How to handle a software audit

Software audits are an irritating and time consuming part of life. To survive one unscathed you'll need a thorough understanding of your licensing requirements.

Software audits are an irritating and time consuming part of life.

To survive one unscathed you'll need a thorough understanding of your licensing requirements.

'IT executives being thrown into prison' is the usual battle cry of software industry bodies such as the BSA and FAST (despite no executive going to prison in my knowledge in the last 15 years).

The more realistic pain of software audits is unbudgeted cost and distraction from delivery of projects. It takes time to defend an audit; to collect the appropriate data and documentation - precious time that should have been spent focusing on business priorities. 

Microsoft, Oracle, Adobe, IBM, SAP, Attachmate and other large software publishers regularly audit their customers. Research with ITAM Review readers in the past suggest that, faced with a vendor audit, Microsoft are said to be most helpful, and Oracle least helpful.

Software licensing in an unregulated industry and it is often difficult to tell the difference between genuine infringements of intellectual property and over zealous software sales reps. Fearful of the word 'Audit', publishers commonly label these exercises as 'SAM Review', 'Maturity Assessment' or 'Readiness Assessment'.

Legally speaking, the vendors have the right to audit their customers baked into their agreements. Faced with this threat organisations have three choices:

  • Don't sign the agreement. Find another supplier with simpler or more automated licensing mechanisms.
  • Negotiate the right to audit out of the agreement.
  • Manage software in readiness of an audit. Develop the business intelligence to swot away audit requests with reliable data.

To manage software effectively on an on-going basis you'll need a good understanding of licensing agreements and what compliance looks like. You'll need good trustworthy data to support compliance in the form of documentation, licensing evidence and how software is installed, used or configured. Finally, you'll need the licensing smarts to be able to reconcile purchasing and configuration detail on a regular basis.

Software asset management tools exist on the market that will help you along the way but, especially for the larger vendors, you'll commonly need a licensing expert to help you in the final furlong. The investment of which can easily be recouped in cost avoidance at renewal time.

Another way of removing the threat of audits is to sign up to an all you can eat agreement. This may be a good choice for some organisations but often is a short term Band-Aid over bad practices. All you can eat agreements leave organisation numb to their real requirements and lead to over supply of software and wasted money.

Martin Thompson (pictured) is the founder of ITAM Review and heads up the Campaign for Clear Licensing.

Read more on Software licensing

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What is the standard turn around time for licensee to provide licensor entitlements and usage data when requested in a compliance audit when the terms are not spelled in the original contract? 10 days? 30 days? 90 days? What would be considered reasonable for a large corporation? Hypothetically speaking let’s say Oracle requesting? Also do vendors track the entitlements? I know not all vendors do but I believe some do such as Oracle? Are there industry standards for a compliance audit that I could find?