Vendor audits are becoming ever-more frequent. Don’t make the assumption that because your software is going to the cloud that audits will become a thing of the past. Audits are being used as a vehicle to get you to the cloud! Stock markets are paying particular attention to the revenue reported from as-a-service software, and the uptake isn’t at quite the pace the marketing departments might have you believe. Below are ten proactive and reactive tips that should help mitigate the risk of non-compliance.
- Understand the vendor’s position on the Stock-market: Take a view on whether the software vendor is meeting stockholder expectations. If vendor revenues are not meeting market expectations, then an immediate recourse is to rectify revenue shortfalls through audits. The percentage of business a software vendor get out of the cloud figures largely in how performance (and share value) is assessed. If an uptake in“as-a-servic” software is not forthcoming, then audits, once more, are a means of driving clients towards those purchases.
- Understand the vendor and their Technology Roadmap: Vendors do not make money from selling old software, and so reinvention drives recurring and new sales. Accordingly, products also get declared as “end of life” in respect of technical support. Unsupported software is considered “running at risk” so being mindful of technology life-cycles can guide you as to when audits will be more likely.
- Know who join, move and leave: Increasingly, as-a-service software is purchased and aligned to individuals in a company, but companies fail to refresh the accuracy of their software provision in line with their personnel currently in place. Is your company paying for software in the name of ex-employees? Is your company paying for new software for the replacement staff that join? Don’t wait until an audit to find out that you have not turned off these financial “leaking taps”.
- Rationalise your IT estate: Do you have multiple titles that perform the same task? You could be in a position to consolidate the choice of titles so that your SAM resource is focussed on fewer vendors. Clearly, this is a proactive step to take before an audit has been called.
- Confirm this is an audit: Larger vendors will have many departments that offer “licence advisory” engagements, but are, in reality, nothing more than audits by stealth. Therefore, you are within your rights to decline such help unless specific contractual audit clauses are referred to.
- Confirm the vendors’ right to audit: Smaller vendors might not have included such an audit term in their contracts and licences – make sure such a condition exists before opening your door to them.
- Understand what is meant by the legal term “Reasonable”: Many audit terms use the term “reasonable” to describe whether the engagement can go ahead. If your company is undergoing a major change, then this is grounds to say an audit is “unreasonable”. Points 5 through 7 should form part of an audit action plan to prevent audits wherever possible.
- Create a Plan/ RACI Chart: Coping adequately with a vendor audit is not unlike managing a project: making sure all key stakeholders are performing the right tasks, in the right place at the right time. You need to own the experience, not be controlled by it.
- Create a Communications Strategy: Typical communications around a company follow well-worn paths, but IT and commercial data sensitive to the vendor should not be so liberally shared – not least if it were then to fall into the vendors’ hands ahead of formal approval by senior management.
- Get Help: If you have never experienced a software audit before, then don’t assume that this is an experience that you can muddle through.
Don’t treat audits as something that only happens to other people. The worst approach to take is to deal with an audit when it arrives. Get ahead of the IMPENDING knock on the door and have a plan.
If you would like to know how ITAM solutions could help you with your audit strategy, then please reach out to ITAM solutions via firstname.lastname@example.org or via +31 (0)40 369 0540.