First off, let’s briefly define it. A software audit is when publishers review an organization’s contracts and entitlement, and then compare them to current licensing usage to determine if the current contract has been violated.
Violations could include:
Audits can be triggered by increased growth in a company or large IT transformation projects (essentially, times when a company could need more or different licenses, but hasn’t purchased more). However, these days, licensing audits are done on a fairly regular basis — sometimes every year. Publishers have cracked down on violations in the last decade and rarely leave any company unaudited for longer than two years.
If it’s determined that a company has violated its contracts, the software vendor will charge fees and penalties, or even take legal action.
Since audits are an inevitability these days, your organization needs a clear plan of action for when you do get that notice of an impending audit.
First up: Don’t ignore it.
It’s unlikely that the software publisher will forget they were going to audit you. Ignoring the impending arrival of auditors only serves to put you behind the curve once the process starts in earnest. The minute you receive the notification, start your action plan.
Perhaps most importantly, you need to assemble your internal audit response team. The team should bring together specialists from various areas of the business, including the procurement team, legal department and C-suite.
Now, there’s a lot of differing opinions out there when it comes to the type of relationship you should create with the auditors. Some experts argue that you should “ assume a defiant stance” and not cooperate too openly. Others suggest the exact opposite. The truth is, there’s probably a middle ground there. You don’t have to share more than is asked of you, but you don’t need to put the walls all the way up either. Focus more on consistent, thorough communication. Be open about the steps your internal team is taking, if you need an extension and your audit timeline.
An important note: Your dedicated, internal audit team should be the only ones communicating with the publisher or the third-party auditors. You don’t want side conversations or unknown purchases of more licenses or products to affect the audit.
Once the audit actually begins, the auditors will usually start by making a meeting with your internal team to explain the terms of process, as well as timeline. They’ll then get down to collecting data about your licensing and will prepare a report of their findings.
So while the auditors are in your system collecting data, what should you do? Well, don’t just sit back and wait for the results, especially if you don’t have a good understanding of your current usage.
Task your internal audit defense team with doing their own deep dive into your licensing environment. If you already have a mature Software Asset Management (SAM) plan, this probably won’t be too time-consuming a project.
If you’re not already knowledgeable about your licensing environment, this is probably the time to bring in a third party to help. It’s in your best interest to have an IT partner on your side during the process. You don’t want to rely completely on the publisher or auditors for information about your usage.
A systems integrator or super solutions integrator will have teams of experts that can reconcile your licenses, provide industry benchmarks for contracts and even help with future negotiations. Experts in particular publishers are extremely difficult to find and even harder to keep on staff. But they’re invaluable assets when it comes to getting a fair deal in software audits. Employing a trustworthy IT partner allows you to tap into this expertise.
When an audit letter arrives, some IT professionals have a tendency to panic and attempt to cover their tracks.
If you know you’re using licenses that you haven’t paid for, you may feel compelled to run out and buy licenses to fix the problem. But, since auditors will always ask what’s installed and when it was installed, doing so doesn’t help — it only proves knowledge of the wrongdoing.
Likewise, don’t delete software in an attempt to hide its usage. Forensic examinations can find evidence of deleted software, so you would only make yourself look guilty.
If the auditors find your company to be out of compliance, it’s time to hash out how much you’ll be paying in fines and/or penalties.
This is when your internal audit becomes vital. Due to the incredibly complex nature of software licensing, auditor results aren’t always 100% accurate. That’s why it’s so important to gather your own information and stack it up against the official findings. In some cases, you may be able to provide evidence that the auditors were mistaken and push back on the publisher’s demands.
At the very least, have a trusted expert in that particular licensing environment review the auditors’ results to make sure they’re correct.
As we said earlier, software licensing audits are a regular occurrence for every major publisher. So don’t think you’re out of the fire just because you survived one audit. It’s a safe bet that your company will be audited at least once a year. And in order to better protect the organization, your IT team needs to up its preparedness.
Of course, the best defense is compliance. However, there are a lot of companies out there that are so concerned with staying in compliance that they simply buy more software licenses than they could ever need. But there’s a better way. And it's called (you guessed it) software asset management.
A true SAM strategy doesn’t just mean understanding how many licenses your business is currently using or how much it’s entitled to (although that is an important part). It means understanding what your end users need and want, as well as what they have access to but don’t find very helpful. It means taking all that information and extrapolating not only what the business needs right now, but what it might need in the future.
Implemented correctly, a software asset management plan helps your IT team procure the right software in the right amounts for the right price, and save costs associated with either under- or overbuying.
And then when the next publisher comes knocking, your team is ready to come out of the audit unscathed.