License Audits…Enforcing Ethics

Ethics.  In the consulting business, the perception of your level of ethics can break you.  I haven’t seen a lot people gain work because of their perceived ethics, but I have seen several lose work.  We all like to assume that the person across the table, phone, or email will act in a fair and ethical manner.  The more “real” the social interaction, the stronger the assumption.

Well, recently it appears EMC has been checking on the usage of Documentum in some clients.  Specifically, they have been conducting audits to check that licensing agreements are being followed.  This revelation just screams for comment on the event and the underlying culture.

Enter the Auditor

Alan Pelz-Sharpe of CMS Watch observed that EMC, and their auditors KPMG, are starting to check the licensing agreements of some of their customers in the U.S.  He points out two important facts:

1. It is within a vendor’s right to conduct the audits.
2. Customers generally don’t like it.

Audits are time consuming for an organization, regardless of the outcome.  It also sounds like in this case that EMC/KPMG is pushing some of the burden on the clients by not sharing what licenses EMC thinks that the organization should possess up-front. Alan gives some sound advice for dealing with the situation that should be followed in all vendor audits.

Alan expects that with the recession, audits may become more frequent.  I would agree, especially considering the anecdotal story of a six figure gross from an audit.  If a vendor can make a six figure profit, plus the increased maintenance fees, after paying audit costs, then they will keep conducting audits until they run out of people to audit.

One lesson learned, always keep copies of what has been licensed readily available so that anyone, present and future, can readily find it.

The Ethical Line

Okay, so we have the lesson to always know what you have licensed.  The other, stick to it.  I’m sure that many “violations” have been from people not understanding what they have licensed.  Many organizations, when faced with a licensing limitation, do try to remedy the situation.

This is where you, the professional, comes into play.  As a consultant, I have been brought into many clients where they did not know exactly what they had licensed.  Usually it was quite simple to find out.  Usually a call to the account representative by the customer clears it up.  Documentum customers can just log into the Download Center to see what the system thinks is licensed.

I always check when I can.  If I see a situation that requires more licenses than are currently in use, I double-check with the client, and if they aren’t sure, encourage them to check with the vendor.  What if a client pushes back?  What if you know that they are in violation of their license agreement and they choose not to do anything?  This is a tough ethical quandary that I would pass to the lawyers.  I haven’t dealt with this before so I can’t say exactly what I would do in that situation.  The only thing I know for certain is that I would not be doing work with them again.

Another common scenario is trying out a new component in a Proof-of-Concept.  This could be run in a development environment or in a stand-alone system.  As an partner with a few vendors, I have access to lots of installation packages.  They are for my company’s use in learning and evaluating the software. They are also used to show new and existing clients the capabilities of the different products.

Over the years, I have seen organizations tempted to take evaluation installations and use them for production.  This is another fun ethical dilemma.  This one is a little simpler, if only because it is more familiar.  Usually once the acquisition process is under way, and I check with the vendor and the client, I usually proceed in Development, but no further.  I have had situations where either the vendor or the client (Yes! The Client!) have said to wait until the acquisition process has completed.  This usually leads me to work on some other project while the software is acquired.

A Problem?

If a vendor can make a profit by conducting license audits, then there is a problem in the customer community.  For most of Documentum’s products, there is no license key or enforcement on the server.  I can take a standard Content Server installer and create a massive set of environments.  There is nothing to stop me, aside from ethics and trust.

eRoom, on the other hand, strictly enforces the user licenses.  When you install the software, you install a license key to turn the installation from a 30-day trial into an installation for X named users.  When a user logs into the system, they claim a license until they are all gone.  When you run out, you can take them from old users by inactivating them or by getting a new key from EMC.

I’ve worked with both products, and the former is easier to work with by far.  If customers take advantage of this, and abuse it, then things will change and things will become much more difficult to develop and evaluate solutions.

Everyone loses in that situation.