The SCG Blog

How to Prepare for an Audit: Lessons for Victims of Noncompliance

April 27, 2016

Author

Jason Swan
Managing Director

    

Software licensing audits are on the rise – such that the likelihood of your business enduring one is almost certain. Businesses have a 68 percent chance of being audited by their vendors in a given year, according to a 2014 Gartner study.

And the chances are higher that such an audit will uncover evidence of piracy. The latest BSA study has shown that most IT managers aren’t confident that their entire landscape, or all of its users, is properly licensed. And most pirates in mature markets aren’t aware that they’re using software illegally.

It’s all a byproduct of poor software asset management practices – and a foundation for a very unpleasant audit experience.

But despite their unseemly reputation, audits can be a valuable experience for businesses – providing complete pictures of entitlements that guard against security risks, and the basis for investments that position the business for innovation. Because the stats show that audits are increasingly likely, being prepared can help ensure that the audit is not only quicker and less painful, but actually a beneficial experience for the business.

Know what’s what

With physical merchandise, it is pretty clear: you own something, and you can do whatever you like with it. With software, you own nothing. What you purchase is the right to use something based on the terms and conditions of the licensing agreement, and violations occur when software is mis-licensed or under-licensed. Now is the time to review your:

  • Licensing terms: they dictate the time period for which the use, maintenance and support is covered
  • License restrictions: they outline how the usage is measured, for instance by user (concurrent versus named), by device, or by location (site, campus, enterprise, etc.)

Map your landscape

Conducting a complete inventory of your environment, including hardware and software, using software assessment management tools is a good start. But out-of-the-box software asset management tools often won’t pick up software illegally deployed on mobile devices – which are increasingly becoming a chief audit target.

Organize purchasing documentation

“The ISV implemented it and has the documentation,” is a common excuse my team and I hear from customers undergoing an audit. Often, this is the toughest piece of the puzzle, as obtaining historical purchasing data, consolidating historical records, and organizing it for efficient retrieval is a daunting task. But during an audit, the customer is responsible for proving the purchase of all software assets. Having all of that documentation ahead of time will make the audit a much smoother experience. This may require reaching out to the resellers for the reports regarding the purchases.

Get regular checkups

Prior to each renewal cycle, conduct an assessment of the landscape not only to ensure that there are no instances of under-licensing or piracy, but to ensure that all licenses are being leveraged to optimal use. This will provide you with leverage during purchasing discussions.

Implement clear piracy policies

While the audit will be directed at the COO or similar C-level executive, the responsibility for compliance falls on the IT manager. Having clear policies about software purchasing, installation and acceptable use, and more importantly enforcing them, is the most effective way to crack down on improper software usage, whether it is under or over utilization or simply put, illegitimate use.

Know what you’re up against

With proper preparation, you can ensure the audit doesn’t disrupt business, and actually lends your company valuable information for enhanced efficiencies and reduced risk, and provides a springboard for innovation.

View & Submit Comments