How to Respond to a Software License Compliance Audit and Prepare for the Next One
In the previous article, we discussed the prevalence of unlicensed software in the workplace. This has not gone unnoticed by the software vendors, especially Microsoft, which is why software license audits are on the rise. Simply responding to an audit is costly enough for a small to midsize business, but penalties and true-up costs can easily get into the six-figure range.
Even if you believe you’re doing a good job managing your software licenses, some software vendors are conducting routine audits with random customers. Organizations should operate under the assumption that a software license compliance audit will happen at some point and respond accordingly.
First and foremost, do not ignore an audit notification. Contact your attorney immediately to coordinate the audit process. Your attorney will review your contracts and explain your rights and obligations with regard to the audit. Counsel should also engage with the auditor to establish the scope and timeline of the audit. The issuing of requests and the drafting and review of reports and documents should be handled by your attorney. Documents should include a non-disclosure agreement to ensure that all of your proprietary information is protected.
Once the scope of the audit has been established, IT should conduct an internal assessment of software license compliance to quickly determine the scope of software use. Although the software vendor will conduct its own audit, that doesn’t mean you have to blindly accept the results and, if noncompliance is discovered, pay whatever the vendor demands. Your organization should have the opportunity to review, comment on, and possibly challenge the findings of the audit, and negotiate a settlement.
Some organizations are so rattled by an audit that they overhaul their software licensing strategy based on that audit. As we mentioned in the previous post, many organizations overcompensate by purchasing too much software and end up wasting money on unused or underused licenses. Instead of reactively setting strategy after an audit, take a proactive approach that minimizes the risk of noncompliance.
First, conduct a review of all installed software and collect proofs of ownership (purchase orders, paid invoices, receipts, etc.). This can be a long process given the complex nature of most IT environments, but it’s the only way to ensure that every application you need is properly licensed. It will also allow you to get rid of applications and licenses you don’t need and quantify your risk of noncompliance. Investigate Software-as-a-Service licensing that allow you to use only the services you require with pay-as-you-go pricing. Lastly, support your strategy with documented policies and procedures that define the rules for purchasing, using and distributing software and reporting risky activity.
You may not be able to stop software vendor audits, but don’t allow yourself to be steamrolled by the vendor, and don’t let an audit dictate your approach to managing software. Take stock of your existing software, make sure software usage is aligned with business needs, and develop a software license compliance strategy that reduces risk and controls costs.
ABOUT THE AUTHOR
Lisa Detwiler, President joined SSD Technology Partners in 2006 as Chief Marketing Officer, and in 2014 she and her two partners Woodie Bowe and Nick Ewen purchased the company. Detwiler holds an MBA in Marketing and Strategy from Carnegie Mellon University. Lisa successfully led SSD through a difficult economy in 2012, recording the company’s greatest growth record in 31 years.
Lisa believes that our foundation for success does not come from fancy business buzzwords or the latest management fads. Success comes from behaviors and commitments to basic guidelines of how we operate as individuals and as a company; do what’s best for the client, practice blameless problem solving, seek to create win/win solutions, check the ego at the door, and communicate to be understood.
Lisa serves the community as a Board Chair of both the American Red Cross and the Delaware Better Business Bureau and has been a member of Wilmington Rotary Club for 10 years.