cores activated and available for use on the server.”

Not having ILMT puts a huge target on your back for a software audit from IBM as it will make IBM suspect that you have no way of tracking your consumption without it. Unless you meet the criteria that exempts you, you will have to license all IBM products under Full-Capacity terms if you don’t have ILMT.

Organizations that fail to meet their contractual obligations will have an IBM Licensing conundrum. Not meeting these obligations exposes your organization to IBM’s Full-Capacity (“FC”) licensing, which bloats the Processors Value Units (“PVU”) and consequently exposure to financial risk.

If you are found to have IBM’s software that has been deployed for 90 days and it doesn’t have ILMT on the same virtual server, then it is no longer eligible for Sub-Capacity licensing. If it is not licensed at Full-Capacity either, then it can be subject to heavy penalties. This is where many IBM customers find compliance issues during a software audit.

 

IBM Virtual Host Server Core Diagram

Here is what an example of what this would look like:

The Road to IBM Audits are Paved with Good Intentions

It’s our experience that most organizations have intentions to abide by their contractual agreements; however, those intentions rarely manifest into reality. Some notable reasons for this are:

 

    • Shifting Sands: IPAA is ever-changing, and the standard agreement does not need two-party written consent to have the language. Thus, the agreement you reviewed when you entered into the contractual relationship with IBM is not the agreement you have now.
    • Effort vs. Reward: ILMT is only required for IBM’s Processor Value Units (“PVU”) and Resource Value Units (“RVU”) to gain Sub-Capacity rights. IBM has hundreds of other licensing metrics that require manual efforts outside of ILMT. Thus, operationality can at times become perceived as a lower priority or value.
    • Technical Complexity: ILMT was not designed with simplicity as a guiding principle. The installation, configuration, maintenance, and management require technical knowledge as well as dedication. Thus, most organizations may use the initial installation; however, ongoing maintenance and operation are forgotten.

Don’t Expect ILMT to Protect You from Everything

Even if you have ILMT, that doesn’t mean that you are safe from compliance issues during an IBM Software Audit. In fact, many companies experience a lot of technical issues surrounding ILMT’s deployment. For instance, you could be subject to any of the following issues that can result in the loss of your sub-capacity eligibility:

  • Not generating and properly keeping quarterly reports from ILMT
  • Having an outdated version of ILMT
  • ILMT agents can fail when it comes to agent scans and capacity scans because of incompatibility, lack of disc space, or credential issues
  • If you want to selectively deploy ILMT to only servers with IBM products on them, then ILMT might come across issues detecting and identifying which servers to monitor. Anything that is missed will lose its Sub-Capacity eligibility.
  • Having any IBM products deployed on Operating Systems that ILMT doesn’t support
  • ILMT can easily struggle with accurately bundling unique software signatures for reporting. To do this successfully requires knowledge of your specific license restrictions and entitlements.

Failure to remain compliant simply because of technical issues regarding ILMT may open a company up to the possibility of a concession regarding the adverse findings but such a case would be difficult to achieve since it is reliant on a number of factors.

These issues include when you first tried to deploy ILMT, if IBM support was ever contacted, if ILMT was set to deploy over your entire estate or simply over IBM’s products, if problems with ILMT were reported and how much effort you put into solving the issue.

For more information on IBM’s ILMT, you can check out our article: IBM ILMT: Everything You Need to Know.

Expect Either KPMG or Deloitte to be Involved

 

Software vendors each approach software audits a little differently. Some have an internal audit team, but IBM outsources the project to either KPMG or Deloitte. However, simply because the auditors are a third-party does not mean that they are neutral.

IBM hired them to find compliance gaps in your infrastructure, so they will take the worst-case scenario as reality when given the chance to make assumptions. Since they are outsourcing the project, you can (and should) have a Non-Disclosure Agreement (NDA) with the auditors so that neither your data, nor the estimated licensing position (ELP) that the auditors come up with can go to IBM without your approval first.

This will play to your advantage because the wide array of confusing and complex IBM products and their licensing will almost ensure that the initial ELP that auditors come up with will be far from an accurate depiction of what you actually owe.

If You’re Found Out of Compliance, Expect to Pay Retroactive Maintenance Fees

IBM sends out their audits roughly every four years. As nice as it may sound not having to worry about having auditors at your door every year, if you are found out of compliance, not only will you have to pay for your missing licenses, you will also have to pay retroactive maintenance fees going back years.

Watch Out for IBM Licenses Changes

You can expect IBM to change up their license metrics when they acquire a new software company or release new versions of their existing products.

IBM will continue to take maintenance fees based on old licensing models, so don’t let the fact that they are still taking your company’s money be any indicator that you are adhering to the correct licensing model. 

