Making Audits work for you! · – Print all results on paper and have them work on paper formats...
Transcript of Making Audits work for you! · – Print all results on paper and have them work on paper formats...
![Page 1: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/1.jpg)
Making Audits work for you!
1
![Page 2: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/2.jpg)
Who are we & why speak?
• Who?– Turnover approx. £4B per year (Sainsbury's Argos only which is the non-food side of the business.)
– Spend approx. £100m on IT with software renewals constituting about £30m
– Approx. 400 vendors with the usual 5-10 main vendors and a very long tail and over 3500 products, both licensed and open source
– Complex environment, mainframe, AIX 5.1, Citrix, VMware & Cobol from 1980’s
• Why?– Audits have no set routine, the variances across vendors and products is to great. Knowledge, experience and real world
examples help all of us to mitigate the impact.
– Vendors thrive on the fear of being audited to supress business intelligence being shared.
– SAM is a value driven profession and our stakeholders need to be aware of our capabilities.
1
![Page 3: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/3.jpg)
Audit Steps
• Pre-Audit
– Mitigation
– Risk profiling
– Risk acceptance
– Planning
– Proactive defence
• Audit initiation
– First letter
– Audit checklist
• Audit defence
– Strategies and Legal positioning
• Negotiation
– Team Structure
– Negotiation Strategy
– Concession Strategy
– Timelines
– Future relationship
2
![Page 4: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/4.jpg)
Pre-Audit
3
![Page 5: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/5.jpg)
Mitigation
General Policy creation
– No audit while in RFP
– No audit when delivering results of RFP
– If in an audit then excluded from RFP
Vendor Specific policies or License constraining
– Specify Oracle systems to be brought up in case of DC DR (restricts licenses)
– Test environments to use licenses specified as Development or with Mobility (License pools)
Vendor Relationships
– Good relationships with account manager should reduce risk of Audit.
4
![Page 6: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/6.jpg)
Risk Profiling
What is your risk from Audit?
– Which vendors are active in the market and what is your risk with each vendor
– What is your real risk rather then perceived risk. Would they really audit you?
– Which vendors need an audit defence strategy?
– Which vendors will likely never cause a risk to the business
Expect 2-3 audits per year
– One mitigated
– One resolved with little or no commercial or license implications
– One to affect next years budget
What factors increase risk?
– Divesture and M&A
– Lost sales opportunities
– Lost RFP’s
– Technical staff (internal misinformation)
– Limited dialogue
5
![Page 7: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/7.jpg)
Risk Acceptance
What is total risk in the business
– Often shown as a high, scary figure concentrated on by vendors, consultancies and managed service providers
What is the actually risk
– Maximum that any one vendor could bill with 10-20% headroom for the unknown
– Not just the monetary cost but what is the risk to reputation
What risk will the business accept?
– Work on the largest risk until it reaches the accepted risk level or below another recognised risk.
– If new risk is identified, larger than the risk acceptance move to the new risk.
– Eventually work on all risk areas to keep reducing risk throughout the business.
– Deal with low risk profile vendors as and when an event occurs, renewal/purchase
6
![Page 8: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/8.jpg)
Audit Planning
• Vendor Specific plans / strategies
• Does the vendor require a specific plan/strategy due to its position in the 4 box grid and Risk profile.
• Who will be called upon to answer the audit (Inc. SAM)
• Legal, Procurement, Commercial teams, Vendor/Ops manager
• What are their roles and responsibilities
• When will you meet
• Weekly or monthly
• What are the triggers for changing meeting frequency
• Escalation paths
• Who is accountable if SAM is responsible
• Financial year ends of each vendor
• Communication plan (loose lips cost lives)
7
Autodesk January
Dell January
CA Technologies March
Compuware March
Symantec March
Infor April
Micro Focus April
Oracle May
Microsoft June
HP October
AdobeNovember
SAPDecember
AttachmateDecember
VMwareDecember
ASG Software solutionsDecemberDecembe
![Page 9: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/9.jpg)
Proactive Audit Defence
• Software strategy
– On-boarding
• By risk profile (based upon their activity and aggressiveness in the market)
– Create a 4 box grid for all vendors and use to help with risk profiling (emerging, strategic, tactical and legacy)
• Do you on-board all your vendors if a very long tail or consolidate
– ELP generation
• Accept gaps
• Plan risk mitigation
• Roadmap maturity
– Risk Management
• Risk change
• Risk acceptance appetite change
8
EmergingEmerging StrategicStrategic
TacticalTactical LegacyLegacy
Bu
siness d
irection
Cost
![Page 10: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/10.jpg)
Audit Initiation
9
![Page 11: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/11.jpg)
Audit Start
• Who initiates the audit?
