Part One: ARE YOU A TARGET FOR A SOFTWARE AUDIT?

What are your chances of being audited by one of the major vendors in the near future?  The likelihood is very high. A recent research study run by Gartner suggests a 68% chance of being audited by at least one software vendor in the following 12 months.  If you are working in a Vendor Management role or a Technology Compliance Role, you know that this number is very accurate. 
In this two part blog series, we'll be discussing the importance of software license compliance and the issues your business may face if you are targeted for a software audit.
 
Based on our recent market review, 45% of organizations are going through two or more vendor audits in one year. It’s only a question of when, how often, and how costly the audits will be. The likelihood is such a sure thing and the risk is so high, that nearly every customer we contacted asked us to keep their names out of this story.
 
Software Asset Management (SAM) is important to any business that licenses software. Aside from meeting potential litigious and costly compliance measures with the vendor, an efficient SAM practice will:
  • Save Money: Eliminating or reallocating underused software licenses, limiting overhead associated with managing and supporting software and reducing the potential for unexpected software costs.
  • Increase Security: Reduction of downloading or purchasing of software from unauthorised sites.
  • Access to Support: by only using licensed software, you are entitled to technical support.
  • Improve Productivity: Access to user manuals, reference materials and product support. When your SAM practice is operating efficiently, you can manage these resources.
  • Stay Informed: By getting the latest news, updates, changes and add-ons.
However, the main and most important benefit is so you can meet your obligations as a business, in terms of your end-user license agreements, thus meeting your legal and contractual obligations with the vendor.
 
So what makes you a target for a vendor software audit?  Is there a specific method behind the vendors’ selection process?
 
A well-known market analysis conducted by Ernst & Young suggests an interesting outcome which can be turned into useful advice to help identify whether your organization ca be potentially subject to an audit, as well as what you might be able to do in the future to avoid being audited again. Based on this research and our experience, here are a few highlights:
  • Inconsistency in purchasing patterns: sporadic or unpredictable buying patterns are more likely to be audited than those that make regular purchases and are part of an enterprise agreement.
  • Size of customer: the hypothesis is that mid-sized organizations are most at risk. Too small and it’s not worth the vendor’s effort in engaging, too large - more likely to have the appropriate processes in place. But this is not a rule - ALL organizations get audited – small, mid-sized and large.
  • History of poor license compliance: if you have a track of poor licensing records, it is more likely that you will be audited on a regular basis.
  • Datacenter migrations: in certain instances, the datacentre migration can create a big gap between the purchased entitlements and existing deployments, especially if the business requires the two sites to run in parallel until the migration is completed.  
  • Mergers & Acquisitions: organizations that have merged or made acquisitions are more likely to receive an audit request. This highlights the importance of a proactive approach to SAM when undertaking any kind of merger or acquisition.
  • Backup and disaster recovery polices: some vendors advise you must purchase additional licenses depending on the backup and disaster recovery policy.
So what is the best approach?
 
To start with, treat a software audit as a serious financial risk and communicate this message to the executive team.  Software audits have become a normal way for software owners to verify their customers' software usage, to identify gaps between usage and contracted rights, and to charge fees for additional licenses needed to close the gaps.
 
A licensing audit can take many forms – a formal audit, a true-up, a request for self-verification and disclosure of results, a pre-renewal or pre-purchase assessment of existing deployment, a compliance review by a third party or employees of the software owner.
 
If organisations are serious about avoiding software licensing penalties or fees, they need to ensure they implement efficient discovery tools, license optimisation software and consider partnering with software license experts to be able to create accurate software asset reports. A change management process must be in place to ensure that changes made in the datacentre are compliant with the existing licensing agreements.
 
In our next post, we will be discussing Vendor Audit maturity models and how to manage the complexity and continual change of audit and compliance procedures.
 
So what do we recommend?
IntegrationWorks recommends do not wait for the vendor audit team to contact you, but to already have a sound CA&CM (Continuous Auditing and Continuous Monitoring) practice in place. Setting up a rigid CA&CM practise takes effort and a strong attention to software contractual agreements. CA&CM advice and practise development is a key component of the IntegrationWorks Managed Services offering across all of our regions. If you would like some more information on what we do, please do not hesitate to contact us at info@integration.works