Over the years I have heard of many enterprise software customers being audited by enterprise content management (ECM) vendors, but there is usually a good reason for an audit to be instigated. Either you have threatened to throw that particular vendor out of the door and had the temerity to trial a rival vendor's software (so now the gloves are off), or the vendor has had a tip-off that you are abusing your licensing agreement.

But in the last couple of quarters we have started to see EMC in particular launch audits, with seemingly no such impetus. In what comes off as a coordinated, US-wide effort, many customers are currently being audited or under threat of audit by EMC -- or to be specific: Documentum buyers and EMC's proxy KPMG -- and as you can imagine, customers are not happy.

What we know for sure is that the rush to audit started in the late Q3 to early Q4. We also know that the audits all seem to fit a rough pattern. Two targets:

• Larger enterprise buyers that have not spent much money with the firm in awhile
• Buyers who may be moving from cpu-based pricing to user-based pricing.

EMC has a perfect right to ensure that its licensing agreements are not abused, and it is a sad fact that many buyers do in fact abuse licensing agreements, so auditing as such is not wrong. Nevertheless, it is unpleasant, and buyers should be prepared in advance.

Though far from comprehensive, we would suggest that if you receive a notice of a pending audit, you should:

A: Ensure that KPMG/EMC first compile a list of all the licenses they have sold to you -- this in contrast to what is currently happening whereby they turn up and expect you to tell them

B: Offer to review that list and verify one way or another as to whether it is correct

C: In the event the audit is a gross intrusion of your business, you simply respond to the request via your legal department; remember it is KPMG/EMC contacting you, not the IRS

As I mentioned, one underlying theme in these current audits is the cpu-based pricing model (a model that EMC Documentum no longer offers). I have long advised large seat buyers to take the cpu route, since it offers better value and a great deal of simplicity over seat-based pricing models. However, the anonymity of cpu pricing (numbers rather than named users) is not popular with sales reps who lose visibility into account activity. In addition it is hard to keep track of cpu usage, and subsequently hard to convert from cpu to named users without a great deal of work in tracing every user, installation, and department.

The other theme is simply the recognition that auditing is successful in the short term. In many cases the auditor can go to the CIO, point out that EMC is owed $500,000 and negotiate a deal of $300,000 -- free beer as we say in England. But it can also come across as desperate and can cause untold damage in the long term. A former client of mine once threatened with an audit from IBM decided to dispense of that vendor's services altogether.

But the pragmatist in me suggests that audits must be expected when Wall Street demands ever higher returns every quarter regardless of the long term impact, and auditing a firm to simply get them to pay for what they are using is far better than mass layoffs.

So, while auditing is universally loathed in the industry, it is on the increase and we can expect to see more of it as the recession continues, so be prepared.

If you are being audited by EMC or any other ECM vendor, let us know as we would like to talk to you (in strictest confidence).