Converting an audit finding into a clean OpenPass deal

Converting an audit finding into a clean OpenPass deal is the final move in a well run defense. The finding is reduced, the corrected position becomes the baseline of the forward agreement, and the protections that prevent the next finding are written into the term. Done in the right order, the conversion turns the end of an audit into a stable agreement. Done in the wrong order, it cements the vendor's opening number for years.

The Resolve step of the method exists for exactly this purpose: to settle on the buyer's terms and convert forward into a clean OpenPass agreement with audit protections written in. But conversion is not a single signature. It is a sequence, and each step depends on the one before it. Skipping a step, or taking them in the wrong order, is how a buyer ends up with a tidy looking contract built on an untidy number.

Reduce the finding first

A clean conversion is impossible without a clean number. The vendor's opening finding is priced at full list, with back maintenance and the cost of the audit added on, and it counts everything that can plausibly be counted: service and dormant accounts, decommissioned systems, momentary peaks treated as sustained requirements. Converting that figure into an OpenPass baseline locks the inflation into the agreement. So the conversion begins with reconstruction and rebuttal, the work that takes the finding apart line by line until only the defensible figure remains. This is the same work described across the cluster and summarised in the complete OpenText audit defense playbook.

Set the corrected position as the baseline

Once the finding reflects real, defensible usage, that corrected position becomes the baseline of the OpenPass agreement. This is the moment where the value of the defense is preserved or lost. The baseline should reflect the reconstructed counts, not the original finding, and it should be documented so that there is no ambiguity later about what was agreed. The discipline of building that baseline before the negotiation opens is set out in building an OpenPass target baseline before negotiation. A baseline carried over from a corrected position is the difference between an agreement that reflects what you actually use and one that reflects what the vendor hoped you would pay for.

Define the metrics so the dispute cannot recur

An audit happens because a metric was ambiguous or interpreted broadly. The conversion is the natural place to close that ambiguity. Every metric that drove the finding, whether named users, capacity, events per second, or volume, should be defined precisely in the OpenPass agreement, with the definition reflecting the buyer's deployment reality rather than the vendor's widest reading. Defined metrics are the single most durable protection in the agreement, because they remove the interpretive room that audits exploit. The technique is in how to challenge OpenPass metric definitions, and the rationale in defined metrics in an OpenPass enterprise agreement.

Write the protections into the term

A clean conversion does more than settle the present finding. It prevents the next one. That means writing protections into the term: a price hold or capped uplift so the vendor cannot reset pricing at renewal, dual entitlements so any planned migration does not trigger a double count, and an audit clause that constrains the frequency, scope, and timing of future reviews. The full catalogue of protections worth securing is in audit protections to negotiate into an OpenPass agreement. Without these, the conversion settles one finding and leaves the door open for another.

Manage the two timelines

The vendor often wants the finding and the agreement settled in the same compressed window, because speed favours the party with the prepared position. The buyer should separate the two clocks. The finding can be addressed on its own merits, and the agreement negotiated on its own schedule once the number is corrected. A buyer who lets the audit deadline drive the commercial terms gives up the time needed to benchmark the proposal and read the draft adversarially. The way to negotiate the agreement itself from this position is covered in how to negotiate OpenPass from an audit position.

What a clean conversion looks like in practice

In a recent engagement, an estate facing a multi product finding chose to convert forward rather than simply settle and walk away. The sequence held: the finding was reconstructed and rebutted until it reflected defensible usage, the corrected counts became the baseline, the metrics that had caused the dispute were defined in the contract, and a price hold and a constrained audit clause were written into the term. The result was not just a settled finding but an agreement that closed the specific gaps the audit had exploited. The vendor's opening number never became the baseline, and the protections meant the same dispute could not be reopened the following year. The anonymised case files behind this approach, including the Documentum, Fortify, and ArcSight engagements, are collected in our engagements.

Document the settlement so it holds

A conversion is not finished when the agreement is signed. It is finished when the settlement is documented so clearly that no future review can reopen what was agreed. The corrected counts, the defined metrics, and the protections should be recorded in a form the buyer controls, so that when the next review arrives the buyer can show exactly what was settled and on what basis. A settlement that lives only in the vendor's records, or in a loosely worded clause, invites the same dispute to return under a new interpretation. The discipline of recording the position is the same discipline that supports the negotiation in the first place, covered in documenting your estate for an OpenPass negotiation.

This documentation also feeds the governance that keeps the agreement clean across its term. An estate that signs a clean conversion and then stops tracking its position will drift back into exposure, and the next review will find it. Pairing the conversion with continuous tracking, so that deployment is always reconciled against the agreed baseline, is what turns a one time settlement into a durable position. The ongoing practice is covered in OpenPass governance and license position tracking.

The order that keeps it clean

The whole exercise comes down to order. Reduce the finding, set the corrected position as the baseline, define the metrics, write the protections, and keep the two timelines apart. Each step depends on the one before, and the conversion is only as clean as the weakest step. A buyer who follows the sequence ends an audit with a stable agreement on defensible terms. A buyer who signs the conversion before reducing the finding ends it with the vendor's opening number locked in. This sequencing is the core of our OpenPass enterprise agreement negotiation work. If a finding is on the table and a conversion is being proposed, open a case before the order gets reversed.