If you have an arrangement that allows for licenses to be used on an unlimited basis, you could very easily lose that privilege after IBM acquires the product and releases the first upgrade after the acquisition. So it is important you keep up to date on any industry updates concerning IBM and what that could mean for your company.

Preparing Your IBM Audit Defense

IBM is a massive company with complex products that can prove a challenge to keep track of but that doesn’t mean it is impossible to keep on top of your IBM licensing. Being prepared will keep you from potentially paying out expensive auditing penalties and losing your Sub-Capacity eligibility.

At MetrixData 360, we know how to defend our clients when they are facing off against IBM. They only pay what they actually owe. If you’d like to learn more about how you can get yourself ready for an audit, download our free Audit Risk Checklist today!

 

Take the IBM Licensing Quiz:

If you want IBM licensing professionals handling your IBM assets, take stab at our IBM ILMT Quiz:

Microsoft, Oracle, IBM, and Adobe Software Audits at a Glance

The Top Four Software Vendors Sending Out Software Audits

It is likely that your software budget is shrinking yet your software vendors are looking for you to spend more money with them every year. When software companies can’t get the revenue they expect from you, they will often turn to software audits as a way to make up the difference. Software audits are many things: stressful, frustrating, leave you thinking that living in a cave, herding goats might have been an easier career path. But for the software publishers’ audits are quite profitable, and they have come to exploit this as a way to make their annual revenue growth targets.

Gartner has said that there is a 60% or greater chance that enterprises will be audited by at least one software publisher in any given year. The best way for you to handle the rising tide of software audit requests is by knowing your software environment and performing routine health checks to uncover areas of exposure. We cover the top areas where a company is exposed to in a software audit in our article Software Audit Preparation: What You Need to Know.

The Biggest Companies Performing Software Audits Are:

  • Microsoft
  • IBM
  • Oracle
  • Adobe

At MetrixData360, we have extensive experience working with all of these vendors, and we know how to handle an audit from each. In this post we’ll discuss some of the things you need to know about each of the software vendors and how to handle them during a software audit.

Microsoft Audit

Microsoft often claims that their audits are simple, short, and painless. In our eight years of defending companies during their software audits, we’ve yet to see a Microsoft audit that has matched this description.

Instead, we have seen audits that take almost 18 months to finalize as customers try to dig through rising mountains of data that are required as part of a Microsoft Audit (or SAM Engagement). Here are just a few tips for dealing with a Microsoft software audit:

    • SAM Audit or Review?

From our experience, Microsoft can either offer you SAM reviews or audits. SAM reviews are technically optional but refusing will likely result in getting audited. For a full breakdown of the difference between a Software Audit and a SAM review, visit our post Software Asset Management (SAM) Review vs Audit: What’s the Difference?

    • Respond to Your Vendor

We are often asked if you need to respond to an audit or a SAM letter. The short answer is yes, it is highly advisable that you respond to both. Not responding to a software audit, can find you in breach of your contract and leave you facing potential legal ramifications and hefty fines up to $100,000 USD. Although you could technically refuse a SAM Engagement, you could also find yourself running the risk of being in breach of your contract.

It has been our experience that refusing a SAM review will often result in Microsoft responding by sending you a full audit that you can’t refuse. Therefore, it would be more beneficial for you and your company to negotiate with Microsoft to perform a self-assessment as opposed to having a Microsoft partner perform the audit. A SAM engagement will be nearly identical to an audit after the data collection stage has begun and you will struggle to see the difference between the two processes until the negotiation stage has been reached.

    • Software Reviews vs Software Audits

The real difference between a SAM review and an audit can be seen when examining the penalties of each and how they are resolved. In a SAM review, you will be allowed to purchase your missing licenses at your contracted prices or at your historically discounted rate. In an audit, on the other hand, Microsoft has the right to charge any shortfalls at List Price in addition to a 5% penalty, although this may vary depending on your contract.

    • Paying For An Audit

Another difference between a SAM review and full audit appears when asking who will pay for the whole process. Microsoft will pay for the cost of the SAM engagement themselves whereas in an audit if you are found to be greater than 5% out of compliance you will be responsible for paying for the audit yourself in addition to any penalties you are incurred during the audit.

IBM Audit

IBM audits can be especially tough, since many of their license metrics require you to accurately have installed their ILMT tool in order to effectively capture your estimated license position (we have found that the majority of IBM’s customers have not done this correctly). Here are some things to consider that can help in the case of an IBM audit:

    • True Up Costs

Once your software audit has concluded, IBM will often let you settle at your discounted price with an additional fee for the maintenance that was used for the upkeep of the product when it was unlicensed.

    • Watch For Licensing Changes

IBM is also prone to make licensing changes which can apply to a wide range of their products in the wake of acquiring a new software company to their profile or releasing new versions of their software. When these events occur, be sure to look at your licenses with IBM to check for relevant updates.

