How to work with a vendor during an audit & what not to do – is there such a thing as a win win audit?: Brian Ross, Veritas (ITAM Review US Annual Conference 2016)
How to work with a vendor during an audit & what not to do – is there such a thing as a win win audit?: Brian Ross, Veritas (ITAM Review US Annual Conference 2016)
Ähnlich wie How to work with a vendor during an audit & what not to do – is there such a thing as a win win audit?: Brian Ross, Veritas (ITAM Review US Annual Conference 2016)
Ähnlich wie How to work with a vendor during an audit & what not to do – is there such a thing as a win win audit?: Brian Ross, Veritas (ITAM Review US Annual Conference 2016) (20)
How to work with a vendor during an audit & what not to do – is there such a thing as a win win audit?: Brian Ross, Veritas (ITAM Review US Annual Conference 2016)
1. The ITAM Review US Conference 2016The ITAM Review US Conference 2016
2. The ITAM Review US Conference 2016
A publishers perspective
Brian Ross – Director
License & Asset Management Practice
5. The ITAM Review US Conference 2016
A license review from a Vendor perspective
• Customers
want
to
be
compliant
Campaigns
for
compliance
yielded
77%
response
• It
is
hard
for
customers
to
be
compliant
Complex
environments
and
licensing
models
• Customers
are
not
always
compliant
(despite
their
best
efforts)
• Compliance
ac2on
can
lead
to
be<er,
stronger
rela2onships
• More
than
half
of
customers
ordered
through
asset
review
• Post
asset
review
customers
spend
more
• An
FY16
Veritas
sample
survey
-‐
90%
of
customers
had
the
same
or
be<er
rela2onship
aTer
an
audit
• Customers
are
being
audited
all
the
2me
by
a
vendor
They
expect
it,
not
if
but
when.
• When
renewing
support,
customers
oTen
don’t
know
what
is
deployed
• Customers
oTen
don’t
know
what
they
are
licensed
to
use
6. The ITAM Review US Conference 2016
Review types
• 3rd
Party
audit
External
globally
recognised
accoun2ng
firms
(Deloi<e,
PWC,
KPMG,
EY)
Execu2on
of
our
contract
verifica2on
clause
• Self
declara2on
by
customer
(Direct
Audit)
• Campaigns
By
product
By
geography
• Buying
programs
ELA
agreements
Site
licences
Service
provider
agreements
• Partner
led
reviews
• Sales
led
reviews
7. The ITAM Review US Conference 2016
Vendor sample process
- 3 -
Methodology, Approach & Timeline
Key Deliverables
¡ Key Points of
Contact
¡ Meeting / Onsite
Scheduling
¡ Agreement on
overall milestones
¡ Participate in
kickoff meeting with
Customer
¡ Agree methodology
and approach
¡ Confirm scope
Week 0
¡ Answer data
gathering queries
¡ Confirm details of
the IT infrastructure
¡ Determine and
agree on methods
to collect
installation
information
¡ Project Plan
¡ Data Request List
Weeks 0 - x
¡ Collect & analyse
software data
¡ Collect & analyse
hardware data
¡ Collect & analyse
proof of entitlement
data
¡ Use existing data
source where
available
1. Kick-Off
2. Planning &
Scoping
3. Data
Collection
4. Verification
& Testing
¡ Use sampling
along with
interviews if
appropriate, to
validate
completeness and
accuracy of data
provided
Weeks x - y
5. Reporting
& Close-Out
Week y - z
¡ Prepare draft report
¡ Discuss preliminary
results
¡ Incorporate
additional data from
Customer
¡ Deliver baseline to
Customer and
Symantec
¡ Summary Table
¡ 3-way Handover Call
¡ Completed Software
Workbook
8. The ITAM Review US Conference 2016
Tension points
Common areas of tension in a review :
• Notification
• Why was I selected ?
• Non-disclosure
• Protection of what ?
• Scope
• Products, Geo’s, Organization structure
• Effective License Position (ELP) – the report
• Tooling accuracy for deployments
• Entitlement records
• Settlement
• Liability v Buy price
• Partnerships
9. The ITAM Review US Conference 2016
Emo2onal
cycle
during
a
se<lement
9
Denial Depression AcceptanceBargainingAnger
This
is
ridiculous.
We
are
not
overdeployed
by
15k
licenses
I’m
going
to
rip
and
replace
you
!!
Ok
well
we
want
our
normal
buying
price
I
hope
I
don’t
get
fired
for
not
doing
my
job
We
will
learn
from
this
and
now
have
a
be<er
understanding
of
how
to
license
your
soTware
Important
to
know
what
phase
you
are
in
Never
a<empt
to
nego2ate
anything
while
in
Denial
or
Anger
Phase
10. The ITAM Review US Conference 2016
Where
we
typically
see
non-‐compliance
Company
AIributes
• Complex
corporate
structure
• Purchased
or
sold
as
part
of
its
business
(M&A
ac2vity)
• License
administra2on/
Purchasing
is
decentralized,
owned
by
several
groups
• Demonstrated
poor
or
completely
missing
SAM
prac2ces
or
processes
• Relies
on
outsourcing
partners
for
asset
management
7
Consump(on
paIerns
• History
of
license
transfers
(indicates
environmental
change)
• Previously
failed
to
renew
maintenance
coverage
–
without
jus2fied
reason
• Called
for
support
or
guidance
for
products
it
is
not
en2tled
to
use
• Refuses
to
provide
product
usage
documenta2on,
• Avoids
licensing
discussions
• Has
expressed
concerns
about
a
“true-‐
ups”.
11. The ITAM Review US Conference 2016
What shoud you do ?
• Track
all
license
deployments
• Retain
proof
of
purchases
• Retain
your
contracts
• Be
proac(ve
and
review
organiza(on
aNer
mergers
or
acquisi(ons
• Be
proac(ve
in
reviewing
licenses
due
to
changes
in
technology
• Have
a
compliance
process/execute
it
• Install
soNware
asset
management
soNware
• Periodic
reviews
of
your
process
/
audit
posi(on
• Verify
soNware
licensing
with
your
soNware
vendor
on
a
regular
basis
• Educate
your
organiza(on
• Communicate
the
importance
of
execu(ng
compliance
process
• Have
an
established
audit
playbook
• Be
ready,
be
proac(ve!
12. The ITAM Review US Conference 2016
Questions?
The ITAM Review US Conference 2016