License management and audit advisory for UK retailer

The customer, a UK-based retail company, had a large IBM and Oracle software estate. Easy access to software and user-controlled deployment encouraged over-usage, potentially leading to a significant exposure due to under licensing. 

In 2018, the UK retailer engaged Fusion5 to review their integration product stack, assess the existing deployments, through system and integration testing,  and address any licensing gaps before an official audit is organised.

Most vendor license agreements allow the right to audit their clients at any point in time. They often require the customer to prove they have been using the vendors’ approved monitoring tools and provide software usage reports to prove their compliance. IBM recommends a tool called License Metric Tool (ILMT), and it is down to the customer to install, continuously maintain it and produce the compliance reports. Oracle customers are required to run data measurement tools on their servers as well and share the resulting output logfiles with Oracle. 

In 2020, IBM announced that their auditors, KPMG, were going to audit the customer. Shortly after, Oracle kicked off a licensing audit as well. 

Although the client soon realised that the integration software was managed accurately and the correct information shared with the auditors, the rest of the state, which had not undergone thorough system and integration testing, was not as it’s been managed by another solution provider. Following the inaccurate information the client supplied to the auditors, a significant penalty was identified. The combined liability for the two vendors totalled £37 million. The retailer asked Fusion5 to provide auditing advisory services to help them navigate through the audit and negotiate the crippling penalty.

Fusion5 did a deep dive into the contracts and software order history to understand what licenses they owned, what features were required, how they were enabled, and what triggered the massive out-of-compliance findings. Fusion5 determined the architecture team could negotiate a licensing configuration with a better fit to their operational needs, while also addressing the auditors’ concerns. The retailer eventually settled with the two vendors for only £1.25 million and £2.10 million, largely by procuring licenses required for their present and future business operational needs. This amounted to savings of 91%. 

Vendor audits can bring significant financial risk. The auditors are typically leveraging their contractual terms, intellectual property, and copyrights under commercial law to get the financial outcome that benefits them. The leadership team must emphasise everyone’s ethical responsibilities and do everything possible to safeguard their organisations by hiring the right external subject matter experts to assist and advise in situations where internal resources are insufficient. 

Note: Due to contractual NDA we are unable to disclose the names of these organisations