    • Properly Set Up and Use ILMT

Our CEO Mike Austin says that you need to understand ILMT and how it works to effectively manage most IBM Software Audits.
According to Mike, “IBM isn’t typically auditing their Passport Advantage program, they are going after the complexity of sub-capacity and PVU based licensing. In order to pass an audit if you are licensing at sub-capacity, you need to have ILMT up and running. You will also need a have a history of reports. Installing and configuring ILMT is tricky and not many companies have done it correctly. In a lot of our work around IBM Audits, we are fixing ILMT reporting before we even start the work of defending an audit.”

    • ILMT Does Not Hold All The Answers

However, installing ILMT doesn’t mean you are 100% safe from IBM’s audits, you can still be found out of compliance.

    • Avoid Scope Creep

Our IBM Audit teams says to make sure you define the audit scope, as IBM is quite notorious for scope creep. You will want to ensure you know which products and contracts are included (and excluded) from the audit.

    • Put The Onus On IBM

You need to get an agreement with IBM (not the reseller- they can’t promise this) stating that IBM will take on the responsibilities to ensure that the product being deployed is correctly licensed. If they fail to then deploy ILMT after such a deal has been reached, then it might be possible to get a concession during an audit.

    • Defend Yourself With Data

Even if IBM doesn’t take responsibility for the licensing of deployed software, you might have a case to circumnavigate adverse findings that can come up due to ILMT’s failures, if you can collect historical system-generated reports that demonstrate the following things:

1) the processor resources that were allotted to the VMs running the PVU-licensed products have been or are capped and are not subject to any automated augmentations-based on system demands and

2) the historical usage of these products never exceeded licensed levels. However, this data has proved difficult for companies to obtain in the past.

Oracle Audit

From our observations, Oracle Audits incur the largest compliance findings typically. We’ve dealt with Oracle many times in the past, and here are some things you should know about how Oracle conducts their audit.

    • Only Pay For What You Use

According to the ITAM Review’s article Oracle Audit: Top 20 Frequently Asked Questions, for Oracle, the installation of software and the licensing of that software are two different events, with the exception of Database Enterprise Editions, so be careful when initially deploying software as it will likely be the cause of issue during an audit. For example, Oracle optional features, such as RAC, get turned on by default when installing databases, these options may only be licensable if you actually use them, not if you have them installed. This is a subtle difference, but it can have a profound impact and it is an area that is often found as being licensable by LMS. However, we have often found that it can be negotiated out with usage data.

    • Oracle Software Review vs Oracle Software Audit

Oracle has Oracle License reviews and Oracle License audits. These are the exact same thing – “review” just sounds friendlier. Both should be treated with the same level of severity.

    • Understand Your Contract

According to Scott & Scott, LLP’s article, Seven Lessons I Learned Representing Clients in Oracle Audits, take extra care to understand Oracle’s policies around usage. Since many of Oracle’s policies will not be included in the license’s documents, there tends to be a lot of confusion generated around this topic. Some areas that produce the largest findings in an Oracle Audit are VMWare and Oracle’s policy stating that all Processors in a cluster must be licensed. This policy has caught many organizations off guard and is the crux of the major lawsuit between Oracle and Mars Corporation.

    • More Gaps Cost More Money

As with Microsoft, if you are found out of compliance on a Oracle Audit you will have to cover the expense for the audit.

    • Use Your Own Tools

Our Oracle Audit Experts state that you are not required to use Oracle’s scripts to collect your data, especially if you have your own methods in place for gathering your data. LMS will try very hard to get you to use their scripts. We recommend, however, that you use your own processes first, if possible.

    • Tools Are Only As Good As The People Using Them

ITAM Review’s article Oracle Audit: Top 20 Frequently Asked Questions, states that Oracle has several approved SAM tools like Lime Software, Easyteam, BDNA, Hewlett-Packard, Flexera Software, Nova Ratio, and iQuate. However, these tools only collect raw data and won’t provide you with the interpretation of that data which will tell you what you need to license. Therefore, just because you have Oracle-approved tools, it doesn’t mean you’re completely safe in an Oracle audit.

    • Get A Paper Trail

In all audits, but especially ones with Oracle, it is highly recommended that you get a closing statement to close out the audit (indemnification is the most ideal). This is especially important with Oracle, as they are a very litigious vendor. You will be happy that you have a closing statement in case the audit ever goes to court and your company’s reputation is suddenly on the line.

Adobe Audit

Compared to the other heavy hitters, Adobe’s software audits can seem like little more than a friendly reminder. However, Adobe’s products can be quite expensive, so it’s important not to let this vendor slip from your mind. Here are some tips about Adobe licensing:

    • Friendlier, But Not Friendly

According to a study released by Gartner in 2016 and presented in their article What Does an End to Adobe Auditing and License Compliance Activity Really Mean?, Adobe has steadily moved away from auditing their customers, focusing instead on their Software as a Service platform and subscription-based licensing. That does not mean your company no longer has to deal with compliancy risks from Adobe, as Adobe still maintains the right to verify compliancy, giving their customers 30 days to provide data to ensure proper usage.

