Case Study: From £300,000+ to £0 – Micro Focus Audit Defence
- Company: European Airline
- Employee Count: 10,000 – 25,000
- Audit Time: 2021 – 2022
- Product Family: Micro Focus SecureData Enterprise (previously known as HP Security Voltage)
- Product Keywords: Micro Focus SecureData Enterprise, Micro Focus SecureData Mainframe
- Licensed Model: Per Instance, Per Server (role-specific), Per Named Application, Gigabyte, Node
- Third-party auditor leveraged by vendor: No – vendor internal audit team
- Initial risk / claim: £300,000 – £400,000
The airline was notified by Micro Focus for a licence compliance audit in the summer of 2021, in the middle of the COVID-19 pandemic. In 2016, the airline acquired HP Security Voltage products, which were subsequently renamed Micro Focus SecureData Enterprise after Micro Focus’ acquisition of HPE’s software portfolio in 2017.
FisherITS was engaged by the airline’s IT sourcing team to manage the audit process with a goal to minimise non-compliance exposure. Working together with the airline’s wider IT team, FisherITS consultants performed an emergency internal audit where several key risks were identified and subsequently rectified, before the start of the external Micro Focus audit.
Despite the successful pre-audit remediation, Micro Focus’ own auditors still made a significant claim of non-compliance, valued between £300,000 to £400,000. FisherITS consultants viewed such claim as based on Micro Focus’ incorrect interpretation of server roles (Non-production vs. Disaster Recovery) and its lack of understanding of its own license suites. Based on this, FisherITS advised the airline to firmly disagree the findings and thoroughly challenged the claim.
With the support from FisherITS, the airline was successful in defending the claim which ultimately led to a £0 settlement and an apology from the vendor’s account team.
Key FisherITS Deliverables
Internal audit report, risk remediation recommendations, audit communication plan, settlement negotiation advice.