It doesn’t have to be this way. Software audits are disruptive, but there are ways you can lighten the load and mitigate your risk. Before any audit notification comes in, it’s crucial to have effective hardware and software asset management processes in place to ensure your inventory and license compliance positions are current and accurate. This will smooth out reporting and reduce the risk of submitting inaccurate data. 

Common audit triggers

Before we dive into the ground rules of software vendor audits, it’s important to note the events that typically prompt most audits. They include: 

• Change in spend
  • Reducing support and maintenance spending during renewal
  • Moving support and maintenance to a third party
  • Changing licensing model
• Historical proof of entitlement (PoE) requests
• Clause in contract
  • Periodic audits usually aligned to renewal dates
  • Contact termination
• Mergers or acquisitions
• Unhappy employees notifying the vendor of compliance issues

Exercise caution when your vendor offers an assessment review. These reviews may be a veiled attempt to find you out of compliance. Rather than sending any data to the requestor, simply state your information security guidelines for not sending company confidential data to third parties. Soon thereafter, review your usage and address any known issues for that vendor because a proposed assessment review is very often a precursor to an audit.

Once the vendor has informed you of their intent to audit (sent by either letter or email from the vendor or third-party auditor to the person who last signed the contract or renewal), your internal process should launch quickly. Here are 10 steps for successfully navigating a software audit.

The 10-step process

1. Notification. Don’t ignore an audit request. Once the notification letter arrives, notify your ITAM team promptly with “private and confidential” added to the communication. All communication surrounding the audit should be marked as such to avoid any legal repercussions. Don’t make any changes to your current state — limit the deployment of new installations and do not uninstall any applications unless you’re decommissioning the device. 
2. Assemble the audit board. Gather your key stakeholders and don’t assume everyone understands the audit process. Cleary define roles and responsibilities and set timelines.
3. Put the team to work. The first step is to gather and review all license entitlements, contacts and agreements associated to the audit. Then engage with all the necessary areas of the business and review your audit objectives while considering previous audit recommendations. Set a primary point of contact toward the auditor from that point on and continuously circulate all documentation and reports.
4. Acknowledge the letter. Receipt of the request for audit is required and your agreed upon point of contact should handle this communication. Clarify which products are included in the audit at this time.
5. Propose a non-disclosure agreement (NDA). Most software publishers and auditors will typically agree to negotiate NDAs to control the handling of audit data. It protects all involved.
6. Meet with the auditor. During your first meeting, clearly define the scope of the audit, including products, legal entities, geographical locations, etc. The auditor will discuss the required data, form of evidence, and how they want you to provide it to them. The auditor may also mention scripts or tools they want to use to gather data. If they do, they should review this for you.
7. Gather the data. Only collect data that has been defined and in a form that is agreed to by all parties. Normally an audit is focused on network discoverable devices. It’s prudent to identify any standalone devices and their ownership that could be in the audit’s scope. Relay all findings back to your audit board for review and sign-off.

Note: Where possible, it’s a best practice to use tools already within your estate to gather audit evidence, e.g., Snow Spend Optimizer, SCCM, etc. 

• Submit the data. Once you have obtained and understood all the required data, prepare it for submission to the auditor. Redact or anonymize any sensitive information, and don’t omit or manipulate any data.
• Carefully review the results. The auditor will evaluate your submitted evidence against the vendor’s entitlement position and produce a reconciliation report. Never agree to the findings in the first instance — you need to validate the results first and be prepared to challenge them. 
• Settle and close the audit. Often the settlement is a considerable amount, and you can negotiate with the vendor. Once all parties agree to a final figure, you can negotiate a waiver not to audit for 2-3 years. Then, it’s time to rectify the issues identified in the audit. This reconciliation comes in the form of training and an update of centralized ITAM tools. 

