It’s an interesting time for software audit licensing, and companies are, all too often, finding themselves in the storm of an audit. Perhaps it is due to the fact that licensing use rights are being applied to increasingly complex IT environments that have changed beyond the terms of their former software agreements. Or, maybe it is because revenue for new software licenses is down, forcing vendors to focus more on licensing audits to recover some of the lost income.
Whatever the reason, IT organizations need to be diligent if they are audited. And, taking some simple steps to avoid an audit in the first place wouldn’t hurt, either.
Staying Compliant with Software Licensing
The best way to handle a license audit is to stay out of trouble in the first place. While sometimes easier said than done, you can take a few steps to stay in the clear.
- Maintain robust software asset management (SAM) processes.
- Make software licensing a core part of change management.
- Consider how normal IT actions, like upgrading servers, will affect your software licenses and address any issues at the time actions are taken.
- Don’t just rely on spreadsheets for compliance management — look into how an automated solution might help you stay on top of things better.
- If you discover a licensing issue, admit to it. It can be advantageous to pursue proactive remediation to possibly avoid punitive costs and other consequences of an audit.
- Don’t look the other way if there are unlicensed copies of software being used in your organization. Ensure that your written policies and procedures are consistent with your actual policies and procedures, and make sure your employees, consultants, and vendors understand the rules.
Preparing for the Software License Audit
If, despite your best efforts to remain compliant, you find yourself being audited, take these steps to make the process go as smoothly as possible.
- Contact the vendor to find out the scope of the audit because audit procedures vary by provider.
- Begin an internal audit so you can learn more about the problem and discover any additional shortfalls.
- Get all your ducks in a row: Make sure all communications between your team and the vendor are appropriate, and ensure that the process includes an opportunity to review findings prior to settlement. Also, validate that the auditor has included all licenses to which you are entitled.
- Along that same vein, make sure your company clearly understands the audit rights by reviewing the provider agreement. Within reason, push back against anything you do not believe is mandated.
- If the audit proceeds, manage the process with a proactive mindset. Do not sit back and wait for instructions — find out what you need to do, and just dive in.
- Approach settlement talks as a negotiation. Don’t just accept the initial settlement demand as carved in stone. If your company’s non-compliance was inadvertent, or otherwise reasonable, consider a counter-offer based on achieving and maintaining future compliance instead of back-dated compensation, retributory list pricing, and other punitive actions.
- If you know you will have to pay punitive costs, have in mind a dollar value settlement before going into talks. The cost will vary based upon the provider and the situation, but a reasonable target settlement amount is the estimated supplementary costs had your company remained in compliance. Expect to pay something, but use any leverage as a customer (current and future) that you might have to come to an agreement.
Whatever you do, don’t be passive and simply accept the audit terms, process, and results. Admit whatever fault may be yours, but stand your ground when it comes time to work with auditors and, especially, when it comes time to work out a settlement agreement.