Be Not Afraid: Calculate Your Real Risk of a Software Audit

The words “software audit” can strike fear into even the most unflappable business executive’sheart. Just as the sight of a police cruiser on the freeway compels all but the most foolhardy toslow down immediately, for most organizations the mere possibility of a vendor audit prompts aflurry of anxious activity and more than a few sleepless nights.

Software license compliance is becoming all the more complicated as organizations shift to newtechnology platforms and software delivery models that involve mobile devices and virtualizedenvironments. While these innovations dramatically increase business productivity and reducecosts through more optimal use of hardware resources, traditional license models are difficultto interpret in these paradigms, and they create licensing risk exponentially greater than that seenin conventional desktop environments.

It’s particularly worrying in entrepreneurial or startup settings. Although they are generally quick to embrace technology innovations that stoke customer growth and investor confidence, they are often short on IT and administrative resources.

On the principle that people want to read about break-ins rather than security systems, themedia ratchet fear levels by publishing statistics suggesting that software audits are all but inevitable, along with anecdotal tales of high-stakes lawsuits leading to disaster.

It is widely understood that in challenging economic times, software publishers look to license audits to help augment their revenue streams. This makes sense, especially if rumors are correct that for top software publishers, audits recoup an average of US$80 for every dollar spent on the audit process itself. Whether such claims are exaggerated or not, business software users might well be taking a nervous look over their shoulders, given the ongoing financial uncertainties associated with a still-shaky global economy.

Statistical Evidence Shows…?

Reporting on its annual software audit survey, Gartner heralded the fact that of 228 participantswho attended its 2011 IT Financial, Procurement and Asset Management Summit, 65 percent had undergone a license audit in the previous 12 months. Before you start worrying about whether you are going to be one of the unfortunate 65 percent this year, let’s take a step back.

Companies attending this conference are mostly very large enterprises with healthy, if not staggering, IT budgets. Due to their nature, they are more likely to attract an audit than the much larger marketplace of small to mid-sized organizations.

Although the prospect of widespread audits makes for great headlines, it’s safe to say that startups, niche players and smaller businesses are likely to remain under the radar. However, it’s alsoworth noting that major software vendors actively monitor companies that are experiencingrapid growth. In this scenario, organizations are often distracted by other priorities and caneasily drift out of compliance.

Audits cause a tremendous drain on IT and financial resourcesand are a major distraction for companies just emerging from the starting gate and trying tofocus on their near-term business plan.

Unfortunately, neither industry statistics nor the those who exploit them are much help as ITmanagers evaluate their own probability of being audited — and they’re even less help when itcomes to assessing the likelihood of getting through the experience unscathed.

You May Be Audited If…

So forget about the headlines. Instead, set aside some time to evaluate your exposure to someof the triggers commonly known to increase the likelihood of an audit:

  • Company growth without a corresponding growth in licensed software. Yes, the bigsoftware vendors are watching you as you rise.
  • Acquisition of, or merger with, another company. Even if your organization has a sterlingrecord of license compliance, what about your newly absorbed counterpart?
  • A change in hardware platforms that may result in compliance issues.
  • The introduction of mobile devices into the asset pool. A software portfolio heavy in perseat/per machine license models is particularly at risk.
  • Independent software vendor (ISV) suspicion that your company has no licensemanagement tools or processes in place.
  • Disgruntled employee(s) who may decide to file an anonymous piracy report with theBSA or SIIA.

If you’ve gone through the list above and recognize the presence of one or more of thesetriggers in your company, the single most important follow-up question is this: What is theprobability you would survive an audit if a software publisher were to come knocking?

Be Prepared

Given that you have limited control over when your company might come under the auditspotlight, every attempt should be made to focus on the aspects you can take charge of byestablishing careful asset management practices:

  • establish a cross-functional team that’s responsible for overseeing decisions,processes, and record-keeping related to the purchasing and deployment of licenses;
  • develop and communicate strong software usage policies to educate employeesabout the consequences of noncompliance, and discourage behavior that might put theorganization at risk;
  • implement a reputable software asset management tool that can reconcileapplication inventory and usage data with license details to provide an accurate,dynamic snapshot of your organization’s license position.

These practices will help you avoid panic, and ensure you’re in the strongest possible position ifand when the dreaded audit letter arrives.

Jeff Kelsey is cofounder and VP of products at Express Metrix.

1 Comment

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

E-Commerce Times Channels