You Can’t Avoid A Software Audit, So Make Yourself Less Of A Target

Spend Matters welcomes another guest post from Mark Bartrick of Forrester.


Let’s just get it out there: software vendors have a right to audit how clients are using their products to protect their IP, thereby ensuring that customers stay compliant, adhere to licensing rules, and pay for what they use. While some companies complain about the effort involved in supporting an audit or bemoan the money they have to pay to get compliant, it’s only fair and reasonable that vendors are paid what they are owed when they have invested tens or hundreds of millions of dollars in developing world-class products. Moreover, vendors have seen too many cases where customers have abused the terms of their license contracts and installed more copies than allowed, or used software in a way for which it was not originally licensed. In fact, the Business Software Alliance found that in 2010, $59 billion worth of software was used illegally around the globe.

Forrester sees a growing list of clients that find themselves forced to pay out for noncompliance. Why? Organizations struggle to keep control of licensing issues related to technology changes such as virtualization, cloud, bring-your-own-device, and the increasing demand for anywhere, anytime mobile access. There’s a simple truth behind the auditing issues that we see: If you don’t monitor and manage your software ecosystem, audits can quickly become financial embarrassments. To make yourself less of a target,my colleague and I maintain in new research that firms must do the following:

Know what software they are entitled to use. It’s vital that firms have a centralized and accurate contracts database. Software can be bought and sold through a variety of sources – direct from the vendor, via a reseller, prebundled via an OEM, downloaded from an app store, and more – so it’s not easy to track software as it arrives at an organization. A regular review of contracts, purchase order comparison, and software discovery tools will help identify changes and give the asset team a chance to keep up to date.

Know what software they are actually using. A new generation of software asset management (SAM) tools have been deployed that automate and alleviate many of the challenges in identifying what employees are using, comparing usage with contract entitlement, and ensuring compliance. Authored by the likes of 1E, Aspera, Eracent, Flexera Software, and more, these products assist with software license optimization. A key factor here is that, unlike most of the old SAM tools, new offerings are designed to understand each vendor’s latest product use rights.

Set up a strategy and procedures for managing vendor audits. Companies know that they will be audited sooner rather than later, so it’s important to clearly define exactly who is responsible for managing audits as they occur. The vendor will need a single point of contact within your organization with whom to coordinate, and this person must have the authority to acquire additional resources and data as required. In addition, they must also be prepared to challenge audit outputs and agree to any final settlements. Larger organizations should consider an audit team that includes representatives from sourcing, asset management, IT, and legal to ensure that all bases are covered.

Learn the audit approach taken by main software vendors. It’s important that firms review the contracts of their top 10 vendors and see what their audit clauses state. And remember, these audit clauses can be negotiated, with the standard 60-day notice period being turned into 90 days or longer. In addition, some firms negotiate that no audits occur for the first two years of implementation. Any extension, whether during or at the beginning of a license term, will give internal stakeholders valuable time to prepare and react when the audit finally does arrive.

First Voice

  1. Jeff Gordon:

    I hate to be the killjoy and point this out, but if this is “new research” from Forrester, it supports the recent conversations regarding the obsolescence of research organizations. Not a single thing noted in this article is any different than advice given a decade ago. But still, Forrester, really? This is the only/best advice you can give? 🙁

    The real difference is that licensees are becoming complacent and accepting the BSA into their lives (Nancy Reagan’s advice to “Just Say No!” is as relevant today as it was 30 years ago.). Don’t automatically accept ANY audit provisions into your license agreements (or add SLA’s in tandem and see how quickly the licensor backs down). Add in language that says that YOU will perform your own audit and will self-report one time per year, at max). And that variances from the licensed amount don’t incur penalties, they just require the payment at the previously-contracted unit cost to add more (and would count toward any tier discounts, too). And that DECREASES in license usage entitles the licensee the right (but not the obligation) to reduce their license quantity (and related pro-ratasupport costs), if the reduction is seen as a permanent condition.

    THIS is relevant audit advice. And I didn’t charge you a penny for it.

Discuss this:

Your email address will not be published. Required fields are marked *