Aha! I am going to be a pain and say ‘it depends’!
I have done it in a scenario where our discovery tool was not interpreting the license requirements correctly, and we had a very good response - the vendor worked with us to ensure we got it right. Having said that, we were a wealthy fund management company and all our suppliers were well aware that we owned a big chunk of their stock, so you could say that we regularly went where angels fear to tread!!
I’ve also done it for other vendors for other companies, though, particularly smaller vendors, and it’s not been a problem.
Yes it might trigger audits, but it can also be seen as a relationship building exercise - ‘Dear vendor, we want a constructive mutually beneficial relationship and this is a demonstration that we will be open and honest with you’. Don’t be too paranoid about it!!!
So where would I and wouldn’t I ask the vendor?
I would be more likely than not to work with the vendor if we’re implementing a new solution and there is the potential that we might buy licenses… the vendor will absolutely help you out in that scenario, and I would be making sure I kept a record of everything that was said by the vendor so that we could produce it as evidence if there were problems in future.
I would also be inclined to ask the vendor how to license something if it’s an existing solution, but we have a good relationship with the vendor which includes regular peer to peer meetings, the chance we might buy more licenses in future, and the licenses we do own are properly supported and maintained. I just would make it sound like it was a routine query and I would make sure I didn’t imply there was the possibility of non-compliance.
I would be less inclined to do it for existing solutions where there has been a history of license issues in the past. If the vendor regularly audits you, I would hesitate unless I felt it was a way to improve the relationship by showing that we want to do the right thing. I would also avoid it if I was seriously concerned that we had licensed the solution incorrectly and there was the potential for significant non-compliance UNLESS I’d formally identified it as a risk and had cleared it with Senior Management and they were aware it could mean we had to buy some unbudgeted for licenses.
Anyway, I hope this is helpful!