Inside the Briefcase

How Security in Tech is Being Reinforced

How Security in Tech is Being Reinforced

In an increasingly digital world, security has become a...

2022 Business Spend Management Benchmark Report

2022 Business Spend Management Benchmark Report

Read the 2022 Coupa Benchmark Report to explore 20...

Cloud Security: Understanding “Shared Responsibility” … and Keeping Up Best Security Practices

Cloud Security: Understanding “Shared Responsibility” … and Keeping Up Best Security Practices

Cloud computing has been around for many years now,...



Join data & analytics leaders from Starbucks, Cardinal Health,...

How EverQuote Democratized Data Through Self-Service Analytics

How EverQuote Democratized Data Through Self-Service Analytics

During our recent webinar on scaling self-service analytics, AtScale...

Why Software Vendors Still Audit Their Customers

June 14, 2021 No Comments

Featured article by Eric Chiu, Managing Director of FisherITS

depositions 300x199 Why Software Vendors Still Audit Their Customers

Software license compliance audits remain a key part of the strategy for many of the world’s large software vendors. It is a practice that causes conflict between software providers and their customers and has made it necessary for Software Asset Management to grow into a multi-billion-dollar industry. Whilst a handful of vendors are beginning to pull back from full-scale invasive audits, the vast majority continue with this unpopular and relationship damaging practice.

Why is this the case? Are customers really abusing the terms of their licensing agreements to the extent that vendors must aggressively protect their IP? I do not believe this to be true. I have worked in the Software Asset Management (SAM) industry since the mid 2000s and have rarely seen a customer intentionally violate a licensing agreement to the scale that justifies the vendors’ current auditing activity.

Customers expect to undergo a periodic ‘true-up’ process where they evaluate how much software they are consuming compared to what they have purchased, then paying the difference. Whilst this can be expensive, this is not the area of licensing noncompliance that causes the real headache for IT leaders and is not generally seen as unfair.

The problems begin with the unintentional and hidden compliance issues caused by complex technical installations, ambiguous licensing terms or accidental misconfigurations which are likely to run into the hundreds of thousands or even millions of dollars in settlement fees. Customers are being heavily penalised for honest mistakes or contractual uncertainties. This has continued for years, and I have seen vendors who can attribute anywhere from 20% to 80% of their revenue to compliance programmes. Audit revenue is also free of ‘cost of sale’ in the vendors accounting processes – it is pure profit.

Enterprise Software is Not a Level Playing Field

Software is a monopolistic business, if you provide the best product, everyone will buy from you. It is not easy (or cheap) for customers to switch to another provider if they are unhappy. That gives the vendors who secure a monopolistic position a lot of power and makes it tough for their customers to negotiate. Vendors continue to audit because they know that they can find noncompliance issues with their customers and that many customers will not have the knowledge or experience to defend against the claim. It is not a level playing field and this can make defending against a large noncompliance claim difficult for end users.

Customers should know that vendor compliance teams, or their auditing partners, are incentivised to discover noncompliance during their audits. Customers are profiled by the vendor and the compliance teams will select in advance those who are more likely to yield a higher audit settlement fee. Audits are not a routine and random check to ensure the software is being deployed correctly, they are a revenue driving exercise.

Defending Against a Compliance Audit Settlement Fee

I have worked alongside customers in cases where the vendor has made an initial compliance claim for over $100m. The vendors realise they will never recover that amount and these initial figures are used more as negotiating tactics rather than legitimate claims. Nevertheless, it is still a worrying and disruptive time for customers caught in this kind of compliance issue. Interestingly there are cases where this kind of fee has been paid, only for the customer to attempt to recoup the settlement in court after they realise they should have fought back.

A claim for millions of dollars that is based on the technicalities of a contract can usually be negotiated. They are likely to be settled by the customer purchasing new software from the vendor, often directed towards cloud products that may or may not be in the customer’s interest but continue to grow the account from the vendor point of view.

Getting Ahead of Software Compliance Issues

Compliance audits are triggered by factors such as a downturn in purchasing activity, mergers and acquisitions, company growth or known lack of SAM processes. Good SAM programmes with the right people, processes and technology in place are the best way to prevent an audit from striking in the first place. If an audit notification letter does arrive, organisations should have a pre-defined process for how the audit is handled, including tightly managing all communication with the auditor through one dedicated point of contact.

Large audit settlement fees should not be accepted just to make the audit ‘go away.’ It is possible for organisations to prepare their software records to be audit ready and defend against the audit when it arrives. Customers should understand they may be being asked to pay unfairly and should be armed with the knowledge that they can fight back.

Eric Chiu 214x300 Why Software Vendors Still Audit Their Customers

Eric Chiu is the Managing Director of FisherITS, with a team of 20 enthusiastic and highly experienced licence auditors and consultants. Prior to his current role, he managed a similar team at one of the “Big Four” audit firms and was responsible for the launch of UK compliance programmes for several major software vendors.




Sorry, the comment form is closed at this time.