    • Buy What You Need, Not What You Want

The Gartner article also states that with a focus on SaaS and the subscription-based nature of Adobe, along with the lack of an “off-switch” for Adobe products, the main focus of Software Asset Management when it comes to Adobe should be proper sizing and monitoring usage.

    • For Adobe, It’s The Little Things That Count

According to TechRepublic’s article How to Prevent or Navigate an Audit by Adobe, Adobe monitors their customers differently from other vendors. Where Microsoft, Oracle, and IBM are interested in unlicensed software, Adobe is more interested in the protection of their intellectual property and making sure their product is used correctly. Are you correctly licensing any fonts with Adobe? These small questions can accumulate if they are not properly answered.

    • Adobe Does It Themselves

TechRepublic’s article also states that Adobe performs their own compliance verification review as opposed to hiring a third-party auditor, which can either be good or bad depending how far out of compliance you are.

    • Watch For Creative Suite License Changes

One best practice we advise our client’s to adhere to when dealing with Adobe says that you will have to pay particular attention to Creative Suite, as it is prone to change almost every year and these constant updates make it difficult to keep track of products. It will often leave programs as obsolete and the licensing for it makes it difficult to understand what is truly needed.

    • Upgrade Licenses Can Downgrade Your Compliance

Finally, according to TechRepublic’s article How to Prevent or Navigate an Audit by Adobe, Adobe also has no program in place to account for upgrades. Upgrade licenses, therefore, can sometimes stretch back several years – so, keep track of how far back these licenses go and be sure not to leave yourself over-confident (don’t forget that sometimes you can only go back three versions – so tracking that can also be very difficult).

How MetrixData360 Can Help

Software audits have been known to put a strain on any company’s software budget, so knowing about the software vendors that tend to resort to such methods will leave you with a better knowledge of what to expect. At MetrixData360, we believe that you should not have to pay the software vendors more than what you owe them, so it’s important to invest in software asset management long before you’re confronted with a software audit. By clicking the button below, you will be taken to our audit services page, where you can learn more about how we can help you survive a software audit.

What is a Software Audit: The Fundamentals

When the Software Auditors Come Knocking

Software Audits. These two words strike fear into the hearts of many bold businesses. At their worst, software audits can be time-consuming and causing tremendous damage to the relationship with your vendor, leaving you frustrated when their representatives even dare to walk through your door. Not to mention the impact to your IT budget when the process is over. What exactly is a software audit though? At Metrixdata360, we’ve helped our clients through hundreds of software audits and we know exactly what to expect.

Definition of Software Audits

A Software Audit is conducted either by a software vendor or internally done by the organization to ensure the business is operating within the use rights of their specific software contract and to make sure that the use of that software aligns to the licenses they have paid for. Any areas where the client is underpaying for the software they are using would be referred to as a compliance gap. Compliance gaps can result in steep financial penalties that are almost never budgeted for.

How a Software Audit is Started

The software vendor will typically communicate the intent to audit through a formal letter in the mail. If the vendors are requesting a Software Asset Management (SAM) review, which is slightly different than a full-blown software audit, the news might come in the form of an email or a phone call. For a more in-depth examination of the difference between a SAM review and a Software audit please visit our article SAM Review vs. Audit.

Whatever the notification medium, it will specify whether there will be a software audit partner (some vendors use internal resources and others fire audit firms like KPMG or Deloitte) and the time frame. According to technology attorneys Scott and Scott, it is important during this period to determine whether or not you’ve received a SAM review or a formal audit. SAM reviews are conducted internally and voluntary, but audits are something that you are legally obligated to adhere to.

The Time Frame of a Software Audit

The time frame for a software audit may be negotiable, but the notification itself does require action sooner rather than later, as some software audit requests have a required response time of just 15 days.

The First Three Things You Need to do When You’ve Been Selected for an Audit

 

  1. Send the vendor confirmation that you’ve received their request, that they have the right to audit but that the time frame needs to be reviewed for when you want things to begin. This will buy you more time to get yourself organized.
  2. If there are third-party auditors involved, it is paramount that you discuss a three-way Non-Disclosure Agreement (NDA) immediately.
  3. Define a scope for the upcoming software audit. Make sure the vendor clearly outlines which software products they are auditing for. If your company has multiple locations, make sure you determine what region, or in which division the software audit will be conducted. All of this is done in order to avoid scope creep.

Who is Vulnerable to a Software Audit?

The broad answer is anyone with a software licence can be audited but there are things that do cause the ears of software companies to perk up and look to you with suspicion. If your company matches any of the following criteria, a software audit might be looming on the horizon.

