SOFTWARE AUDITS AND HOW TO SURVIVE THEM
In the current economic climate the recent trend of imposing financial penalties on organisations using unlicensed software is expected to increase. As software publishers increase the frequency and rigour of audits to preserve their revenue more and more companies are finding themselves the focus of a Software License Agreement Review - more commonly known as a 'Software Audit'.
Software license compliance is complex, and this complexity is multiplied by the number of
products and vendors you use - each having their own licensing and agreement models. This makes the
job of ensuring you are correctly licensed and legally compliant a tough one unless you approach it correctly.
In this article we take a look at what is involved in surviving a Software Audit and how best to prepare for them.
Manually managing software assets and license agreement compliance is a time consuming and onerous task, laden with costs and risks. In general, by the time a manual assessment of an enterprise’s license position is obtained, it is already out of date. Luckily IT departments can look to adopt an IT Asset Discovery or Software Asset Management (SAM) tool that automates these processes and ensure on-going license compliance. Where an organisation has little understanding of the downgrade rights, client access scenarios and migration potential for the licenses that they hold, a trusted third party can be used to guide them through the route to license compliance.
What is a Software Audit and how do vendors decide who to audit?
- "What is Software Asset Management (SAM)?"
- "How do I know if I have enough software licenses?"
- "How do I find out what software we use within the company?"
- "How can I find out what machines are on our network and what software people have installed on them?"
If you are asking any of the above questions it is likely that you are either already the focus of a Software Audit or you are taking a proactive approach to Software Asset Management in order to save on your software license costs, maximise return on investment and avoid the risk of unnecessary fines in the future.
At it simplest a Software Audit is:
- The identification of software usage.
- The collection of license agreements and understanding the rights they grant.
- The reconciliation of any discrepancies that may exist between software usage and license agreement rights.
The typical request is for the company under review to document every single installation of software - by product, version and edition - throughout the enterprise at the time of audit notification, and to produce a dated proof of purchase that demonstrates that the associated software licenses were purchased prior to the effective date of the audit.
Typical triggers in the initiation of an audit include: a tail off in regular license purchases, purchase of a server license but no associated purchase of client access licenses and a growth in company size with no associated increase in license purchases - but there are a multitude of reasons and factors involved. The audit may also be initiated following a trade organisation such as the BSA or FACT being notified by a disgruntled employee or concerned individual reporting suspected license compliance failure or use of pirate software within an organisation.
In the current economic climate IT budgets are likely to undergo cuts, spending on new software will decrease and so the major software vendors may decide to conduct a license agreement review merely to ensure they are getting the revenue that they are entitled to under the terms of their license agreements.
What happens in a Software Audit?
- Normally a customer will receive a letter from a vendor such as Microsoft, Adobe or Symantec or from a trade association such as the Federation Against Copyright Theft (FACT) or the Business Software Alliance (BSA) notifying them of intent to conduct a review of the software license agreements they hold.
Discovery and reconciliation
- Conducted by the customer, this may be an entirely manual process or assisted with the use of an IT Asset Discovery or SAM tool such as Ensemble
. IT departments should ensure that all their paperwork is in order, recorded and easily accessible, including paid invoices, receipts of purchases, licensing agreements and certificates – especially records of purchases from resellers and publishers. This proof of license entitlement is critical to the reconciliation process.
- The auditing vendor or trade association may send a SAM or licensing specialist to perform a 'light-touch' initial assessment. During this review a company will be asked to produce information on the hardware assets they own, the software installed on those machines, the licenses held and demonstrate that processes are in place that ensure that procurement and allocation of licenses satisfy the terms and conditions of the license agreement under review. The important thing to note is that all installed software and license agreements that will be under review are those in place prior to the point of notification of audit. Some companies mistakenly try to mitigate risk by going on a license purchasing spree or rapidly try and remove software from machines to hide software usage. Only purchases made before the date of audit notification are considered by the auditors.