– You or the Vendor?
• Self Audit in response to vendor audit?
– Who carries out the audit?
• Vendor or Third party
– Shut down communications according to communications plan.
• Vendor contract
– Where is your entitlement
– What are your legal obligations
– Review contracts and prior Audits to get you “line in the Sand” – Identify Exclusions
10
• Know your ELP
– Hard to know everything
– ELP is like Swiss cheese
– What is missing for that vendor?
– Who can get that data/can you get the data?
• MSP are slow to respond to requests, cost money
– How is the software used and what is it used for?
• Remember you could have 1000’s of products
![Page 12: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/12.jpg)
Audit Checklist
Negotiate the Scope of the Audit
– Non-Negotiable
– Negotiable
– Wish List
Checklist
– Geography & Legal entities
– Device type & OS
– Start date and grace period
– % of acceptable non-compliance
– Who will conduct the audit
– Where can they work
– What data is allowed off site
– What information is required
– Baseline and compliance agreed at end
– Non-Audit clause at completion for a period
11
![Page 13: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/13.jpg)
12
Audit Defense
![Page 14: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/14.jpg)
Strategies and legal positioning
What do you need to do legally?
– Legal team defines what your minimum commitment of data is and its format
– Legal verify all questions and tactical manoeuvring to ensure contract compliance
Response Strategies
– Print all results on paper and have them work on paper formats to slow the audit down.
– Make the audit difficult but within the constraints of the contract in order to get the audit cancelled or changed to self declaration
– Delay the conclusion of the Audit to after the end of year for the vendor or yourself, depending on the risk.
– Delay the conclusion until Vendor end of year in order to get the best negotiation position.
– Ensure that communications and data is sent through a nominated person (group) any communications outside of this are not subject to Audit
13
![Page 15: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/15.jpg)
Negotiation
14
![Page 16: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/16.jpg)
Team Structure
• Will comprise of some of the Audit response team
• What additional resources are required?
• What are their Roles and what are their negotiation strengths
• Listening
• Communication
• Decision making
• Emotional control
• What are the negotiation styles you will use for/against
• Bully - Competing
• Negotiator - Collaborate
• Politician - Avoiding
• Doormat - accommodating
• Do you have someone of each negotiation style involved?
15
![Page 17: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/17.jpg)
Strategy
• How will you run the negotiations?
• Who will be involved from both the vendor and your company
• How many people will actively negotiate
• What is their cultural perspective (US, EUR, UK, APAC)
• Good cop Bad cop
• Bad Cop Worse cop
• Concession Trading
• Auction Bartering
• WIN-WIN scenario setting
• Concession strategy
• List your goals and the negotiation styles required for each
• Meetings
– Appropriate authority to make decisions
– Have non-negotiables been agreed (don’t start unless they have)
– Assess the negotiating styles they are bringing and determine your defence against them
16
![Page 18: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/18.jpg)
Concession Strategy
• Clarity of the vendors goals
• Clarity on your goals
• Sequence of which goals to trade or exchange for both parties
• SWOT analysis of goals
• Mapped against negotiation styles
• What is your BATNA (Best Alternative To a Negotiated Agreement)
• What happens when it fails
• If the results are less than your BATNA there is no point in proceeding with negotiations
17
![Page 19: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/19.jpg)
Timeline & Relationship
Timeline
• Is there a deadline that needs to be reached? Due to Audit defence strategies followed.
• Clear timelines and meetings keep the pace of negotiations from faltering.
• Ensure that the vendor knows and agrees the pre-planned meetings and the final meeting in advance. To ensure that they make decisions.
• Contracts and baseline should have an agreed date of completion after negotiations so that there is clear commitment
Relationship
• Once the audit is completed you want to see how you can keep the relationship positive
• Keep meeting quarterly or every 6 months depending on the vendor to reduce risk of audit
• Meetings related to the 4 box grid (Emerging, strategic, tactical & Legacy)
• Do the results of the negotiation change their position on the 4 box grid?
18
![Page 20: Making Audits work for you! · – Print all results on paper and have them work on paper formats to slow the audit down. – Make the audit difficult but within the constraints of](https://reader033.fdocuments.in/reader033/viewer/2022060300/5f082d0f7e708231d420b77f/html5/thumbnails/20.jpg)
Thank you!
19