The Art of Negotiating a Software Audit

By 
Scott & Scott, LLP

AuditAlmost every business today operates with the support of digital tools. One recent survey put the number of companies investing in digital technologies to transform their business at an astounding 97 percent. Conducting business in this digital age means licensing software from major publishers, such as IBM, Oracle and Microsoft, and the subsequent acknowledgement and anxiety that software audits from these and other providers are not only likely, but they can wreak havoc on your company.

It typically goes something like this: You receive a letter from your software publisher and it says there is an audit coming. It contains threatening language and warns not to make any changes to your environment.

At this point many companies simply wave the white flag and open the doors of their entire IT infrastructure to the software vendor. However, this comes with risks. The scripts that auditors use to discover the illicit use of software (intentional or not) can cause problems in an IT infrastructure, and consume valuable staff resources and money.

Better-prepared companies, on the other hand, deploy tried-and-true practices for negotiating a software audit. Often, one of their first moves is to negotiate with the software vendor.

Case-in-point, a few years ago, the candy maker Mars received a letter from Oracle saying that it had been selected for a software audit. Mars, being a large and well-run company, knew the risks the audit posed to its IT infrastructure, so it pushed back. One of the issues at the heart of Mars stalemate with Oracle was the scripts that Oracle wanted to run. Mars wanted Oracle to agree that any damage inflicted by scripts probing the Mars infrastructure would be paid for by Oracle.

According to a recent survey by IT services firm Technologent, 65 percent of organizations were subject to a software audit in 2016 and 23 percent were audited three or more times. Almost half (44 percent) of surveyed organizations paid $100,000 or more in true-up costs to vendors due to noncompliance, a sharp increase from 25 percent the prior year. Twenty percent paid more than $1 million in true-up costs, more than double the number in the previous year (nine percent).

These numbers are intimidating. But in fact, you have more room to negotiate an audit than you likely realize. Here are some questions to keep in mind when you negotiate with software publishers demanding audits across your enterprise IT infrastructure.

• The license agreement may not obligate you to run any third-party tools in connection with an audit. You should certainly have your legal team review audit provisions of the operative license agreements to understand your rights
• If the audit clause requires the customer to provide reasonable cooperation, that can easily be accomplished without running the auditor’s tools
• Consider what data collection methodology will you offer the auditors as an alternative?
• Where scripts are being considered, test, test, test.
• What are the vendor’s obligations to provide a remedy for audit scripts that lead to failure of performance in systems being probed?

The digital transformation of business has exploded in recent years and so, consequently, has software licensing. Worse, software is characterized by multiple licensing rules and models, which leads to more companies falling out of compliance. This is why having enterprise wide strategies in place for dealing with and pushing back on software audits has become as important to businesses as their accounting practices.

This article originally appeared on TechCrunch; you can read Scott’s articles on TechCrunch here: https://techcrunch.com/contributor/robert-j-scott/