Shortlist on what to do – and not do

Software audits are usually lengthy and often take between 3 and 18 months. Here’s a summary of our suggested steps to help streamline the process and position you for a successful outcome:

Additional resources

Though it can be enormously helpful, this short guide is just the starting point for an optimized and successful audit journey. Audits can be challenging (and costly) without clear visibility and manageability of your assets. Check out how our approach to Technology Intelligence can guide you through your audits while providing you with comprehensive visibility to create more efficiencies, save money and minimize risk. Contact a Snow specialist for more information and guidance. 

The post 10 Steps to Navigating a Software Audit appeared first on Snow Software.

How to avoid being caught in the audit backlog

“Build your opponent a golden bridge to retreat across.” This quote from Sun Zsu in his 6th century BC work, The Art of War, refers to the idea that you should leave a safe passage for an opponent to retreat to avoid conflict.

You’re probably thinking, what does that have to do with SAP? Why would I need to do that?

In an audit, even though it has been contractually agreed upon and you’re provided with advanced notice, the process can lead to potentially costly conflict. But, audit preparation can shift the balance of power, providing you with control to defend your position and create a ‘golden bridge’ for SAP to retreat across once your compliant position is established — leaving you safe while they move on to the next company.

The challenges of the audit process

Of course, one of the biggest hurdles to overcome is how to prepare for an audit. Audits are notoriously difficult, requiring time to gather detailed usage data and compare it against contracts, versions, etc. And there’s quite a bit of money on the line – both in terms of how much organizations may need to pay out and how much a vendor could gain. The most common challenges we hear from our customers are:

1. Expertise – As with all things not repeated regularly, the motion of going through a yearly audit requires a re-education process. Many customers state that the complexity of contracts and large IT landscapes make it an incredibly difficult task. You really need an expert understanding of what you need to achieve and how to achieve it.

2. Effort – Understanding information is required for an audit and getting that data is even more time consuming if you lack knowledge of the landscape, process and tools. In large environments, data collection and preparation can take months of manual effort. Once the data is correlated, you then need to check and recheck the accuracy of the data before submitting it to SAP or other vendors.

3. Optimization – During data preparation, customers often use the opportunity to review their license application and optimize their license estate based on their knowledge or the system knowledge of the users, e.g., contractors whose contracts have ended.

License optimization holds many benefits such as increased employee productivity and cost savings. But doing this manually requires the creation of license reallocation logic which can leave you vulnerable to human error and may lead to business disruption.

How to overcome audit challenges

Now that we’ve identified some of the main challenges of an audit, we want to share a few winning strategies to overcome them. By applying and implementing these processes you can give your business a strong base to be ‘audit ready’ in the future.

Gaining expertise

• Document your experience throughout an audit process to better understand each SAP audit carried out. Build on this and refine it. This will help build your personal expertise and also help you in preparing for the next one.
• Build a repository of contracts and licenses to solidify your SAP contractual knowledge.
• Avoid having a single point of failure. We have all probably been in a work situation where a person leaves without a comprehensive handover. You can prevent that by documenting your processes and saving historical data on a shared drive.
• Remember, you’re not alone! If you are restricted on time or resources, there are people that can help. Reach out to a third party with strong SAP expertise

Reducing effort

• Run regular compliance checks. Don’t make this an annual task. Running regular checks will not only help you to stay compliant, but it will help you continually refine your process and reduce the effort required each time you check for compliance.
• Understand how long the process takes so that you are not rushed or under pressure to present your results. This could be costly to both you and the company. With a project timeline, you can factor in the right time and appropriate resources required to complete an audit.
• Use the right tools for the right job. With the right technology in place (especially for a reoccurring process), you can significantly reduce the amount of manual effort required and achieve more accurate results.

Automated optimization

• Analyze and optimize regularly. The past may no longer be applicable to the present. When you originally bought your licenses, you likely based it on an approximation of required licenses and license types. Your requirements today could be completely different for a number of reasons, including M&A, company growth or maturity of the platform. You should, therefore, have an ongoing cadence of analyzing and optimizing your license type allocations.
• Keep an eye on your joiners, movers and leavers. Remove all inactive users using the latest data to ensure all users are valid and assigned the correct licenses type.
• Avoid paying list price by knowing what you need and purchasing any additional licenses required before an audit takes place. If you’re caught in a short fall during the audit, you’re unlikely to be able to use your original discounts for any license purchases.
• Know your unknowns. Exposure to Indirect Access is becoming more and more prevalent in SAP audits and with the rapid growth in SaaS, the risk of Indirect Access is growing greater. We have also heard of enhanced audits resulting from potential indirect access usage. Many organizations are unsure whether to adopt Digital Access licensing or stay on their legacy user licensing. To make the best decision, its important to carry out system checks to avoid unnecessary Indirect Usage and assess which licensing option is the best fit.

