Once upon a time, software vendors developed awesome products. Companies bought the products, used them, and prospered. Apparently, vendors no longer depend on developing and marketing top-notch products to draw in the revenue. As sales decline and vendors crank out increasingly inferior products (Apple’s iOS security loopholes, the instability of Office 2013, and the catastrophic failure of Windows 8, just to mention a few), vendors have found a whole new revenue stream that doesn’t depend on their development and marketing skills at all.
Vendors are becoming more aggressive about auditing businesses and are making millions from those found out of compliance with software licensing agreements. As it happens, mergers and acquisitions are one of the key triggers for an audit, because vendors know this is when companies are most likely to be found out of compliance, landing them some quick, easy cash.
Potential Triggers for Audits
The worst vendors about conducting audits are (in order) Microsoft, Adobe, Autodesk, Oracle, SAP, and IBM. Almost every company in the United States uses products from at least one of these vendors, and most depend on products from most or all of these. Unless you’re operating with 100-percent free, open source software, you have a risk for being audited. Vendors have identified several times at which companies are most likely to be out of compliance, and focus a fair amount of their auditing efforts on companies in one of these situations:
- Companies that the vendor has previously audited typically do not improve asset management systems after the audit, so vendors often target these companies a second time.
- Companies that were audited by another vendor might have exhibited signs of non-compliance, leading other vendors to target them for additional audits.
- Companies that are engaged in mergers and acquisitions are often focused on people and processes, not software licensing. This means it’s a good time for vendors to catch them off guard and make off with hefty fines.
Why Mergers & Acquisitions are a Prime Trigger for Audit
The process of acquiring another company or merging two companies involves a period of turmoil. People are shifted to and fro. Hardware is moved, reassigned, lost, and reassigned again. Systems are blended, databases are consolidated, platforms are standardized, and nobody is paying attention to where the IT assets are going. Add in the fact that software licensing contracts are intentionally written in language that is both vague and confusing, and it’s easy to see why mergers and acquisitions are a good time to catch IT departments with their proverbial pants down.
How to Protect Yourself During an Audit
There’s really nothing you can do to prevent an audit once a vendor puts you in their sites, but there are things you can do during a merger or acquisition (or anytime) to make that process go smoothly, and more importantly, end without you forking over a fat fine.
- Maintain a robust asset management system throughout the merger or acquisition process.
- Include all software and hardware assets in the asset management system. This usually means requesting a complete listing of assets, contracts, and related documents from your new sister company before the actual merger begins.
- Retire unused, redundant, or outdated software packages as processes are set up and defined.
- Renegotiate software licensing contracts to reflect the needs of the business as the merger unfolds.
- Conduct a realistic internal audit of your own software licenses once the merger is complete.
Part of this process is making sure senior management is aware of the potential for an audit at this time. Be sure they are aware of potential compliance issues, associated fines, and ambiguous wording in contracts. The legal department should also be consulted so that they are aware of the status of compliance and the potential for an audit. A good IT asset management system is your best defense when an auditor comes knocking.