Kar Tr - Fotolia

How to combat software auditors

Software audits can be a huge waste of time and resources for IT departments

IT departments can waste a huge amount of time pandering to requests for audits from the big software firms – but it doesn’t have to be that way.

Software suppliers are abusing their copyright protection powers and using audits to generate revenue, according to research for the Campaign for Clear Licensing (CCL).

Software audits have become a business-as-usual feature in the IT department, with audits taking an average of 194.15 working hours to resolve over an average duration of 7.13 months, the research found.

According to CCL, IT departments are wasting time trying to interpret licensing terms and defending audits rather than exploring competitive solutions or reviewing their true requirements.

It found that suppliers routinely use vague and out-of-date licence metrics to exploit revenue-making opportunities.

CCL also warned that IT departments are mostly reactive to software audits and have not allocated enough resources to managing software as an asset, despite the huge amount spent each year on software, maintenance and subscriptions.

Microsoft was found to be the most helpful supplier from an audit perspective, but CCL warned that it adopts a time-consuming review process. Here, previous compliance misdemeanours might be overlooked if the customer adopts the software publisher’s strategic products, in the case of Microsoft in 2016, Office 365 and Azure, said CCL.

CCL recommended organisations to adopt proactive software asset management practices to thwart audit requests as they arise and prevent a huge amount of time and energy being wasted on defending audits.

As Computer Weekly has previously reported, IT departments should be savvy with their negotiations, particularly as many suppliers are actively pushing cloud-based subscription licensing.

For instance, in his report The fog begins to lift on Oracle’s cloud shiftForrester analyst Duncan Jones wrote: “The urgent need for orders could mean there are great deals available for well-prepared customers.”

Read more about software audits

Where viable, using third-party support tactically can help IT departments negotiate better licence fees and enable them to avoid paying maintenance on shelfware.

Although suppliers can ask for an audit, Robin Fry, a solicitor and legal director of Cerno Professional Services, wrote recently in Computer Weekly: “Oracle has no right to enter your premises. UK and US laws give strong protection to the rights of individuals and businesses to protect and control their property.”

Fry said the wording of Oracle’s contract does not specify how the audit should be conducted. “There is no contractual obligation to run specific scripts, and if you can deliver the information in another robust and credible format, that would be enough,” he said.

But other suppliers have different terms and conditions, so IT departments must be wary of what each supplier’s contract stipulates.

Highlighting the tight schedule AutoCAD imposes on audits, Fry said: “Given Autodesk’s extensive audit rights and a very tight 15-day timetable, in many cases it will be impossible for a customer to check all their licences and, if necessary, reconfigure their installations within that time period. This means that the customer is often surrendering itself to a full Autodesk audit with no realistic opportunity, beforehand, to ameliorate the situation.”

According to Fry, AutoCAD will try to charge organisations that are found to be under-licensed, three times the cost of its licence fee. Within the UK, damages are typically limited to the standard commercial licence fee. So any demand for excessive licence fees should be resisted, said Fry.

Another area to consider, said CCL, is the effect of the major IT firms consolidating their businesses. For example, it highlighted the risks for HPE customers given that the supplier is selling its software infrastructure business to Micro Focus, which owns Attachmate.

CCL’s study found that Attachmate was among the most aggressive software providers in terms of audits. “HPE Software customers should be wary of aggressive Micro Focus audits in the light of the agreed merger in 2016,” it warned.

Read more on IT strategy