Sherry Gordon (no relation) over at Spend Matters wrote yesterday on the topic of suppliers charging customers for the privilege of auditing. No, we’re not talking about just covering the costs of the audit itself, we’re talking about a surcharge on top of the auditing costs – a fee to the supplier for the burden of auditing. Ms. Gordon’s article was focused around a survey in the biotech/pharma industry which provided some interesting (but barely statistically significant) insights into auditing and whether customers would entertain the thought of paying a surcharge.
Once again, however, a lot of this issue can come down to a well-worded contract that spells out the costs, frequency and burden of the audit. My template language typically says that the party requesting the audit has to pay for it (unless a major discrepancy is found – especially around license usage), and that the audit has to be performed after prior written notice (usually more than 10-15 business days in advance) and at a time that’s mutually convenient. I suppose the “mutually convenient” language could allow for some wiggle room – some of the survey respondents said that they had received push back to audits in the form of delays, with suppliers saying that all slots for the year had been taken. But generally speaking, this overall language should prevent the supplier from charging you for the privilege.
Another interesting wrinkle noted by Ms. Gordon’s other referenced article is the practice of a supplier offering an existing audit up at a cost to the other party. Actually, this is probably not such a bad idea – again, as long as you discuss the practice beforehand and work out a few points for clarification. These points would include the cost of the purchased audit, the name/quality level of the auditing firm, and responsibility for failures of audited processes/procedures/etc because the selected auditor wasn’t as good as hoped. In other words, paying a fee to have access to an audit already completed isn’t a bad idea. It saves time and should be EXTREMELY cost effective (ie: I would ask them how many customers they have that will get the audit report – ‘x’ … and then offer them 1/x of the actual cost of the audit). But my real concern is that they would use Joe’s Auditing Shack to perform the audit – and that the quality wouldn’t even be worth the 1/x cost.
Oh, and just in case you were wondering… I would still want to know what any customer was going to do with an audit finding. In many more cases than I would like, it ends up being treated like source code escrow or annual financial reports – an insurance policy that has no actual value and isn’t even reviewed by anyone on the requesting side.