Are software audits good for your health?

The Business Software Alliance's claim that 90% of all audit letters sent in 2012 were the result of tips from whistle-blowers is a wake-up call to CIOs

The Business Software Alliance's (BSA ) claim that 90% of all audit letters sent in 2012 were the result of tips from whistle-blowers should be a wake-up call to CIOs.

IT chiefs may well ponder how to progress when the boss refuses to budget for the right number of legitimate software licences and need to consider the possibility that disgruntled IT staff or contractors are tipping-off suppliers or the BSA, rather than speaking directly to senior IT management about their software licensing concerns.

Whistle-blowers can earn up to £20,000 based on the value of the software licensing fees recouped. For the BSA, whistle-blowers provide a route into organisations that may be hiding discrepancies in the software they license.

Building and construction design consultants Kyson Design paid £3,000 in damages for using unlicensed software following an investigation by the BSA. The case came to the BSA's attention following information reported by a whistle-blower. The company was subsequently required to conduct a self-audit, which revealed unlicensed Adobe, Autodesk and Microsoft software.

The BSA’s online form for reporting software piracy anonymously looks relatively straightforward: along with name, address, size of company, industry sector, name of CEO and contact email address of the informant, the BSA only needs information on the names of software, selected from a drop-down list from the 39 companies it represents. The BSA assures whistle-blowers that their identities are never revealed.

In fact the BSA’s website hosts an audio podcast where an anonymous IT contractor discusses how he reported a licensing issue. “I felt very comfortable reporting it on the [BSA] website,” the informer stated.

More on licensing and IT asset management

Quocirca analyst Clive Longbottom, said: “Unless the BSA has sufficient information it cannot push doors and conduct an audit, so it needs information from whistle-blowers.”

The informant could be the CIO, or head of IT; but it could equally well be a junior member of the IT team.

“If you are a company director and you are actively aware of [software licensing] problems in the business then you are personally liable,” he said. 

So if a CIO is being pressurised by heads of business to infringe the licensing terms for their software, they may feel they are personally at risk, according to Longbottom.

In small businesses, the IT manager cannot simply go to the owner/manager because there is a very real risk of being fired, which is why the BSA’s whistle-blowing scheme exists. Strictly speaking, as a senior member of the business, the head of IT should have the confidence to handle the software licence discrepancy with the owner of the company.

If caught, a business found under-licensed will be fined; it will have to pay for the legitimate licences and will be named and shamed by the BSA. The BSA is also likely to undertake a full audit of all software, which may result in further fines and licence fees to pay should more discrepancies be identified.

Benefits of auditing

So what is the answer? In any size of organisation, auditing is the CIO’s friend. But it is best to take control of the situation. “If you get control of the software licence, six to 12 months down the line, you will be cash-positive. We can save an organisation 20% of their overall IT spend ,” said Matt Fisher, business development director at License Dashboard, which produces software auditing tools.

There is significant potential to improve the licence position and amend terms and conditions during audit closure, but this is rarely exploited, according to analyst Gartner - research director Victoria Barber said: “People deal with it as a fire-fighting, damage-limitation exercise. It is not an ideal situation doing an audit especially if you are not compliant, but the audit will enable you to see what licences you have, what value they have, and whether there is room for negotiations with the supplier.”

Challenges of software auditing

Larger organisations may find they are targeted directly by the large software providers, while the BSA will go after smaller businesses. “Enterprises are more profitable for larger suppliers, so they need to be more tactful. The BSA can take an aggressive stance with SMEs,” according to Licence Dashboard’s Fisher.

Ernst & Young’s Software compliance without tears report from 2011 warns that software audits are on the increase.  The research states:  “The single biggest reason for such activity is to generate revenue, software suppliers also want to protect their intellectual property rights. In addition, they’re often looking beyond the immediate audit.”

Businesses should not ignore audit requests from suppliers.  In its Why software vendors audit customers whitepaper, Licence Dashboard notes: “It may sound obvious, but a common mistake made by many organisations is to ignore an audit request in the vain hope it will go away. In fact, the reverse normally happens and you risk the auditing vendor becoming increasingly aggressive and hostile the longer you delay in responding to an audit request.”

According to Gartner, IBM, Oracle, Adobe, Microsoft and SAP are the leading suppliers likely to request a firm to audit its software.  Barber warns that it is not only the desktop that IT managers need to be concerned about. The desktop is relatively easy to audit, since it is likely to run Windows and so Windows-based software asset management tools can determine the software of PCs connected to the corporate network.

CIOs must also measure the complex licensing metrics within a datacentre’s software environment. Barber added: “You need to identify if the product is installed in your datacentre. You need to look at metrics like processor value units or number of cores. With SAP we found one customer’s licence was based on the number of bank accounts/clients in the system.”

However, software auditing can be an expensive and time-consuming task for an already overstretched IT department. It requires cross-department collaboration and a lawyer with expertise in software licensing. Moreover, software asset management tools can help, but they only provide some of the answers needed for a full software audit.

Stephen Mann, an analyst from Forrester Research, said software asset management tools only provide information on what is being used. It is half of the problem. Arguments with suppliers can arise over entitlement, where a business believes it is entitled to a discount because it runs a previous version of the product. He said:  “Large organisations may have switched from central to distributed procurement so it may be difficult to understand what has been spent on software over the years.”

Read more on Software licensing

Data Center
Data Management