  1. You’ve undergone a significant decrease in your spending with the vendor.
  2. Your company has a complex infrastructure with multiple locations that can range to an international scale. This will make it easy for things to be missed.
  3. You frequently conduct mergers and acquisitions.
  4. You have overly complex profiles and multiple licenses with the vendor.
  5. Your spending with that vendor does not match recent company growth.

According to Enhansoft, it’s important to establish whether or not you are comfortable to live with these risks and face the fact that you might one day very soon be confronted by an audit.

Watching What You Say Around Your Vendor’s Rep

Information can also be gathered by members of the software publisher’s company. We call it corporate espionage.

Let’s say someone from a software vendor has come into your company to talk about new products and during that conversation it comes up that one of your branches has started a new project that will eventually require 10,000 new licences. That vendor representative will get back to their office and tell the sales department that in a few short months 10,000 new licences are coming their way! Except…it doesn’t. Perhaps the project was postponed or cancelled on your end. However, the sales department of the software vendor is breathlessly waiting, but the order never comes. In response, the vendor starts writing up your software audit because for all they know, projects have commenced involving their software that they are not apart of.

We’re a Small Company, Will that Affect Our Chance of a Software Audit?

Typically, software audits are geared towards larger companies since they tend to have more licenses and are therefore more prone to have gaps in their compliance based on the sheer volume of software that they are handling.

It is also a matter of risk and reward for the software vendors. One of the reasons vendors perform software audits is to turn a profit from the auditing process, so small businesses with small licenses might not be worth the effort and their chances of receiving an audit are fairly low.

Hope During a Software Audit

Audits can feel like you’re sloshing through an endless swamp of confusing data while staring down a row of stone-faced auditors, it’s a daunting task for any business to face. Knowledge and the time to prepare will be the best weapon you have at your defense. At Metrixdata360, we can give you both the time and the information that you desperately need to get through this software audit with your yearly budget relatively unscathed.

5 Secrets to Prepare for a Software Audit (And Save Money)

Not Sure How to Prepare for a Software Audit?

Software costs for most companies are already sky-high, leaving the Finance team frustrated and IT departments stuck trying to stretch their budgets to near impossible lengths. Asking your team to prepare for a software audit may seem like trying to bleed a stone, but being unprepared will be far more costly. Audits are an unpleasant inevitability for businesses – it’s not a question of if but when.  At Metrixdata360, it’s our goal to save you money, so here are some ways to limit the financial damage of a software audit and bring your compliance gap down to what you actually owe.

1. Prepare to Prepare for a Software Audit

Is there such a thing as too much preparation? Maybe… but not when it comes to your software licensing! If your software vendors have their way, audits would happen fast. Vendors know that tight, audit turn-around timelines will leave you scrambling to gather all the data you need to prove your compliance; and if your data has gaps or grey areas, the auditors can make worst-case scenario assumptions to inflate your possible compliance gap.

According to Glasshouse Systems’ article How to Save Time and Money with Software Audit Defense, one of the best ways to save valuable time is understanding your licensing position and having the data organized and easy to prove long before you receive your audit notice. Remember, there is nothing motivating the auditors to do an effective job capturing your license position; any mistakes they make will be your pain and potential penalty to deal with. Having your own license position and your data at the ready should your company be called to the front for an audit, will not only improve your chances that your compliance gap will be lower, but it will also decrease the likelihood of being audited again in the near future. While some software vendors perform random audits regularly, auditors will also target clients that they believe have overly complex environments without the means to monitor them. Demonstrating a lack of preparedness during a software audit is like being that one antelope in the herd with a limp in their run; don’t assume the lions won’t notice. For further information about how best to prepare for a software audit, please visit our Software Audit Preparation article.

2. Common IT Failure – Have Proof of Ownership Ready

According to Scott IP Technology Attorneys’ article Common Mistakes in Software Audits, one common mistake that companies fall prey to during a software audit is providing improper documentation that fails to accurately prove ownership for software licenses. As soon as an audit notice is received, some companies try to buy more licenses in order to mitigate compliance risk due to a potential shortfall in licenses for their workforce/environment. However, this route is a waste of time and money, since trade associations and publishers will only accept dated proof of purchase with the entire name of the company on the document. Companies should seek consultation before they try to purchase licenses during an audit in order to understand the potential consequences and benefits of this action.

3. Get a Proper SAM Tool

Having a proper SAM tool will be extremely valuable for budgeting your software. An effective SAM tool can not only highlight where the shortfalls in your license spending exist but also where you are overspending on licenses (something that tends to get glossed over by the software auditors). A SAM tool can also provide the accuracy of data to show you where your licenses are being used and where licensing could be re-bundled to save you money. Make sure that your SAM tool can accommodate multiple licensing metrics and can account for any programs you’ve moved to the Cloud. That way you will have a firm grasp of your licensing position before you are thrust into an audit.

