Back to Hub

5 Things Procurement Can Do to Stay Ahead of Software License Audits

07/19/2018 By


Enterprises are undergoing vendor-initiated software license audits at an alarming rate. Gartner estimates that 70% of enterprises get at least one audit notification a year. It’s not uncommon for penalties to surpass $1 million, $10 million or more.

IT sourcing has a critical role to play in reducing the risk of software vendor audits as well as navigating them. To understand this role, it’s important to understand what’s driving vendors’ behavior.

A few years back, KPMG reported that 52% of software companies felt their losses through unlicensed use of software amounted to more than 10% of their revenue. And according to The Software Alliance, a third of software downloaded on the world’s PCs is unlicensed ($46 billion worth). Vendors have responded by turning software license audits into a revenue stream. Many vendor-side license compliance groups now have revenue quotas and their account teams are trained to spot audit-generated revenue opportunities.

The bottom line is that audits have become an unspoken part of the routine conversation between procurement and vendors. In that regard, IT sourcing teams represent a first line of defense against noncompliance and audit risk.

So, how can IT sourcing help navigate software vendor audit risk?

1. Know the Red Flags

Is your business an attractive target for a software vendor audit? The answer is yes if you have a large enterprise agreement up for renewal or you have a highly virtualized environment. Both provide vendors with an easy opportunity to spot noncompliance. And, contrary to popular belief, being audited in the past actually increases the likelihood that you’ll be audited again.

Here’s another red flag: Vendors are adept at identifying which customers have strong SAM/ITAM processes and capabilities. Companies that don’t demonstrate a clear understanding of what they own, how it’s being used and by whom (and whether or not it’s in accordance with product use rights) are prime candidates for an audit. Speaking of product use rights, these used to be static, but that’s no longer the case. They are constantly changing. “How are we staying on top of changing product use rights?” is a question every IT sourcing team should be asking.

2. Conduct Your Own License Position Assessment and Optimize Current Licensing

License position assessments (think of them as self-audits) are key to (1) minimizing the risk of noncompliance and (2) optimizing the outcome of an audit. In a self-audit, the first step is to gather deployment data. The next step is comparing deployments to your entitlements to identify gaps in over- or under-utilization. This data and analysis will enable you to define remediation options and establish a remediation plan on your organization’s terms versus the vendor’s. As an added bonus, it also provides accurate usage baselines for upcoming purchases and renewals.

Note: This exercise requires expert knowledge of licensing/subscription permutations and product use rights. If you don’t have this knowledge available internally, get outside guidance. 

3. Establish Internal Protocols for What to do if an Audit is Served

Strict protocols should be put in place to avoid self-incrimination in the event of an audit. Who comprises the internal team that will handle the audit, and what will be the role of each member? How will you centralize and manage vendor communication? Who talks to whom, and who doesn’t? Has the vendor notified you correctly and is the audit in accordance with contract specifications? These are just a few of the questions that should be addressed as part of your protocol.

4. Be Prepared to Challenge the Software Vendor’s Audit Findings

Vendors’ interpretations of deployment data are rarely accurate. Furthermore, they’re designed to produce findings that serve the vendor’s interests — not yours. This is one more reason why a license position assessment using third-party tools and deep licensing expertise should be conducted. The resultant findings will allow you to challenge the vendor’s findings while validating your true license position. This will help you minimize non-compliance fees or mitigate them entirely.

5. Conduct Price Benchmark Analysis for Any Required Post-Audit Purchases

If a software licensing audit leads to the requirement to buy additional licenses, be sure to perform price benchmark analysis on those new buys so you are sure you’re getting a fair deal.

Kim Addington is COO at NPI.

NPI is an IT sourcing consulting company that delivers transaction-level price benchmark analysis, license and service optimization advice, and vendor-specific negotiation intel that enables IT buying teams to drive measurable savings. For more information, visit