If you suspect that software publishers are becoming more vigilant about going after companies with licensing non-compliance issues, you’re right. About 38 percent of companies can expect a vendor with an audit letter to march in anytime. Forty three percent won’t owe any money, but among those found out of compliance, they can expect a fee of between $50,000 and $250,000. However, these companies report that the most costly aspect of a licensing audit isn’t the fines but the time consumed by the audit.
Microsoft, Adobe, AutoDesk, Oracle, SAP, and IBM are the most aggressive vendors when it comes to conducting audits. From year to year, vendors seem to hone in on certain size companies they expect to be most out of compliance, sometimes focusing on companies with between 500 and 5,000 employees, other times focusing on those with 10,000 or more workers, and occasionally targeting those with over 25,000 employees. According to the latest statistics, vendors are less likely to audit companies with solid software asset management tools in place.
The only way to ensure that your company will come out of an audit unscathed is to conduct regular and thorough self-audits. Most companies, unfortunately, are guilty of conducting only surface-level self-audits that aren’t at all indicative of what the company will undergo if Microsoft or IBM sends in their squad. Here is how your IT asset management self-audit can be conducted to reveal accurate and meaningful results.
Establish the Persons Responsible for the Self-Audit
Each department needs to designate someone to oversee their software audits. Alternate plans need to be made in the event that the designee is on vacation, sick, or has left the company if a real audit occurs. The person needs to take the audit seriously. Additionally, someone needs to be designated to play the auditor, and a couple of members of the legal team — with experience in litigation, contract law, and EULA — need to be involved. One lawyer should represent the auditor, another the company (audited party).
Establish What Tools and Resources are Needed for the Self-Audit
Every vendor has their own preferred tools for conducting licensing audits. Some are scripts, others are executable. The important thing to know is that there is always room for negotiation when it comes to tools selections in a real audit. There are valid reasons why companies don’t want vendors installing new tools into their systems, and vendors have to respect that. Hence, it’s important to choose a robust discovery tool for your self-audits, so that you are familiar with it and can make a solid case for it if an auditor marches in.
Conduct the Self-Audit Seriously and Professionally
During the self-audit, you’ll need to set a realistic and defensible definition of compliance. The purchase records, entitlement documentation, and inventory records should all be in agreement. Decide how to respond to any discrepancies. Also, you’ll want to establish steps for negotiation if these records don’t line up. Determine if both parties distributed the software according to the terms of the license agreement.
You should determine whether to pay reinstatement fees, and decide when a blackout will occur after an audit reveals non-compliance. Also, establish an acceptable timeframe between audits. Many companies fail to negotiate this with their vendors, leaving them open to a costly subsequent audit six months or a year later. Identify any licensing terms that are ambiguous. If found out of compliance will you pay up, purchase something else, or uninstall the software and pay all the fines?
It’s a good idea to offer employees who participate in the self-audit incentives for their serious and rigorous work. Good incentives could be a special party, a few gift cards, or some well-earned vacation. It does help motivate their hard work when there’s something in it for them.
Generate a Report on the Self-Audit’s Effectiveness
The self-audit isn’t complete until a report is generated to show how many work hours it took, what tools were needed, and what was gleaned from the experience. Regular self-audits should improve with time, taking less money and fewer new resources each time.