Multinational Financial Services Organisation

Introduction

The client was a multinational financial services company, and member of the FTSE 250 Index. The client had a Red Hat renewal in 2025 where they did not uplift any subscriptions. Red Hat had expected some growth, which triggered an audit notification.

Their Challenges

The client had several challenges to overcome for this audit:

• There were concerns about data security and confidentiality, and reservations about how the audit would be conducted.
• There was limited central discovery available with regards to software deployment, which led to gaps being identified in their data coverage.
• Their internal team was involved in a very busy technology transformation program with little time to spare on distractions.
• The audit team wanted to conduct the audit on site, alongside tight restrictions on deadlines. The audit was reinitiated in October, once data management concerns had been addressed, and the vendor wanted the audit completed by the end of December, putting the teams under extra pressure.

Their Objectives

The client’s objectives were:

• A clear audit strategy to support them in their interactions with the audit team
• To understand their Red Hat license position and ensure compliance
• To validate the management of Red Hat subscriptions to ensure this was being done in the most effective way.

bedigital’s Solution

We followed our standard audit defence process for Red Hat, which involves five key stages:

• Initial advice to the client on how to engage with the auditors and the audit process.
• Contract, entitlement and deployment data analysis.
• Risk identification and mitigation.
• Data testing and audit ELP feedback.
• Negotiation with the vendor.

How bedigital delivered

We assessed the client’s audit position and led their engagement strategy with the auditors and Red Hat, shaping communications, defining scope and timelines, and managing escalation.

We coordinated the collection and validation of deployment and entitlement data, then produced an effective licence position (ELP) highlighting risks and required remediation. Minor estate and data changes were recommended to remove exposure before submission.

bedigital supported the onsite audit, challenged inaccuracies in the auditor’s findings, and eliminated a potential subscription shortfall in the virtual estate.

We concluded the engagement by supporting audit close-out negotiations, securing no further audit action, and advising on a lower-cost alternative Linux solution for future renewals.

Challenges

There were several challenges to overcome with the data gathered by the client in order to deliver a successful outcome:

• The audit was paused and then reinitiated by the auditor and then given strict deadlines. We had regular weekly meetings with the client and were able to stay fully abreast of changes in the estate, how that would impact the data and license usage, and advise the client on their communication with Red Hat.
• A discovery tool used by the auditor to gather the data was ruled out by the IT security team from the clients end due to security concerns, therefore it was a challenge to extract the meaningful data within the time constraints.
• The scripts used by the Red Hat audit team did not initially deliver the expected data and left some gaps.  By working closely with the client’s technical stakeholders, we were able to resolve these issues and deliver a clean data set to the auditor.

Outcomes

• The client was certain of their compliance with licenses, thanks to the work bedigital did to give them that confidence.
• The audit was completed with zero obligations to the client.

Benefits

• The client was able to continue with their planned strategic migration, secure in the knowledge that Red Hat would not return to audit.
• The audit identified some gaps in the client’s data coverage with regards to software license usage, which were closed as a result.

Conclusion

As with all software vendor audits, there are time pressures and challenges to overcome.  We created a plan at the beginning of the audit and stuck to it to ensure the client had no obligations to Red Hat and achieved their core outcome, which was to successfully complete the audit. The client has also started the process of moving over to another provider at their next renewal.