- If the outcome of the initial stages of the audit is such that the vendor or trade organisation sees fit, they will issue a notification of intent to take legal action. This may result in not only the recouping of unpaid license revenue - at full retail cost - but may also incur significant fines and/or imprisonment and court convictions for the directors of the company concerned. More often than not, a company found to be non-compliant is given a set period of time in which to make good the license shortfall and demonstrate a willingness and ability to adequately manage their software assets going forward. Both of the outcomes presented here would represent a significant and unplanned cost to the organisation being reviewed, not to mention negative press and potential damage to their business credibility.
In an ideal scenario the company being reviewed will already have a full SAM procedure in place and have an accurate and up to date software inventory. This is the necessary first step in the process that will enable the IT department to reconcile the list of installed applications with software purchase data, license type and associated conditions of use.
Using an IT Asset Discovery and Audit Tool to reduce cost, time and risk.
Very few organisations - even large global enterprises - have the data needed to satisfy the auditors to hand and a manual process of collecting it and keeping it up to date is expensive, complicated, prone to errors and very time consuming. By having a set of SAM processes and a software tool designed for the purpose of license reconciliation in place, a company can greatly reduce the unexpected cost, disruption and risk that a manual audits carry.
Modern SAM solutions like Ensemble
let you scan and upload your software licenses, purchase orders and invoices and hold them within the system's document repository where they will count against the software you have installed - presenting you with a single repository holding all license data and showing you in seconds your current license compliance. Peace of mind should you receive notification of audit.
The benefits of using a SAM tool such as Ensemble
are not only relevant in times of audit however - many financial gains can be made by the effective management of software and hardware assets on an on-going basis. Some companies have many thousands of pounds invested in software that is never even used. Without an asset management system it is very difficult to identify and manage such wasteful spending because software is not a highly visible asset. Imagine if your company spent many thousands of pounds on company cars and then let them sit in the car park, unused. That is what many companies are doing with their computer hardware and software assets. Using a SAM tool helps you to identify and reduce this cost, brining benefits to the company's bottom line, regardless of a software audit scenario.
Understanding software licenses.
Determining your license compliance position requires much more than simply comparing purchases and installations. IT departments need to be able to demonstrate that license types - e.g. device based, named user, processor based or concurrent user - are understood in conjunction with computing environments such as virtual machines, multi-processor machines, user communities, and physical locations.
Furthermore, demonstrating that both rights of usage as well as limitations of usage are understood and applied across the IT estate will instil an auditor’s confidence in the company and lessen the likelihood of legal action. Software licenses are not simple things to understand, the version, edition and way in which the software is accessed all play a part in determining if the software is being used in a manner that is allowed under the license agreement. For example - many people will purchase a license for a Microsoft server product but fail to realise that Client Access License (CAL) purchases are also required for each machine that may connect to the server. With each product having potentially multiple licensing models and each vendor having their own set of license agreement structures the number of licensing models in use can be daunting and complex to understand. Having a SAM tool that already has a large database of identified and classified software can help reduce the amount of work needed in understanding these complexities as software that does not require a license can immediately be disregarded from any reports the tool generates. Beyond this, a specialist SAM services company can be engaged to make sense of the situation and make recommendations for license downgrade, migration and re-use to help save on licensing costs.
After the audit - how to keep on top of things with proactive Software Asset Management.
Following the conclusion of a software license agreement review the risk of further audits and unplanned expenditure can be reduced by implementing a specialised SAM tool and defining IT procurement processes that take ownership of your costly IT assets and maximise your return on investment.
"Enterprises that systematically manage the lifecycle of their IT assets will reduce costs per asset by as much as 30 percent in the first year, and between 5 percent and 10 percent annually in the next five years." - Gartner
The only way to be successful in achieving a low-risk state is to build appropriate processes and procedures into your daily business operations. It needs to be part of procurement, part of IT, part of document retention and accounting operations. You have to comply with good business practices, retain documents you need to retain and implement the tools you need to do internal auditing so you can constantly manage what you have and reconcile what you have installed against what you've purchased. If you don't have a solution for software asset management that can provide internal and external auditors with accurate, predictable and consistent results, the industry advice is that you should put one in place.
With the advice and expertise of our partner companies within the software licenseing market we have developed our own tool named Ensemble
. We believe is the simplest way to manage your way through the worries of a Software Audit or to achieve the many benfits of SAM.