You’ve just been hit with a vendor audit – now what?

If you don’t have your (bleep) together, a vendor license audit is painful. IT audits cause disruption to operations, are often complex and pose the risk of significant unplanned and unbudgeted spend.

Picture this all too familiar scenario; you receive notice that you are the target of an audit by one of your vendors. They provide you with some scripts to run. Then you run those scripts which spider your network collecting data. You then send the results back to the vendor, and you wait. A few days later, you open your inbox to find an e-mail summarizing the results of their findings. The news is not good; to your shock and surprise, you are shown to be out of compliance to the tune of millions of dollars.

Suddenly, you feel like you’re sitting in a casino, playing against the house with the odds heavily stacked against you. After uttering a few choice words, many thoughts start racing through your head; How can this be true? Where will you get the money? How will you message this to Finance? Will this unplanned spend put important projects at risk? Should you accept the vendor’s claim and settle?  

My first piece of advice: don’t panic. Formulate a solid game plan and make some quick difficult decisions. The first decision is to either accept or challenge the vendor’s findings

The difference between the vendor’s findings and your findings will likely be significant. In the extreme, this difference could mean that you might not be out of compliance at all.

 The difference between the vendor’s findings and your findings will likely be significant. In the extreme, this difference could mean that you might not be out of compliance at all. Here are several reasons why:

You’ll most likely receive a call from the vendor’s sales rep, offering you a sweetheart deal to make the “problem quickly go away.” I strongly advise against it. ALWAY’S verify a vendor’s findings. Here is why, even though your vendor has the results from collected data, they are missing the complete picture. You need to fill in the incomplete data before deciding on an appropriate course of action. 

  1. Vendors seek to maximize, not minimize your compliance obligations.
  2. Most vendor’s records of your purchases over the years are likely just as disorganized as your records are.
  3. Vendor’s terms and conditions may have been different during the time of sale than they are today, but the original terms still apply today.
  4. How and where you deployed software matters for compliance and often does not factor into audit findings

To challenge the vendor’s findings, you’ll need to collect and correlate information across multiple dimensions; including the following:

  1. The software you have licensed
  2. The software you have installed
  3. The hardware specifications of the machines where the software installed.
  4. The current software usage.
  5. The percentage of the software is in use.
  6. How the software is being used: 
    • Development
    • Production
    • Disaster Recovery
    • Hot Standby
    • Cold Standby

Once you collect, correlate, and normalize this information, you can move towards adhering to a more optimized license position. It’s complicated, confusing, and time-consuming work to arrive at a precise count, let alone an optimized position, but thankfully, there is a better way. Software exists that will do this hard work for you, and help you maintain a continuous optimized state not only for this one vendor but for all of your vendors. 

Instead of placing your casino bets with the odds stacked against you and hoping for a favorable outcome, you can use a more scientific approach by applying a rigorous and intelligent technology to the practice of managing your IT business.    

Flexera is THE leader in helping businesses optimize IT spend for Software, Cloud, SaaS. Collectively, we have helped our customers save over a billion dollars in vendor licensing costs. If you would like some help tackling an audit, or optimizing your IT license position, we’re here to help.

Permanent link to this article:

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.