SAM tools are also very useful in the event of a software audit. During an audit, the software vendor will hire a third-party auditor that will come to the table with their own SAM tools that they want to use to measure your data. Whatever you do, don’t let them! Having a different SAM tool come into your environment is a quick way to have your compliance gap inflated. The auditor’s SAM tool will have its own way to measure licenses with the possibility of accidentally applying duplicates and marking your test and development servers as full production (plenty of SAM tools do this by mistake, so make sure that you’re aware of this when buying your own SAM tool). Having your own reputable SAM tool to gather data is the best way to counter the auditor’s offer of using theirs. For more information on SAM tools, please visit our SAM as a Service article.

4. Monitor Your Usage – Even in the Cloud, and Do it Constantly

Software Asset Management really shouldn’t be a thing you only do once a year or when the auditors are walking through your front door. It needs to occur on a regular basis – ideally, it should happen at the very least once a month, if not daily. That way you will know immediately if anything is amiss and your team can save time and money proactively fixing it instead of reactively paying penalties following a software audit. Now that many companies have moved (or are in the planning-to-move process) to the Cloud, one trend we are noticing is that by NOT regularly monitoring access and usage to the company’s Cloud environment certainly results in the spikes in a company’s spending.

With the ability for anyone in IT to spin up as many instances in the Cloud as they want, you run the risk of having projects left open and running long after the project’s completion, resulting in a continuous and unnecessary drain on your IT budget and expense to your company. You will also want to make sure that you have the right to move your licenses to the Cloud in the first place, as often licenses will be non-transferable. The Cloud has its own license metric that will usually leave a few of your servers exposed and unlicensed. For more information on proper Cloud Migration, please visit our article Heading to the Cloud? 5 Problems You’ll Need to Address.

5. Hire the Right Software Asset Management (SAM) People for the Job

Hiring the right people will get you the results you need. It’s a great idea to have an audit defense team ready and they should include members of your procurement and IT departments. Leading the project should be an audit-experienced attorney who knows how much and how little to say to the vendor and their auditors. In our many years of software licensing consulting, we have had many clients ask us whether it is better to hire a SAM consultant or to do it themselves. We’d recommend hiring a consultant because they offer you years of expertise instantly and they can streamline the auditing process to save your company precious time and resources. For a more in-depth look at hiring a SAM professional as opposed to doing it yourself, check out our article Hire a Software Asset Management Expert or Do it Yourself? The Pros and Cons of Each.

Invest in Being Prepared for a Software Audit and Save Money

Software Audits don’t have to be a complete drain on your resources, time and budgets. Following these tips and ensuring that you’re ready long before the audit arrives, can save your business time, stress and money. When you prepare for a software audit, you are investing in your IT department.

If you’d like more tips on how to be prepared for an audit, please check out our Learning Center for more information.

Software Audit Preparation: What You Need to Know

Software audit preparation is becoming more and more important as publishers view audits as revenue streams instead of simple compliance tools.  In this game of company overlords and intimidating auditors with charts streaked with red, it can often feel as though you are powerless to stop your software vendor from marching in and walking away with double your yearly budget. In this series, we are going to discuss ways you can prepare for an audit before the software data hits the fan. 

Putting out the Sparks Before They Burst into Flames

The best software audits are the ones that don’t happen. Some vendors treat SAM reviews like routine check-ups and there’s little you can do to avoid it simply being your turn.  That being said, there are strategies you can implement that lower your risk of facing a software audit in the first place.  

Maintain a Good Relationship with Your Software Vendor.

As is the case in any relationship, communication is key. Keeping an open dialogue with your vendor and making you are upfront in regard to any decreased spending or changes in your company’s growth, so that your vendor feels like they are in the loop about your software.  

 Negotiate the Audit-Clauses in your Contract

In every software contract, there is a clause that states the right to audit. In the rarest of rare cases you might be able to remove the clause entirely from your contract but by the time your contract is up for renewal, you’ll be hard pressed to get your vendor to agree to such a deal twice. That being said, you still might be able to edit the clause a little bit. The first thing you can alter is how long the down period between audits is allowed to be (usually it’s a year). The second thing you might also be able to include in the clause the amount of time a vendor can go without contacting you during the auditing process before the software audit is considered closed. This is a valuable thing to have in your contract, since some vendors can leave an audit dormant for months before kicking things up again. Another possible point you might want to fight to have included in the contract is what time period can be classified as your ‘busy season’ and therefore the ‘no-audit’ zone. Auditors can’t come in and steam roll a business, that’s already in most contracts. If you’re an Airplane company, you can’t deal with an audit the week before Christmas and the resources that are sapped by the auditing process would handicap your revenue, so be certain that timeframe is specified.  

