View LISTSERV archives

ITPSM@LISTSERV.EDUCAUSE.EDU


View:

:

[

|

Previous Message

|

Next Message

|

]

:

[

|

Previous Message

|

Next Message

|

]

:

[

|

Previous Message

|

Next Message

|

]

:

Proportional Font

LISTSERV Archives

LISTSERV Archives

ITPSM Home

ITPSM Home

ITPSM  2017

ITPSM 2017

Subject:

Re: audit terms

From:

"Knox, Marg" <[log in to unmask]>

Reply-To:

The EDUCAUSE Software Licensing Issues Constituent Group Listserv <[log in to unmask]>

Date:

Thu, 23 Mar 2017 22:34:51 +0000

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (49 lines)

Thanks Zac!



_________________________________
Margaret (Marg) Knox
The University of Texas System

Sent from my iPad, I apologize for any typos

> On Mar 23, 2017, at 5:31 PM, Braaksma, Zachary <[log in to unmask]> wrote:
> 
> Thanks for sharing Marg.  I wanted to comment on your point "- a third party is not what I consider desirable practice. Their compensation may be on finding something versus a neutral result"
> 
> I agree in that a third-party, assigned by the Vendor, is not a desirable practice.  I know of two large software vendors, who contract with Big 4 accounting firms as the third-party, do not directly compensate per-engagement based on the findings of the Big 4 accounting firm(s); they make sure this is stated to the customer during any "review".  However, the accounting firms may assist with targeting/recommending customers to be audited (based on purchase activity, product mix, maintenance-renewal activity, etc.) and the large software vendors will not continue to award the audit to firms who do not demonstrate results.  So, although compensation is not directly tied to a specific engagement, there is pressure for the third-party firm to have findings in an audit for continued business with that software vendor.
> 
> That said, having a third-party, assigned by the Customer, may be desirable if compliance is unknown to the Customer when an audit is initiated (of course, this is reactionary and not best practice).  Having a clause that allows a customer-selected third-party to come and demonstrate compliance may be of benefit, somewhat tied to your last point in running school run tools to demonstrate compliance.  Of course I would expect such an engagement to be a review of compliance, optimizing license allocation/counting, and then providing summarized results to the software Vendor in a previously agreed upon (hopefully in the contract) format/method.  This also allows the Customer to evaluate internally, without immediate obligation to the software vendor, how to approach any problems identified (technically, legally, etc.) before there is pressure coming from the software vendor based on non-compliance findings they may have identified during an audit.
> 
> Thanks again,
> 
> Zac Braaksma
> Office: 281.998.6382| Cell: 281.253.7398
> 
> -----Original Message-----
> From: The EDUCAUSE Software Licensing Issues Constituent Group Listserv [mailto:[log in to unmask]] On Behalf Of Knox, Marg
> Sent: Thursday, March 23, 2017 1:44 PM
> To: [log in to unmask]
> Subject: [LICENSING] audit terms
> 
> The SHI newsletter today had an interesting article on getting the best audit terms in your contracts. So food for thought, see https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fblog.shi.com%2F2017%2F02%2F20%2Fnegotiate-better-software-audit-clause%2F%23.WMFoxVUrLRY%3F_cldee%3DbWtub3hAYXVzdGluLnV0ZXhhcy5lZHU%253d%26recipientid%3Dcontact-273e6c58aff1df119f66005056ae0ffb-06de9135c9ca46c78c54ac8b2b1731f3%26esid%3D3f48a249-d20f-e711-80ff-005056950f19%26urlid%3D15&data=02%7C01%7Czachary.braaksma%40SJCD.EDU%7C2bbe7acee5c04e349daa08d4721cd9dc%7C514efd408efe4f15819f34e56acf1562%7C1%7C0%7C636258915626347968&sdata=SRQRaEEGMC6sFocSOTJhv580n9mDu%2FEbenHmnrcJVwY%3D&reserved=0
> 
> A couple of thoughts
> - I would add is the concept of "good legal cause" for an audit clause. Fishing expeditions are not a good use of our resources so I want to know what evidence a vendor has to need the audit
> - security/privacy issues. If a tool is going to be used then it would have to be fully vetted by our security and privacy folks before deployed. And a whole bunch of legal language would be needed for that usage (who that data can be shared with, what kind of data, etc).
> - a third party is not what I consider desirable practice. Their compensation may be on finding something versus a neutral result
> - a possible preference for the last two could be that the school run tools they have (that perhaps came with the package, since surely the vendor cared enough to include same:-)) and upon appointment on site, review results with the vendor. Any sensitive data/ confidential data would be redacted prior.
> 
> Margaret (Marg) Knox          The University of Texas System Executive Director, Systemwide IT (SWIS)
> (512) 322-3774                        [log in to unmask] Austin, Texas, 78701
> 
> **********
> Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2Fdiscuss&data=02%7C01%7Czachary.braaksma%40SJCD.EDU%7C2bbe7acee5c04e349daa08d4721cd9dc%7C514efd408efe4f15819f34e56acf1562%7C1%7C0%7C636258915626347968&sdata=T6AE%2FlkR%2FNQ8DUAeTD9Ah0hg6usSmgY9kTdIG2SCDXQ%3D&reserved=0.
> 
> **********
> Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.

**********
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.

Top of Message | Previous Page | Permalink


Options

Log In

Log In

Get Password

Get Password


Search Archives

Search Archives


Join or Leave ITPSM

Join or Leave ITPSM


Archives

2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
1998

ATOM RSS1 RSS2