Will 2020 be the year we reach ‘peak audit’?

Software vendors usually send out their audit letters on a fairly predictable basis. The most common triggers are a contract term or ULA coming to an end, or indeed the end of the publisher’s financial year, something we covered in more detail in a previous blog about Oracle’s audit strategy.

However, from time-to-time, macro-economic factors come into play too, making it harder for organisations to get audit-ready. Those of you who were in the business around the time of the 2008 financial crisis, may well recall the crash was followed swiftly by a flurry of audit activity. It sounds crude but in tough markets – when software vendors face declining revenues and when their new business pipelines start to dry up – they will seek out new revenue streams, or at least try to maximise their existing ones. Audits are the mechanism to which they often turn.

Fast forward to 2020 and, if we’re to believe the economic forecasters, we are standing on the brink of an even bigger downturn. While it’s unclear how severely the recession will bite, or how quickly the economy will bounce back, we fully expect it to herald a major uplift in audit activity.

Audit deferrals will cause a spike in activity later this year

Currently, software vendors – the big names in particular – are seeking to conduct audits on a ‘business-as-usual’ basis. However, not all of them are actually taking place. Organisations are quite understandably requesting postponements as they simply don’t have the time or resources to handle an audit right now.

To their credit, publishers are showing enormous understanding, and have on the whole granted extensions. However, they’ll come a point when audits simply must take place. The second half of the year could bring a marked change in attitude.

Audits will be rich pickings for vendors

Another incentive for vendors to pursue audits is that there’s likely to be a wider than usual gap between what organisations are licensed to use and what they are actually using.

As my colleague Chris Gough explained in his recent blog, companies have been quick to take up the offers of free software in order to support home working and cloud-based applications. It’s highly probable that neither IT departments or procurement teams have an accurate handle on what applications are being used by their various lines of business. It’s even less likely that they’ll know when these free offers are due to expire and what contractual terms will subsequently kick in. Furthermore, licenses for on-premise software probably won’t cover any new cloud-based deployments.

While businesses have been forced to pivot and adopt new technologies in a short space of time, it’s probable that their licenses still reflect their old working practices. Expect much scrutiny in this area over the coming months.

Prepare now

Many organisations will still be reeling from the rapid change brought on by the pandemic, but as things begin to find a more predictable rhythm, it’s imperative that they gain an accurate understanding of their new software estate.

Most companies will keep an approved publisher list; this should be reviewed to ensure it’s still fit for purpose, and subsequently compared with the software that’s actually deployed across the organisation.

Much of this software will be superfluous. When applications are given away for free, users will be tempted to download everything that’s on offer. A single employee could well have Teams, Skype, Zoom, Webex, Google Meet and countless other video applications running on their desktop, when they could work perfectly well with just one.

Work out which are mission-critical for each member of staff in the longer term (when they could be back in the office or working from home, or both), and determine which features they need to do their job. Then, optimise accordingly. This idea applies to every part of an organisation’s software portfolio not just conferencing apps.

Finally, if you haven’t implemented one already, develop a formalised, repeatable plan that helps you navigate all future audits in a systematic and controlled way.

Does the vendor have a right to audit you? What’s the scope of the audit it can undertake? Will their scripts leave you in breach of GDPR? What mitigation plans can you put in place now to ease the post-audit negotiation?

These are just some of the questions you can ask yourself now in order to plan and prepare for a review. The better prepared you are, the less of a panic the audit will be, and I think we can all agree we’ve had enough surprises this year.

Our recent webinar “The Changing Vendor Audit Landscape – Expose your new Vendor Audit Risks” provides some useful insights and recommendations. To view the on-demand content, click the button below.



Paul Stevens Craig

Author: Paul Stevens-Craig, Head of Audit Practice

Paul is our Head of Audit Practice and has worked closely with many of our clients and partners delivering strategic business outcomes. He leads our highly experienced and qualified consultancy team, creating a centre of excellence.

Paul provides customers with expertise and advisory services with reference to IT Asset Management and IT/Digital Transformation initiatives. Having worked in the IT Industry for over 25 years, he has had roles in senior management and software & license consultancy for companies such as Oracle, Hitachi Consulting and PricewaterhouseCoopers (PwC).

Since leaving Oracle in 2005, Paul primarily focused on complex vendors such as Oracle, SAP and IBM, providing advisory services such as process and contract management, licensing, optimisation and risk mitigation for many UK and Global companies, across different industries within the private and public sector.