An OpenText or Micro Focus compliance finding is a number, and the number is almost never the one you owe. This playbook sets out how the finding is built, where it inflates, and how a buyer takes it apart line by line. It is the map to the rest of this site: every defense track and every field note links back to a section here.
OpenText spent the last decade assembling one of the widest software estates in enterprise technology. Its own enterprise content management line, Documentum, Extended ECM, Content Suite, eDOCS, InfoArchive, and Core Content, predates the Micro Focus acquisition and is governed by the OpenText end user license agreement. Then in January 2023 OpenText closed its $6B acquisition of Micro Focus, adding security products such as Fortify, ArcSight, Voltage, NetIQ, and Sentinel, the DevOps suite of ALM, Quality Center, Octane, LoadRunner, UFT, Dimensions, and AccuRev, the COBOL line of Visual COBOL and Enterprise Server, IT operations management, and analytics through IDOL.
That breadth matters to a buyer for one reason: each product carries its own metric, and most of the acquired products are governed not by the OpenText EULA but by the Micro Focus Additional License Authorizations. An estate this wide creates overlap, and overlap is where an opening finding inflates. We organise our defense practice into eight defense tracks that map to this estate, so the metric in dispute is always handled by people who know exactly how it is measured.
OpenText gives seven days notice before an audit, and reserves the right to copy relevant records. Seven days is not much, and it is the most important week of the entire engagement. What you do in it shapes the number more than any week that follows, because the early decisions about scope, channel, and data set the boundaries of everything the vendor can later claim.
The single most valuable move is to route all vendor contact through one controlled channel before anything is sent. Read how to respond to an OpenText seven day audit notice and what to do in the first 48 hours for the detail, and the gated seven day notice response paper for the full procedure.
The reason a finding lands so heavily is the remedy the contract specifies. On a finding of noncompliance, the licensee is deemed to have acquired the licenses at the then current list price, must pay back maintenance and support for the period of the shortfall, plus first year maintenance on the new licenses, and reimburses all costs OpenText incurs in performing the audit. One shortfall becomes three or four charges stacked on top of one another, all priced at the least favourable rate available.
Each layer is separately contestable. We unstack the remedy in the deemed acquisition at list price clause explained, back maintenance and first year maintenance on a finding, and who pays for an OpenText audit and how cost recovery works.
The EULA states that compliance is the sole responsibility of the licensee. That clause does more work than it appears to. It is why the vendor can open with an aggressive reading and expect the buyer to prove it down, and it is why an independent reconstruction of your effective license position matters so much. We explain the clause and the obligation it really creates in why compliance is the sole responsibility of the licensee.
OpenText runs a global software compliance team with executive sponsorship. Compliance Managers prepare entitlement and support reviews, then run the true up negotiation that follows. Understanding how that team assembles a position is half the defense, because every finding follows a recognisable shape. We set out the playbook the team runs in inside the OpenText global software compliance team, and the limits on what it can demand in what OpenText can and cannot demand during an audit.
Our defense runs on four operations, applied in sequence. The full version lives at the method page, but in short:
The decisive idea across all four operations is that the vendor finding is a claim, not a fact. Until it is reconciled against your own reconstruction of deployment and entitlement, it is simply the largest defensible reading the vendor could assemble.
Most Micro Focus products are governed by the Additional License Authorizations, and they are the key trap area in any audit that touches the acquired estate. The ALAs define the metric, the capacity unit, the bundling rules, and the version entitlement for each product, and an opening finding routinely reads them in the way least favourable to the buyer. Reading them correctly is the single highest leverage activity in an ALA driven audit. Start with our ALA and entitlement review track and the gated reading Micro Focus ALAs paper.
Each product family inflates a finding in its own way. This is the heart of the practice, and each cluster of field notes sits behind a defense track.
Named seat counts, service and dormant accounts counted as consumers, repository sprawl, and server deployment counting. In case file E-01, an insurance Documentum seat count finding fell from $7.2M to $1.6M, a 78% reduction, once service and dormant accounts were disqualified. See the ECM and Documentum track.
Seat overclaim where repository access is counted rather than actual scan submitters, perpetual versus term confusion, and non production use. In case file E-02, a technology Fortify developer seat overclaim fell from $4.5M to $0.9M, an 80% reduction. See the Fortify and AppSec track.
Events per second read at burst rather than sustained, data volume, connector counts, and identity user definitions. In case file E-03, a banking ArcSight EPS and connector finding fell from $6.0M to $1.8M, a 70% reduction, once burst was split from sustained. See the ArcSight and security track.
Named versus concurrent user definitions, Vuser counting, and environment counts across the DevOps suite. See the ALM and LoadRunner track.
Volume based metrics, output channel counting, and document overcharge. See the Exstream and CCM track.
Core, MIPS, and workload metrics, and the line between runtime and development. See the COBOL and Enterprise Server track.
Indirect access is where a finding reaches furthest beyond the obvious user base, counting people and systems that touch a product through an integration, a portal, or an API rather than directly. It recurs across every product line, which is why it sits in the cross cutting Audit Mechanics cluster rather than under any single track. Read indirect access in OpenText and Micro Focus audits for the defensive framing.
OpenPass is OpenText's enterprise licensing framework: a single contract, a defined term, and dual entitlements that let an organisation run an old and a new deployment in parallel during migration. A well negotiated OpenPass agreement is one of the best outcomes a buyer under audit can reach, because it converts a defended finding into clean forward terms. A rushed one carries the inflated finding forward as the new baseline. The difference is the negotiation, set out in our OpenPass negotiation track and the gated OpenPass conversion playbook. The tactics that lead into it are in true up negotiation tactics under audit pressure.
If a notice has already arrived, the order of operations is simple. Stop all direct vendor contact, choose a single controlled channel, and open a case so a partner can take over inside the window. From there the four Rs run their course. The firm record across more than 200 defended OpenText and Micro Focus audits is a 68% average reduction in the initial compliance finding and more than $90M in cumulative claims mitigated against vendor positions.
If you have received an OpenText or Micro Focus audit notice, the first seven days matter more than any week that follows. OpenText Audit Defense is an independent, buyer side practice founded in 2020 by former vendor compliance leadership. We have defended more than 200 audits, reduced the average finding by 68 percent, and mitigated more than $90M in claims. We do not resell OpenText software and we are not affiliated with OpenText Corporation. To open a case, use the contact form on this site.
We take over within the seven day notice window. Buyer side only. Founded in 2020 by former vendor compliance leadership. Not affiliated with OpenText Corporation.