The Most Dubious Software Auditors

Dubious Achievement Prizes for Software Auditors: The DAPSAs Are Here!

Updated: Jul 9

It’s award season, so we decided to chime in! Based on hundreds of client audits, we put together a list of Dubious Achievement Prize winners for the past year. These are software suppliers who have gone above and beyond the normal range of audit behavior, and merit a special shout out.


1. All-Around Worst Auditor: OpenText


This supplier plays hardball and seems to make up the rules as it goes along. The company does not use an outside audit firm to perform audits, and egregiously inflates whatever it can find. At one of our clients, the supplier took a single screen shot of one of their applications, and based its “audit findings” solely on it. OpenText went on to pressure the customer to pay up quick and close the matter: “It’s $550K if you pay by Friday, $7M if you pay in two weeks, and it’s $14M thereafter.” Because the software audit industry is not regulated and there is no oversight, OpenText can get away with this behavior and often goes unchallenged. (With our assistance this client did successfully fight OpenText; we determined the findings to be between $15-80K.)


2. Biggest Overreach in an Audit: Attachmate


Although technically this award could go to any number of software suppliers, Attachmate (part of MicroFocus) takes the cake. A recent audit conducted at a client’s organization resulted in a $7M claim for a product called Extra. The product was only licensed for certain users, but Attachmate asserted that every PC in the company had to be licensed for the software because, theoretically, people could use each other’s machines. We were able to fight this claim with our own data and bring the findings down by 90%.


3. Most Improved Auditor: Adobe


The company has been significantly scaling back / removing its audit activity. When they do conduct license assessments, it’s a much “friendlier” or sale-based exercise than in the past, when the company used aggressive tactics and audited customers consistently.


4. The Sneakiest Auditor: Microsoft


You don’t even know you’re being audited by Microsoft until it’s too late. The company is, and has been for many years, the most innovative of all when it comes to compliance initiatives. Microsoft has enlisted dozens of partners to “help” you with your Microsoft environment: consultants, tool providers, SAM firms, and resellers. It calls audits by many names: health checks, SAM reviews, cloud assessments, and other “free services”. Microsoft recently acquired Movere, the maker of an audit tool that Microsoft uses to move customers to the cloud, i.e., Azure. In other words, Microsoft approaches compliance from many angles, and we urge clients to be aware of this.


5. The Audit “Insurance” Award: IBM


IBM’s Authorized SAM Provider (IASP) program has been introduced to help clients guard against noncompliance. The company has identified four partners – KPMG, EY, Deloitte and Anglepoint -- who will audit you quarterly (at your expense) and provide the results to IBM. The good news is this program eliminates surprise IBM audits, which can be rife with back maintenance charges and business disruption; the bad news is, you’re essentially getting audited every quarter. And, these firms are strategic IBM compliance partners so they have to be very careful about “biting the hand that feeds them” (e.g., providing you with strategic advice that could be used to reduce spend or better negotiate against IBM). As noted in our recent Naughty Vendor List blog, IBM’s sales are at their lowest of this century, so the company is aggressively pursuing revenue through software audits.


As we look ahead to what’s in store for 2020, we caution clients to get ready to pay more for Oracle’s Java licenses, many of which were free until recently. Right now, Oracle is not auditing Java, but we believe this will soon change.


To learn more about software audit industry trends and tactics, please listen to our webinar on the subject, or contact a member of our compliance practice.


Tres Larsen is a former professional auditor and a Managing Director at ClearEdge, where he leads the Compliance Services Team.