Blog

December 13, 2018

How to Prepare for (and Avoid) Software Audits

Complex and highly interpretive, software audits are like an evil spirit that can cast a gloomy shadow on any organization’s profitability and reputation. However, as CIOs and IT specialists, you would know that if your company licenses any software, it is only a matter of time before the vendor sends you an audit notification. Larger players, such as Microsoft, SAP, Adobe, IBM and Oracle are known to send out frequent audit requests to their customers. In fact, given the surge in the use of multiple technologies and hybrid environments, many of these companies see software audits as a mainstream revenue generation mechanism.

To put this in perspective, a software audit almost always results in huge costs for the user organizations who end up paying millions of dollars in true-up costs or dispute settlements. A recent survey on key trends in software licensing shows that:

  • 75% of the user companies were non-compliant with their software contracts.
  • 20% of the user companies paid $1 million or more at the end of a software audit.

While you may think of software audits as a waste of time, resources and money, the reality is that they are here to stay. Your best bet to tackle, delay or completely avoid an audit is to put together a solid software compliance plan.

Top Tips to Be Prepared for a Software Audit

How Non-Compliance Occurs: A software audit typically checks for any gaps between the terms and conditions of the licenses that you purchased, vis-a-vis their actual deployment, installation or utilization by your network and systems. Some of the common reasons that lead to violations in your software contracts are:

  • As a large or fast growing organization, you invested in multiple technologies and used the software licenses in ways that were not covered under your purchased license
  • You have not done a bucket level assessment of installed software versus purchased software.
  • You have not thoroughly checked the administrator rights on all the devices owned by your organization.
  • Your organization implemented a Bring Your Own Device (BYOD) policy, but the lack of tight controls has caused a mismatch between the stated measures and actual device compliance.

Even if you diligently reviewed each contract when you signed it, there will invariably be some condition that you violated because:

  • You overlooked it during the fast-paced technology implementation which had to match your business needs and goals. OR,
  • The software auditors have interpreted the complex contracts in ways that benefit the vendor companies.

Solutions to Avoid Non-Compliance

There is no easy solution to avoid this problem. Here are some possibilities that may put you in a better position to withstand an audit:

  • Simplify the Environment: Transitioning from on-prem environments to complete cloud-based solutions may be a likely option to manage multiple software, however, do not assume that by doing so, you can prevent software audit issues. In reality, hybrid solutions or mixed environments present higher licensing complexities making your organization vulnerable to huge fines and lawsuits.
  • Invest in a License Management Program: Invest in a good IT asset management (ITAM) system that:
  • Creates a virtual warehouse of all your IT assets, including hardware and software.
  • Offers visibility of all software installed on your organization’s network and devices.

With all the information sitting in one system, you and your IT compliance teams can review and manage all the hardware and software licenses centrally.

  • Conduct Regular Internal Audits: Often, companies make the mistake of scheduling an internal audit only after they receive a software audit request from the vendor. Instead, set up a formal IT compliance function and schedule internal audits at fixed intervals to make this an organizational priority. Moreover, software audits are lengthy and painful and can last for anywhere between six to eighteen months. The better prepared you are, the higher your chances of wrapping up the queries quickly, and making better use of your time and resources.

However, in case you are considering any of the comprehensive, self-audit tools offered by the software companies, review how much data the vendor can access, in order to rule out the possibility of stealth audits.

Navigate Software Audits through Software Asset Management

A robust software asset management (SAM) system will not only be your central repository for purchased and deployed software licenses, but it will allow you to review your software usage and identify licensing costs and redundancies. At Glasshouse Systems, we offer a range of License Management and SAM Licensing expertise to our diverse clients across North America. Take advantage of our accredited consultants and comprehensive tools and systems to proactively defend your company from costly and tedious software audits.

Contact us to learn how you can manage and optimize your software asset purchases, or leave a comment below for more details on software audits.

For Canada and worldwide, contact our main Canadian offices:

  • +1 (416) 229-2950
  • +1 (416) 229-9096

By email: canada@ghsystems.com

For all US-based enquiries, please contact our main US offices at:

  • +1 (630) 724-8500
  • +1 (630) 724-8509

By email: us@ghsystems.com

TAGS: software asset management, software audit defense, SAM