Understand Licensing Models Before you Sign Up for Them and Do Not Sign Up for Models That You Cannot Manage

Complexity is a breeding ground for human error and if your head is spinning when the vendor is laying out the system you’re signing up for, make sure you do your homework and do your best to understand where your money is going. That way, there will be no surprises when the auditor’s data findings come in. If you think that an overly complex system is something you just can’t manage, you can always find another contract with a system that can suit you better. Unless you already have systems in place, it’s more likely you won’t be able to account for hundreds of licences and profiles with just a couple of spreadsheets.   

Understand the Big Risk Factors and Show Microsoft You have Processes Under Control 

Software Audits come in many shapes and sizes and it’s impossible to predict when an audit might come but there are things that increase your chances of being audited such as 

1.Having undergone a significant decrease in your spending with the vendor.   

2.Having a complex infrastructure with multiple locations that can range to an international scale. This will make it easy for things to be missed.  

3.Having frequent mergers and acquisitions 

4.Having an overly complex profiles and multiple licenses with the vendor  

5.Having your spending with that vendor not match recent company growth 

Understanding these risks can help you proactively try to counteract them. If your company has an overly complex structure, show your software publisher the systems you have in place that will keep track of them. This will demonstrate to your vendors that you are prepared, organized and have everything under control.

For a more detailed look into the difference between SAM Reviews and Software Audits, see our How does a Microsoft SAM differ from an Audit?

When you Feel the Storm Brewing: How to Get Ahead of the Software Auditors

But what if these tips were helpful to know five months ago? What if, for you and your business, most of these ships have already sailed and that leaves you on the beach, panicking as you’re waiting for the inevitable software audit to breathe down your neck. Not to worry, there are still things that can be done to prepare yourself.  

Set up your Audit Team

The first thing you need on your side in the shadow of an approaching audit is a team of experts, but what should that team consist of? It’s tempting to throw the problem at IT since this is a tech problem, isn’t it? According to BizTech’s article How to Prepare for a Software Audit, while you will need the IT department on the team to help you collect data, they won’t be helpful leading the process and the same is true if you hand the whole thing over to the procurement specialist or your financial rep. These people will be useful on the team but not leading it. Software audits have an intense legal aspect to them and they should be led by attorneys with experience in dealing with software audits. On the team you should also have people from upper management and pick someone (preferably someone who knows how much and how little to say) to be the point of contact with the vendor and the software auditors.   

Get an NDA in Place with Your Auditor

A non-disclosure agreement is critical if you are dealing with a third-party auditor hired by the software vendor. This will keep the auditors from taking the king’s share of your data and bringing back to the vendor far more than what they should be privy to, given the scope of the audit. Imagine what would happen if your software vendor knew you were buying more products from their competition than you ever bought from them. Relations with that vendor might suffer as a consequence. A Non-disclosure agreement will also state that everything the auditor’s plan to give the software publisher needs to pass under your eyes first. This has its advantages because you’ll know what your license position is before the publisher does and you’ll be able to check for any mistakes, clear up any grey areas and write letters to the vendor in order to explain yourself and propose mitigation strategies for the future before the data is sent over to the publisher.  

Understand the Scope of your Vendor’s Software Audits

Look over the vendor’s past audits (if possible) and make note of what your vendor usually looks at. If your company has multiple locations, make sure you understand which branch and which region (if your company reaches an international scale) has which products. That way, you can anticipate what sort of access your vendor will ask for. You might have to push them to ask for a scope during the auditing process so that you don’t have to face the unpleasant effects of scope creep. Scope creep occurs when an audit continues on into product after product and region after region until the auditors eventually find something that will give them the profit they originally anticipated when they first began the auditing process.

Make Sure you Have up to Date Entitlements, Contract Stacks, etc

Nothing says prepared, organized and under control better than up-to-date contracts and date entitlements. If your contracts have renewal dates (also called the end date, it is found most often with maintenance contracts, and typically includes one year minus one day after the contract’s start date) make sure that they have not expired. Have the renewal conversation with a software vendor well before the auditing process has taken place, as it might overly complicate the process and effect data results.  

 Verify the Accuracy/Completeness of your Hardware and Software Deployments

Deployment refers to the installation of software on your servers and it is one of the metrics used to calculate your usage of that software. The metric will then either take into account your hardware (how many servers do you have using the program?) or users (how many user accounts have this program or how many users are on the program at any given time). Make sure that both data findings are up to date and ready to go because this will most likely be used in the auditing process. It will save you a lot of time and will allow you to better check the auditor’s data if you have this already available. 

Build your Own Estimated License Position (ELP)

During the gathering of data, the auditors will come up with an estimated licensing position for you. According to Software Media’s article Microsoft License Verification Process FAQ, an estimated licensing position is a rough outline that states how much you are under on your software use, areas of improvement, or critical weak points. The auditors hired by your vendor will come up with their own licensing position for you during the software auditing process and it can easily inflate your compliance gap to horrendous levels (and very rarely will they show you where you are overspending). One great and easy way to counter this is by having your own licensing position ready to compare the auditor’s findings with. 

