- Oct 03, 2019
- Rich Reyes
Top 5 Mistakes To Avoid During A Software License Audit
According to Gartner, software license audits are increasing for organizations of all sizes and industries, as IT vendors look to protect their intellectual property and augment traditional sales streams. During a software license audit, suppliers and their compliance teams continue to use new tactics to uncover over-deployed licenses that can be converted into a revenue opportunity or an unplanned expense for their customers.
Companies typically undergo five software audits per year, so it’s not surprising that internal resources and product owners are caught off guard and unprepared for information requests made during a software license compliance assessment.
Although many enterprises have invested in Software Asset Management (SAM) tools and programs, Connor Consulting continues to observe that companies tend to make 5 common mistakes when undergoing a software license compliance review. You can minimize excessive license and support fees paid to vendors by learning how to not fall victim to these common traps.
In no particular order, here are the top 5 mistakes to avoid during a software license audit:
1. Formal Audit Response Team (ART) is not in place.
If your communication is not centralized through a designated or formal team, commonly referred to as an ART, your company is at risk.
Vendors and their auditors often have direct access to IT administrators and operations personnel, which can lead to over-sharing of information or data collected that’s not relevant to the scope of the software license audit. The ART should designate a single point of contact for any license review to prevent information leaks that increase adverse findings and software over-deployment risk exposure.
2. Entitlement data is not requested up front.
Having a complete picture of your software purchases is essential in ensuring software license compliance with a given IT supplier agreement. However, it is common business practice for vendors and auditors to withhold software entitlement data from customers once a software license audit is initiated or until the reporting phase of the review.
While vendors don’t always agree or aren’t forthcoming with the records, it’s a leading practice to leverage relationships with your account teams and/or resellers to obtain complete downloads of your license entitlement data. Ideally, these requests for major IT vendors should be made prior to any audit, as part of normal SAM operations.
3. Data provided to vendors and auditors contains too much information.
During a kickoff or scoping meeting, the auditors will talk through the data collection procedures. They generally provide flexibility as to how they’ll extract pertinent software data from existing tools and/or their own custom shell scripts.
More often than not, the output contains information that may not be directly relevant to the scope of the vendor review. It’s important for customers to review the code of any custom scripts and verify the key words being used for software discovery queries, as they could produce data about users, systems or other vendors that should not be divulged.
4. Audit findings, calculations and assumptions aren’t challenged by customers.
After the vendor deployment data is collected and reconciled to the customer’s purchase entitlements, the auditors will generate a compliance table summarizing the auditee’s effective licensing position, marking any license issues in red.
In many cases, companies don’t try and self-audit the findings, check the Excel formulas/calculations and verify whether the assumptions are reasonable, given the existing product install base and other IT environment factors. Failure to do so can cost them an exorbitant amount of software and support fees upon settlement of the software compliance audit.
5. Future business or pending vendor purchases aren’t consistently used to their full advantage.
Yes, the vendor usually has the right to audit you and verify compliance with an existing software agreement; however, your company may have a great deal of leverage that is not being used to influence the outcome of the review.
For example, there could be a sizable investment in flight or being considered with the incumbent IT supplier. Creating an alignment wedge between the sales organization and compliance function is a well-known best practice, but it’s not routinely employed enough by customers under review. If the commercial opportunity is considered significant or strategic (e.g., cloud migration, contract renewal, etc.), the timing, scope and results of the software license compliance assessment could be impacted in your favor, saving your organization cycles and cash.
Want to take a deeper dive into software license audit defense? This focus-driven session gives your team an audit defense plan delivered by software license audit experts from Connor Consulting and Aspera.