greg hallam, softwareone audit defence workshop

1 © SoftwareONE AG 2015 | Confidential

SoftwareONE – Software Audit Defence

7 Steps to a Smoother Experience


Step 1


1. The Best Defence is a Good Offence

Be Proactive at SAM – The only way to successfully minimise disruption and unbudgeted spend is to have a proactive SAM strategy in place and operational.


Step 2


2. Assign a SPoC

Single Point of Contact (SPoC) – Centralise responsibility for collating and reviewing data before sending it on.

Sign an NDA – Before you begin open communication or send data.

De-Conflict Data – Endure data sets do not conflict and minimise duplication.

Communicate – Ensure that you, or your Partner are communicating regularly with the auditor. But, ensure communication is centralised and controlled.


Step 3


3. Read the Small Print

Review the audit clause within your agreement (if not done so already)

This should be standard practice – All new agreements should be checked at the point of signing to determine the audit terms you are agreeing to.

How much notice – Check the audit clause to determine how much notice is required.

Disruption – Review whether the audit clause prevents disruption to your organization.


Step 4


4. Freeze Purchasing

Don’t try to close the gap – Vendors will be tracking your purchases; a knee-jerk response may result in purchasing the wrong or unnecessary licenses. It will not appease the vendor.

Don’t add to the confusion – Audits can be a confusing process; adding new purchases into the process will make things unnecessarily more complex and prone to error.


Step 5


5. Don’t Try to Hide

Do not uninstall – Depending on the vendor and the auditor, it is possible to identify recently uninstalled software.

Trust – Trying to deceive the vendor will destroy trust and damage your ability to negotiate.


Step 6


6. Do Your Homework

Who’s Who – Who is doing the audit: vendor? 3rd Party? Who within the vendor?

Objectives – Who is dealing with the results of the audit; compliance or sales team?

Negotiate – Identify negotiation levers within the vendor e.g. year end or new product sets.

Bigger Picture – Know your organization’s long term strategy with the vendor.


Step 7


7. Trust No-One

Do Not Trust the Auditor's Report – The auditor will not purposely attempt to sabotage your report, but auditors are human and make mistakes.

Vendor Purchase Reports – Check these against internal and 3rd party procurement records.

Inventory – Check the auditors inventory against your own. The majority of customers do not have complete inventory coverage.

Confirm It’s Over – Make sure that you confirm the final outcome and that any data/information provided by you is deleted.


Future Trends

Compliance isn’t going to go away – Compliance is now a recognized source of revenue for the top tier vendors and is filtering down rapidly.

There may be better way… – Audits are poor for PR and there are signs that there may be a shift away from them in future.

…But it may be a ‘double-edged sword’ – Vendors may start to offer more convenient or collaborative ways of managing compliance, but that’s because it’s in their interests.


Summary

1. The Best Defence is a Good Offence

2. Assign a SPOC

3. Read the Small Print

4. Freeze Purchasing

5. Don’t Try to Hide

6. Do Your Homework

7. Trust No-One

8. Don’t be afraid to ask for help….


www.softwareone.com

greg hallam, softwareone audit defence workshop

Technology

softwareone ag

confidential step

audit clause

audit compliance

audit terms

vendor purchase reports

data sets

new purchases