The Comfortable Lies We Tell Ourselves

Many companies we’ve come across over the years tell themselves pleasant stories that allow them to sleep easy at night. That is until their software audit arrives and they find that their perfect defensive strategy was held up only by wishful thinking. If you are telling yourself any of the following statements, it might be time to have a closer look at your audit preparation strategy.  

“Any application installed on a server is licensed via Citrix”

There are two products that come from Citrix: XenApp and XenDesktop but the one we need to worry about is XenApp. XenApp lets you install software on your server and then it manages the software that you have on your desktop such as Adobe Acrobat and Office. The thing that people often don’t realize is that Citrix has its own licencing metric that doesn’t necessarily coordinate with the metrics of the software that you are installing through Citrix. A licencing metric is how any particular vendor decides to measure your purchase. As an example, Microsoft charges you by the number of devices using the software but Citrix charges you by the users on Citrix at any given time (concurrent users). So if you have 1,000 devices but only 500 users on Citrix at any given time, Citrix will ask for 500 licenses but Microsoft really wants 1,000.

“These servers are owned by our Service Provider so, we don’t have to license them”

Many companies hire a third-party to manage their servers. These service providers install products, set them up in a company’s systems and manage any technical difficulties that might arise. Since it seems that these service providers have everything under control, many companies think their job is done. The truth of the matter is, if the software is on the company’s server, it’s the company’s responsibility and they are liable if the software is improperly licenced. Even if a third-party service provider has their licenses all in a neat little row, the company might still need to buy their own licenses. Should the service provider try to buy the licenses for the company, they might be violating the software vendor’s terms of use. Don’t let this matter fall to someone who is technically not responsible if something goes wrong. Even if your service provider is doing a great job, have your licenses lined up and organized as well.    

 “We don’t have a list of users to devices, so I guess you can just make assumptions”

Never allow the auditors to make assumptions, because it will never be in your favour. The third-party auditors are not on your team, in fact they more likely will be paid based on how large they can make your compliance gap. So they will not give you the benefit of the doubt. They can easily claim you owe double or triple then what you actually do in your licensing position. If the vendor sees those numbers before you’re given the chance to explain yourself or clear up any grey areas that might lower the number closer to reality, then that inappropriately high number will be your starting point during the negotiation process. 

 “These are test/dev servers, but we don’t have a full list, and I don’t manage them so I don’t know why all those users have access”

Many vendors allow for you to sample their products before installing them with full licences. These are called test/dev and they aren’t priced or licenced at the same rate as products in production (the ones your whole company uses). The vendor will outline terms that will classify a product as test/dev and usually that includes a limited amount of user access. This is because hypothetically it is only your IT department that will be using and testing these products while they are in test/dev. Many companies don’t learn what sort of criteria a product has to meet to be classified as test/dev and often will let their products accidentally slip from test/dev into full production territory while still improperly licenced. Make sure you understand what qualifies a product as test/dev and then make absolutely certain that those qualifications are met and maintained.  

“But my Microsoft Account Rep or reseller said….”

Vendor Sales Reps, including Microsoft are highly trained to sell you licenses, first and foremost. They are trained to present to you high pricing proposals that include many products and “extras” that may not suit your business needs or accurate cover everything you require. They may come across as though these are fixed rates that are non-negotiable. There is also no way to validate what a Microsoft Account Rep did or didn’t say. To avoid getting into a confrontation that puts your word against the Account Rep, it’s best to maintain the philosophy ‘unless it’s written down, it didn’t happen.’ What’s more, don’t trust the Microsoft Account Rep over your own data, even if what you’ve been told is true, it’s far better to have it backed up with tangible evidence.   

 “We have a SAM Tool and it says…..”

There are many SAM tools that claim to be able to track your software activity and collect data for any impending audit, but plenty of vendors do not actually accept the data these programs collect. Often businesses will have to fight in order to convince the auditors to use their SAM tools over the ones the auditor’s will bring in themselves. It is also not guaranteed that these SAM tools will gather everything an auditor asks for. Every vendor uses a different licensing metric. So, it is important that these tools are not your only source of auditing aid for any upcoming software audit. 

No one particularly enjoys software audits, but one thing that is worse than a software audit is a software audit that is unorganized, ill-prepared and banked on pleasant half-truths. So, take some time to see if there’s anything you can do to lower the risk of an audit or prepare for one if you feel like it is already on the way. So, when the software vendors and their auditors walk through your door, they won’t find you sleeping with your ears stuffed with easy wishful thinking. Instead, they’ll find you ready for a fight. For more information on how to prepare for a software audit, please visit our Learning Center.