- A major UK retailer received an audit letter from a specialised auditor for their IBM product stack. Soon after, they received another auditing letter from Oracle.
- The company held a team meeting with internal stakeholders representing Procurement, IT, Legal, and Finance. Collectively, they believed they were fully compliant and had nothing to be concerned about. Based on incorrect advice from internal resources, the IT team provided delayed, inaccurate, and incomplete information to the two vendors. The auditors initially identified the Retailer was liable for a combined 37 million GBP penalty across the two product stacks.
- The leadership team was preparing for a considerable software license negotiation with the Vendors and knew they needed expert Auditing Advisory services.
The Retailer had a large IBM and Oracle software estate. Easy access to software and user-controlled deployment encouraged over-usage, potentially leading to a significant exposure due to under licensing.
In 2018, the UK Retailer engaged IntegrationWorks to review their integration product stack, assess the existing deployments, and address any licensing
gaps before an official audit is organised.
Most vendor license agreements allow the right to audit their clients at any point in time. They often require the customer to prove they have been using the vendors’ approved monitoring tools and provide Software Usage Reports to prove their compliance. IBM recommends a tool called ILMT, and it is down to the customer to install, continuously maintain it and produce the compliance reports. Oracle customers are required to run data measurement tools on their servers as well and share the resulting output logfiles with Oracle.
In 2020, IBM announced that their auditors KPMG were going to audit the customer. Shortly after, Oracle kicked off a licensing audit as well.
Although the client soon realised that the integration software was managed accurately and the correct information shared with the auditors, the rest of the state was not as it’s been managed by another Solution Provider. Following the inaccurate information the client supplied to the auditors, a significant penalty was identified. The combined liability for the two vendors totalled £37 million. The Retailer asked IntegrationWorks to provide Auditing Advisory Services to help them navigate through the audit and negotiate the crippling penalty.
IntegrationWorks did a deep dive into the contracts and software order history to understand what licenses they owned, what features were required, how they were enabled, and what triggered the massive out-of-compliance findings.
IntegrationWorks determined the architecture team could negotiate a licensing configuration with a better fit to their operational needs, while also addressing the auditors’ concerns. The Retailer eventually settled with the two vendors for only £1.25 million and £2.10 million, largely by procuring licenses required for their present and future business operational needs. This amounted to savings of 91%.
Vendor audits can bring significant financial risk. The auditors are typically leveraging their contractual terms, intellectual property, and copyrights under commercial law to get the financial outcome that benefits them. The leadership team must emphasise everyone’s ethical responsibilities and do everything possible to safeguard their organisations by hiring the right external subject matter experts to assist and advise in situations where internal resources are insufficient.
**Due to contractual NDA we are unable to disclose the name of these organisations**