In the previous post, we discussed the prevalence of unlicensed software in the workplace. This has not gone unnoticed by the software vendors, especially Microsoft, which is why software license audits are on the rise. Simply responding to an audit is costly enough for a small to midsize business, but penalties and true-up costs can easily get into the six-figure range.
Even if you believe you’re doing a good job managing your software licenses, some software vendors are conducting routine audits with random customers. Organizations should operate under the assumption that a software license compliance audit will happen at some point and respond accordingly.
First and foremost, do not ignore an audit notification. Contact your attorney immediately to coordinate the audit process. Your attorney will review your contracts and explain your rights and obligations with regard to the audit. Counsel should also engage with the auditor to establish the scope and timeline of the audit. The issuing of requests and the drafting and review of reports and documents should be handled by your attorney. Documents should include a non-disclosure agreement to ensure that all of your proprietary information is protected.
Once the scope of the audit has been established, IT should conduct an internal assessment of software license compliance to quickly determine the scope of software use. Although the software vendor will conduct its own audit, that doesn’t mean you have to blindly accept the results and, if noncompliance is discovered, pay whatever the vendor demands. Your organization should have the opportunity to review, comment on, and possibly challenge the findings of the audit, and negotiate a settlement.
Some organizations are so rattled by an audit that they overhaul their software licensing strategy based on that audit. As we mentioned in the previous post, many organizations overcompensate by purchasing too much software and end up wasting money on unused or underused licenses. Instead of reactively setting strategy after an audit, take a proactive approach that minimizes the risk of noncompliance.
First, conduct an review of all installed software and collect proofs of ownership (purchase orders, paid invoices, receipts, etc.). This can be a long process given the complex nature of most IT environments, but it’s the only way to ensure that every application you need is properly licensed. It will also allow you to get rid of applications and licenses you don’t need and quantify your risk of noncompliance. Investigate Software-as-a-Service licensing that allow you to use only the services you require with pay-as-you-go pricing. Lastly, support your strategy with documented policies and procedures that define the rules for purchasing, using and distributing software and reporting risky activity.
You may not be able to stop software vendor audits, but don’t allow yourself to be steamrolled by the vendor, and don’t let an audit dictate your approach to managing software. Take stock of your existing software, make sure software usage is aligned with business needs, and develop a software license compliance strategy that reduces risk and controls costs.