Don’t Get Spooked by IBM® Software License Audits: A Checklist for IT Leaders
October 30, 2023
4 min read
There’s a reason we’re running a software license audit story on Halloween, and it’s the same reason we strongly advise companies to have an IBM software license checklist in place — an audit is one scary process.
It’s downright terrifying, in fact, if you’ve ever been in a SAM or ITAM position and have seen the notice come down the pipeline. Steep expectations and recordkeeping requirements, the reputation of high software audit failure rates, and stories about the outcomes teams suffer all lead to a definite atmosphere of dread.
One thing is for sure — it pays to plan your response in advance. Consider it your first line of defense, like wearing a garlic necklace or sprinkling salt on your windowsills. Here are some ways to keep your license fears at bay.
Software audits are time consuming and resource intensive, which is why vendors go all out to identify violations. One way to combat this is to ensure you are always up-to-date on your documentation. By using an automated discovery and cataloguing tool such as the IBM® License Metric Tool (ILMT), you can significantly reduce the time and work hours needed in case you are audited. You can then use the same tool to regularly re-scan and update your records, ensuring variances in procedure, accidental infringement, and other potential issues don’t cost you.
When an auditor does appear on site, you will have done half their job for them already. And you’ll know that you have the correct number of licenses in place as well, sparing you and your team from an undesirable “drumroll moment” later in the process.
Companies have historically viewed software licensing as IT’s domain, but that attitude doesn’t necessarily address the core need. As the designated rule experts in your organization, adding the legal department to your software license audit checklist should be considered a non-negotiable.
Legal expertise is your company’s way to level the playing field. Some enterprise-level companies may have the skills in the bullpen to help encourage fair play from the OEM and negotiate the best terms in any associated transactions, such as an audit initiated as part of an ELA renewal. Others might find it useful to contract with specialized outside legal support, such as a third-party software maintenance (TPSM) service with audit advisory capabilities.
If you suspect you will have a shortfall, there is an understandable temptation to panic buy additional licenses for applications you suspect might be non-compliant. But software licensing experts will tell you this could be a major mistake.
First and foremost, there’s no need to rob Peter to pay Paul. The money you spend to overprovision your estate still comes out of a budget that is far from bottomless. At the end of the day, you’re sending money you don’t need to off to the vendor.
Second, companies tend to panic buy precisely because they lack a full understanding of their licensing posture. Without an accurate understanding of current license coverage, it’s almost inevitable that something will be missed in the ensuing purchase frenzy.
Finally, you never want to reveal your hand at the negotiating table, especially when the team on the other side is on the offensive. Appearances matter, and panic buying is a tell. It leads any perceptive auditor to strongly suspect your company was non-compliant at the time of the audit. That can give them a motive to dig deeper into your coverage, which protracts the audit process and increases the likelihood of a fine.
Some companies negatively react to news of an audit and begin uninstalling software, but that isn’t the wisest approach in most circumstances. If your business has unused software installed, you should have been doing this regularly already. But if you do it all in a panicked rush – which is more common than you might think, so don’t feel bad – removing software early adds to your workload and deprives employees of access to tools they need.
You might also be tempted to destroy records and files that show historical non-compliance. There’s a good chance that auditors, who tend to be highly skilled at reading between the lines, will discover what’s happened, causing them to mistrust what you say throughout the rest of the audit, even if you are telling the truth.
It is important that you actively participate in your audit, but this doesn’t mean you or your company are at the mercy of the auditor. Audits do not take place in a relationship of command and obedience; you are a customer in a stressful transaction. Your time and resources are being used as a result of the audit, and that notion should influence your mindset.
IBM® software audit experts recommend taking a highly active stance in terms of setting the schedule and dictating the agenda for meetings moving forward.
Be sure not to release the personal data of your clients or employees to the auditor, since this typically represents a clear breach of data privacy laws.
Likewise, never run any third-party scripts supplied by the auditor until you have a written agreement in place covering compensation should damage occur to your systems.
A software licensing audit can be stressful, particularly if you’re not properly prepared, and many companies undergoing an audit aren’t as prepared as they could be. But by staying calm and seeking legal advice early, you can remove a lot of pain out of the process.
Gain insight into industry-only news, access to webinars, tips and tricks, blog posts, podcasts, and guides, surrounding topics like cybersecurity, reducing software support and maintenance costs and much more, all delivered to your inbox each month.LEARN MORE