Successful strategies for surviving a software audit

Register now

As software becomes a more integral part of daily operations, many software publishers have increased their audit activities, whether to explicitly drive revenues by identifying non-compliance, or to force the adoption of new (predominantly cloud-based) licensing schemes.

Despite the fear surrounding audits, they are an inevitable hurdle that organizations must prepare for. Audit activity will remain high as long as vendors stand to benefit — whether it’s by convincing customers to adopt cloud applications or upselling new software versions and licensing plans.

Depending on their audit readiness, organizations can face costly penalties, or they can leverage their position to renegotiate existing agreements and secure new licenses cost-effectively. It is up to the organization to decide whether an audit is a necessary evil, an IT inevitability or an opportunity. Organizations that adopt the right defense and offense ahead of time will be able to position themselves for success.

#1: Respond to Audits Strategically

Many software publishers use audits as a source of additional revenue, squeezing customers to boost their bottom line. For an increasing number of vendors, audits have shifted from an occasional activity to a significant source of revenue. While they tend to be aligned with contract renewal dates, they can actually occur at any time of year.

Major business events such as mergers or acquisitions can also spark audit activity, while there is opportunistic auditing, too. In fact, many informal audits arrive as generic requests for an organization to collect and report data, or as an offer for a review, which can indicate a full-blown audit is on its way.

The best form of audit defense is process and preparation, ideally before any audit letter drops onto the doormat. Once the audit is initiated by a publisher, the first tactic should be to utilize the maximum notice period outlined in an organization’s contract with the vendor. This gives the organization time to self-assess and prepare to answer questions regarding compliance and whether the level and type of license entitlement matches application deployment and use.

Vendors want to see if organizations are under licensed, justifying the opportunity to upsell or enact penalties. If organizations proactively gain visibility into their users, systems and entitlement levels before an audit, not only can they can report accurately to vendors, but they can proactively compile usage trend information and identify optimization opportunities to empower strategic decision-making in their own time.

#2: Establish a Single Source of Truth

Compliance starts with establishing an effective license position and a single source of truth. To create a holistic view into compliance, organizations must gather data about software usage across their entire estate and then reconcile that data against entitlements and contracts.

The best software asset management solutions will automate much of this process, providing organizations with an accurate report of deployment, configuration, licensing and usage.

These data-driven insights restore power to organizations by equipping them with the information they need to demonstrate what software is being used in their IT ecosystem and how. So, when it comes time to sit down and negotiate audit requests, vendors will receive a set of data that has been verified and validated by the right technology, legal teams and management. This will stop vendors in their tracks as they won’t be able to dispute the hard facts.

#3: Restore Power to The Organization

When it comes to an audit sparring match, the side with the best data wins. While this data is typically in the hands of organizations already, they need accurate visibility across their estate to leverage that data, both when audit requests arrive and ahead of negotiations and renewals. When organizations possess insufficient data, data without insights or even data thrown together on spreadsheets, vendors gain the upper hand.

However, driving this visibility is becoming increasingly difficult. Digitization, despite its many positive contributions, has resulted in the distribution gap — a shift in the IT spending power, moving from centralized IT to individual business units.

According to a recent Gartner survey on IT cost optimization, “respondents with visibility of both the IT shared services budget and all digital spending across the enterprise report that, on average, nearly half of their digital technology spending is paid for by the business. A quarter is paid for out of the IT budget, with chargeback to the business."

This essentially means that IT has less visibility and understanding of how the organization is consuming (and is liable to pay for) technology in all its many forms. But it is still the IT team that is burdened with responding to software publisher audits.

To bridge this gap, organizations need to develop a comprehensive solution to continually track technology consumption, rather than a one-time inventory report, to enable better visibility at an employee, system and entitlement level by discovering and normalizing data across all locations and devices. With such insights, organizations are empowered to quickly create compliance reports, enable C-suite decision-making with usage trend information and identify optimization opportunities.

The key to establishing an undeniable compliance position is having the data to support an audit defense. This information can buttress the defense and also create a killer offense for organizations.

The head of software asset management at a large foods company recounts that the company recently faced an uptick in audits, with as many as eight per year. Though vendors included big hitters such as Microsoft, Oracle and IBM, leveraging data from its effective license positions helped the company to argue a demand for $1 million down to nothing. In addition, it was able to cut costs through software optimization and shrank its software maintenance budget by five percent.

If you are fortunate enough not to be facing a software vendor audit currently, now is the ideal time to identify and address risks. An audit letter could land on your desk at any point. Do not wait until that moment to act.

For reprint and licensing requests for this article, click here.