Software Audit Advice

Part Two: ARE YOU A TARGET FOR A SOFTWARE AUDIT?

What are your chances of being audited by one of the major vendors in the near future? The likelihood is very high. As we discussed in our last blog, a recent research study run by Gartner suggests a 68% chance of being audited by at least one software vendor in the following 12 months. If you are working in a Vendor Management role or a Technology Compliance Role, you know that this number is very accurate.

45% of organisations are going through two or more vendor audits in one year. Given these numbers, making sure your Software Asset Management process are up to compliance standard is becoming increasingly important.

In this blog, we’ll be discussing the Vendor Audit Maturity Model so you can see where your business aligns in terms of compliance and maturity. We’ll also discuss the challenges your business may face in achieving full compliance.

Vendor Audit Maturity Model - The table below summarizes different results achieved by an organization faced with a vendor audit depending on their maturity. Success with vendor audits is not only about having sound processes and procedures in place but also the correct attitude towards the situation. 

Now for the bad news… Achieving licensing compliance is extremely difficult.  Mainly for two reasons – complexity & change.

Complexity… The software vendors offer a variety of licensing and pricing programs to address the diversity of its customers and its large number of products. Each program has its own metrics, rules and options. Close monitoring of the licensing options and internal product usage is required to select the best fit to suit your organisation. The software usage monitoring must continue during the entire project life-cycle.  Some policies such as backup and disaster recovery license entitlement are not detailed in the signed agreements and must be monitored separately. The various agreements, licensing documents and references contribute to the difficulty in managing your software assets. 

Some vendors deliver licenses with no constraint on the number of software installations which are not linked to a specific license key. This means that in certain situations there are no technical limitations to deploying more software than is licensed. This allows for flexibility and scalability, but may create problems when trying to match licenses with deployment. As a result, in a distributed environment, many installations may occur with the same license, bringing the company out of compliance by tens of millions.

Change… Software owners are usually changing the rules governing the software usage, and they sometimes do not make the changes clear to licensees. Every organisation facing a software audit should research and understand all the licensing changes adopted by the vendor, so the impact of those changes can be evaluated. An experienced licensing expert will often be familiar with the contract practices of major software owners in order to explain market-wide changes.

Software delivery models of course have been trending towards the cloud, and licensing to subscription as a result the provider-lead shift of application business and delivery models to SaaS, in turn leads to a substantial change in software provider / client relationship.

The great news – IDC’s predictions - there is light at the end of the tunnel

IDC has recently released an updated set of predictions which underline that some of the software providers are already working towards new licensing programs designed to simplify the customer experience.  Less complexity provides better ability to manage your existing assets and reduces the financial risk.

Our recommendations

IntegrationWorks recommends do not wait for IDC’s predictions to become a reality and ensure you have a sound CA&CM (Continuous Auditing and Continuous Monitoring) practice in place. CA&CM is a key component of our Managed Services Offering and a standalone service where we offer advice and consulting on how to build a strong and compliant SAM practice. For more information on our CA&CM services, please contact us on info@integrationworks.co.nz