Software, license and audit – three simple words that on their own aren't too terrifying. String them together though – software license audit - and you create a phrase that terrifies every IT asset manager.
A lack of understanding from the rest of the business means that we can ignore license count issues for a while. Audits are not as common as we fear, but they do happen to everyone eventually. Your nightmare is actually a case of “when” not “if”.
So it pays to plan the correct response in advance. Here are our 5 top tips to surviving a software audit.
Get your records in order
The best way to survive a software audit is to be fully prepared in advance. That means auditing assets yourself in advance. It also means keeping records up-to-date at all times.
Audits are time consuming and resource intensive (part of the reason vendors go all out to identify breaches). But using an automated discovery and cataloguing tool, you can significantly reduce the manpower required. The same tool can then be used to regularly re-scan and update your records.
When an auditor does appear on site, you will have done half their job for them already. And you will know that you have the correct number of licenses in place too.
Get your legal department involved
Software licensing is typically viewed as an IT-only function. But because there are legal ramifications attached to an audit you should act accordingly. The complexity of the topic as well as the possible consequences make it advisable to get specialised expertise for help.
It is only with the assistance of an experienced specialist that you can be sure the audit will be conducted fairly, that the process is conducted and that you are not unfairly blocked from accessing f you have specialized and experienced support it is assured that you can act on a level playing field. Imagine trying to navigate For comparison only: if you get a tax audit without the assistance of a specialist you would not work this without a tax accountant - to do so would be madness.
If necessary it is advisable to hire an external lawyer who specialises in audits and understands the terminology used by auditors and their legal team. Otherwise, your consultants should connect you with suitably qualified lawyers who can assist you.
Don’t panic buy extra licenses
If you suspect that there will be a shortfall, the temptation is to panic buy additional licenses for applications you suspect may be non-compliant. But this could be a major mistake.
First, there’s a good chance you will purchase too many licenses, wasting your valuable budget. Second, without an accurate understanding of current license coverage, it’s almost inevitable that something will be missed in your panic.
Finally, panic buying lets the auditor know that your business was non-compliant at the point the audit was announced. This not only proves corporate “guilt”, but provides the incentive needed to dig deeper into your coverage, extending the audit process and the likelihood of a fine.
Don’t delete software or shred files
The other way to handle potential licensing shortfalls is to begin uninstalling software. If your business has unused software installed, you should have been doing this regularly already. But if you don’t, removing software early adds to your workload and deprives employees of access to tools they need.
You may also be tempted to destroy records and files that show historical non-compliance. There’s a good chance that auditors will discover what’s happened, causing them to mistrust what you say throughout the rest of the audit. Even if you are telling the truth.
Know your strengths
It is important that you participate actively in an audit, but this does not mean that you are at the mercy of the auditor. Audits do not take place in a relationship of command and obedience. Audits are very time and resource intensive. It is your time and resources that must be allocated, and you bear all the costs.
To ensure you don’t lose all control of the audit process, there are a few simple rules you need to follow:
Once you receive notice of an impending audit you should take control of the process moving forward. You should set the schedule and the agenda for meetings moving forward.
Never release personal data of clients or employees to the auditor - doing so is a clear breach of data protection laws.Never run any third party scripts supplied by the auditor until you have a written compensation agreement in place, covering any damage caused to your systems.
A software licensing audit can be stressful, particularly if you’re not properly prepared. But by staying calm, and seeking legal advice early, you can take a lot of pain out of the process – not least because you are sharing the workload.
To learn more about how to nail down your software licensing, contact Origina to discuss our Software Asset Readiness Assessment (S.A.R.A.) service or the services and tools of many of our SAM partners. S.A.R.A. or our partners will take you through the audit process.. Just contact us!