The Five Stages of (Audit) Grief
Grief takes many forms for people and the emotion is experienced for many reasons. Most of these reasons are rather personal in nature and include the loss of a loved one, the end of a relationship, the onset of disease or even something so inane as the loss of insurance coverage. Elisabeth Kübler-Ross documented the emotions of grief in what has become commonly referred to as the Five Stages of Grief . This article seeks to extend and document the Kübler-Ross model to an organization’s approach to a software audit.
Stages of Grief
The following model, commonly referred to with the acronym DABDA, has been used to document the process that friends and family go through when confronted with the death of a loved one.
• Denial – The first stage is denial. Individuals believe that a mistake has been made and cling to a preferred reality
• Anger – When denial subsides, anger takes over – “Why me?”, “This is not fair” or even “Who is to blame?”
• Bargaining – While this emotion takes on many forms, it ends up feeling like negotiation with God.
• Depression – Despair sets in with recognition of mortality. During this stage, an individual may become silent or refuse visitors.
• Acceptance – The final stage finds the individual moving forward to a better place.
An example of the application of this model outside of death is the COVID-19 pandemic as documented by David Kessler:
“There’s denial, which we saw a lot of early on: This virus won’t affect us. There’s anger: You’re making me stay home and taking away my activities. There’s bargaining: Okay, if I social distance for two weeks everything will be better, right? There’s sadness: I don’t know when this will end. And finally, there’s acceptance. This is happening; I have to figure out how to proceed. Acceptance, as you might imagine, is where the power lies. We find control in acceptance. I can wash my hands. I can keep a safe distance. I can learn how to work virtually.”
While it may seem a stretch to apply this same model to a software audit, the stages do fit nicely and may in fact provide some context for your emotions and a change in your response in dealing with the audit.
I have been involved in several audits. We all can relate as we have likely all been through at least one. Denial takes on many forms and often blurs with the second stage, Anger. An example of denial that comes to mind is an individual getting the audit letter via email. The subject of the email may be benign enough that the email is ignored for a time. In fact, it is ignored long enough that is sinks to the bottom of the inbox and is therefore forgotten. Reminders are further ignored since it reminds the recipient that they have not dealt with the initial intrusion. The Denial stage usually ends when the vendor escalates to a boss or executive or worse, legal console to jump start the process. Of course, this leads quickly to Anger.
Referring to the initial outline, Anger starts with the questions “Why me?” and “Who is to blame?” We can add to those questions, “Why is it so difficult to understand software licensing?” and “I thought we were partners!” We have worked with clients who have yelled at vendors in hopes of having an audit go away. Of course, yelling and anger does not really endure us to vendors but rather shows them that we are trying to hide something. This step is emotionally necessary but if it can be eliminated, it may shorten the overall audit. The reason is simple – audit defense is based on confidence in knowing your Effective License Position (ELP) and knowing that you have taken steps to ensure compliance. That confidence is eroded when a vendor thinks you are hiding something.
Moving past Anger but with some residual Denial leads us to Bargaining with a software vendor. This may take the form of both positive and negative bargaining. Positive bargaining is asking for a new contract to have the audit go away. Positive bargaining requires you to swallow your pride and anger and actually admit that you may be clueless in handling the audit. The time savings alone may be worth the new contract. Negative bargaining is attempting to hide behind legal vehicles such as privacy and non-disclosure to avoid the audit. A quick review of a software contract will make it clear that the vendor is within its rights to perform such an audit.
When bargaining fails, depression sets in as you realize that the vendor may be right. The extent of “rightness” is the driver of depression. One organization became depressed when they realized that an Enterprise License Agreement did not mean they could use the software everywhere without cost. The resulting estimate of findings was in the low 8 figures, an amount that will blow anyone’s budget. Avoiding the Depression stage means that you must start earlier to actually avoid the reasons for an audit. Knowing your ELP will enable you to avoid audits by not putting yourself in a compromising position.
After “successfully” completing the first four stages, your acceptance of the inevitable software audit will begin the course of healing. For it is at this stage where you admit that you may have a compliance issue and can work with the vendor to find an equitable solution to the findings. It is also at this stage where you can begin to avoid the five stages for the next vendor on the horizon. Avoidance takes the form of putting a better Software Asset Management (SAM) process in place, understanding your ELP, and knowing the content and Terms and Conditions of your software contracts. It is through knowledge and acceptance that progress can be made.
Drawing a parallel between death or sickness and a software audit may sound like a trivialization of grief. But when software vendors can charge millions of dollars for findings that may appear as mistakes, it can feel like a disaster to an organization with razor thin margins. Organizations who have seen their revenues cut in our current pandemic may not survive when an audit becomes real. Avoiding the grief stages altogether by putting processes in place that can alleviate compliance issues is money well spent.
Having a good support system in place for software audits will help organizations speed through the stages. That support system will include an audit response team, competent consulting expertise and a capable toolset to ensure compliance. Changes to procurement and contracting procedures will ensure that audit letters land in the right place and are not ignored. Knowing that every organization will be audited will remove the emotional side of the notification. Ensuring competent legal counsel is part of the audit response team will provide a buffer between vendor managers and the emotional executive leadership teams. Audits may be unavoidable, but they don’t need to put us into a tailspin of grief.
Kübler-Ross, E. (1969). On Death and Dying
Berinato, Scott. “That Discomfort You’re Feeling Is Grief”. Harvard Business Review. Retrieved 3 July 2020.