Planning and preparation are key to a constant compliant state

Audits can be a daunting task, especially if you are not prepared for what lies ahead. But, by running regular compliance and license optimization checks (monthly or quarterly depending on the business), you can refine the process, build expertise, and produce accurate results in a timely fashion and show SAP the exit to the golden bridge of retreat.

Learn more about the different audit types and how to prepare for audits from Microsoft, Oracle, SAP, IBM and VMware. Be audit-ready, all the time with these winning strategies.

The post The Art of Preparing for an SAP Audit appeared first on Snow Software.

Oracle’s fourth quarter results are a good indicator of the current state of the Enterprise Business Software market. What’s happening at Oracle is likely similar to the climate at other large enterprise software vendors including SAP, Microsoft, IBM and more. This drop is indicative of the frequently discussed shift from software solutions into the Cloud. It reflects the challenges vendors face with their software business in today’s disrupted market.

While we can’t forecast exactly how all this will play out, it’s pretty clear vendors won’t simply accept the revenue drop. So the question becomes, how will they recoup their losses?

A look back at lessons learned

If we look back to 2008, we can learn a lot from what happened just after the financial crisis. I’ve been in the software business for more than 20 years and can well remember that following the crisis, many large vendors made significant changes in their corporate organizational structures.

They also adapted their product offerings and price lists, and some vendors increased their auditing efforts massively, or started auditing if they hadn’t been already. These audits became a strong pillar for creating additional turnover in their software business in the years that followed, and the big vendors have continued using this practice to this day.

Vendors started to change their price lists, not always in favor of the customer. Their focus shifted towards increasing growth models (e.g. per Employee, Turnover, Processors, etc.) and away from the delivered business value.

All of these changes put increased pressure on existing customers. For most software vendors though, these tactics worked well. They continued their growth immediately after the 08’ crisis and are still going strong today. Today, as we enter another period of economic uncertainty, it is very likely that they will increase pressure on existing customers once again.

Changes are coming

Software vendors are feeling the pressure from stakeholders to achieve their targets and an easy option is to go after their existing customer base. Customers are likely to be presented with new corporate structures, new product strategies, and new price lists, with changes to support and maintenance plans and an increase in audit activity as well.

Vendors will rethink their current product portfolio; solutions will be put at end-of-life or end-of-maintenance which will force existing customers to move and buy newer solutions. These products might be replaced by cloud solutions or cloud platforms only.

Vendors may also cancel support or maintenance contracts altogether or, opt to increase prices. They will likely use audits for a short-term increase in turnover or to push their customers to newer products (like cloud) and related contracts. Some vendors might also push the indirect use cases and force customers to settle on this in the short term.

Arm yourself with information

To limit the impact of today’s uncertain times and the economic turbulence that will inevitably come in the future, one of the safest things to do is to ensure you have complete visibility of all entitlements and current usage. This will prevent any unpleasant surprises or unwanted negotiations.

Today’s uncertainty can also offer great opportunities. As the pressure on software vendors to achieve their targets increases, new deals will be more important than ever, meaning that “every – single – deal – will – count!”

Take advantage of this time to cut costs and negotiate good deals with your vendors. With optimal preparation, you can secure significant discounts and get great deals. Before you start though, make sure you have a complete inventory of what you currently have (shelfware / redundant solutions), what you need (short- to mid-term planning), and an idea of what the best possible deal will look like for your organization. 

The post What Software Vendor Earnings Can Tell You About Audit Risks appeared first on Snow Software.