How to Successfully Manage Software Audits and Reduce ... · Prepare Your Audit-Readiness Kit 7. Collaborate to Plan Negotiation 2. Create Audit Process 5. Control Your Audit and
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
How to Successfully Manage Software Audits and Reduce Noncompliance Cost Risk With Gartner's C9 ProcessJo Ann RosenbergerResearch VP, Distinguished Analyst
C1: Construct Your Audit Team Using a RASCI Matrix —Responsible, Accountable, Supportive, Consulted, Informed
1.Construct
Team
Roles
Phase Activity Ass
etM
anag
er
Vend
orM
anag
er
Lega
lC
ouns
el
IT Fina
nce
Tech
nolo
gyM
anag
er
Bus
ines
sO
wne
r
Info
rmat
ion
Secu
rity
Con
trac
tM
anag
er
Inte
rnal
Aud
it
IT Proc
urem
ent
Notification Assemble audit team R I I I I I I I I ICheck contract C R S I I S I A I SRun inventory/usage reports A I I I R I I I I IAcknowledge request C R C I I I I S S S
C1: Construct Your Audit Team Using a RASCI Matrix —Responsible, Accountable, Supportive, Consulted, Informed
1.Construct
Team
Roles
Phase Activity Ass
etM
anag
er
Vend
orM
anag
er
Lega
lC
ouns
el
IT Fina
nce
Tech
nolo
gyM
anag
er
Bus
ines
sO
wne
r
Info
rmat
ion
Secu
rity
Con
trac
tM
anag
er
Inte
rnal
Aud
it
IT Proc
urem
ent
Preparation Update inventory tools/manual reporting processes A I I I R I I I S I
Validate entitlement R S S I I C I S I SDefine scope A R I I I I C S C IAssess and agree methodology R S C I S I C I C IDraft and sign NDA C A R I I I S I I SData transfer and retention policies C A C I I I R S S SMake financial provision for likely liabilities C C I R I A I I I I
C1: Construct Your Audit Team Using a RASCI Matrix —Responsible, Accountable, Supportive, Consulted, Informed
1.Construct
Team
Roles
Phase Activity Ass
etM
anag
er
Vend
orM
anag
er
Lega
lC
ouns
el
IT Fina
nce
Tech
nolo
gyM
anag
er
Bus
ines
sO
wne
r
Info
rmat
ion
Secu
rity
Con
trac
tM
anag
er
Inte
rnal
Aud
it
IT Proc
urem
ent
Closure Agree compliance position R A I I S C C S C SAgree settlement details C R S C C A C S C SMake contract amendments C A S I C C S C I RMake required purchases C C I C R R I I I S
C4: Communicate Your Audit Policy Organization-wide
Vendors/Contractors Are Not EmployeesEmployee Confidentiality Terms Still Apply During Offsites and After-hours ActivitiesMeetings Conducted via Conference Rooms/Offices Versus Open Workspace or CubiclesVendor Technical Support Calls Should "Stick to the Point"Business Partners/Resellers Are Still Vendors —NDAs for Protection
C8: Consider Key Dates for Leverage and Bargaining Power During Settlement Negotiations
Fiscal Year-End Dates
Action Item: Strategize Timing to Align Final Audit Settlement Negotiations With Vendor Quarter-End and Fiscal Year-End Dates for Bargaining Power.
8.Consider Key
Dates for Leverage
Note: This is not an exhaustive list of all major vendors that may be applicable to your product and service portfolio or future needs.
Sour
ce: G
artn
er (M
ay 2
017)
Vendor Fiscal Year-End Vendor Fiscal Year-EndAdobe November Infor AprilAmazon December Informatica DecemberAutodesk January Lenovo MarchASG Technologies December Micro Focus (Attachmate, HPE software) AprilBMC March Microsoft JuneCA Technologies March Oracle MayCisco July Salesforce JanuaryCitrix December SAP DecemberCompuware March SAS DecemberDell (EMC, VMware) January ServiceNow DecemberFujitsu March Software AG DecemberGoogle December Symantec MarchHitachi March Tableau Software DecemberHP Inc. October Unisys DecemberIBM December Workday January
Collaborate to Plan Negotiation:§ Use Audit Team to Brainstorm Tactics § Engage CxOs and Stakeholders § Treat Settlement Like a Deal!
Consider Key Dates for Leverage:§ Maintain a Fiscal Year End Database§ Strategize Timing of Settlement Negotiations§ Use Qtr./Year-Ends for Bargaining Power
Close Using Resolution Agreement:§ Document Concessions§ Consider All Contractual Options§ Both Parties Sign to Be Legally Binding