A software audit can be challenging for companies that use software solutions to determine, deploy, and report on routine workflows. If you're a software reseller or vendor, software audits can present critical and unforeseen challenges.
A survey carried out by Vendasta found that 79% of all its resellers offer digital advertising services. Of course, this entails the use of a large variety of online tools to plan out digital marketing services and measure their ROI. Advertising intelligence software therefore helps resellers like this strategize more effectively, and drive conversions for their customers. In the same vein, vendors often rely on software-based insights to gain and retain customers. Studies suggest that 72% of vendors are found organically through search engines, and that these vendors can often be in the dark about who their true competitors are. This makes lead generation and competitor research even more important for vendors. Data relating to this is often gleaned from analytics software.
Even though a lot of these companies use SaaS (Software as a Service) products, that doesn’t mean they’re in the clear when it comes to software audits. Therefore, this blog will address some of the concerns resellers and vendors can face regarding audits, and teach them how best to navigate the software audit process.
What is a software audit?
A software audit refers to the process of reviewing a software product or process to ensure it complies with a pre-defined set of industry standards, legal terms, and/or specifications. In all instances, they are conducted by third party companies. If a company is found to exhibit compliance breaches, it can be subject to hefty fines. This, in addition to the fact that preparing for an audit can take a significant amount of time and manpower away from your routine business operations, often make audits a difficult process for companies.
Are you at risk of facing a software audit?
In 2016, Microsoft revealed that its user base has shot up to 1.2 billion customers. Microsoft products happen to be very widely used applications, but what is more perplexing is that the software giant also happens to be the most frequent and aggressive software auditor.
According to a survey conducted by Flexera, these are the percent of respondents that were audited in the past year by each of these major software companies:
The risk of being audited for your software compliances is sadly very real, especially for resellers and vendors. Software purchases can become more frequent as your company grows and requires a more complex set of insights, and this means an increase in the number of software licenses you have to manage. Licenses often include an exhaustive list of ambiguous or obscure terms and conditions. Most buyers pay little attention to these, only to find themselves in violation once audit requests come pouring in.
The software audit process can be a painful one, putting a strain on a company’s resources, reputation, and time. In a recent report by IT Consultancy Crayon, the average penalty for non-compliance was found to be $750,909. In addition, the report stated that about 46% of the organizations studied had been found to be non-compliant in the past. Nearly all audits end up in penalties and/or sales for license renewals. The exorbitant revenue being generated for software vendors from audits has given way to a multi-billion dollar industry.
How to Defend Against a Software Audit in 6 Steps
Here are the 6 components to a proactive defense strategy. Follow these to ensure that you're adequately prepared for your next software audit.
1. Invest in an ITAM software solution
The best way to deal with a software audit is to prevent it from happening. The first step is to set up a software compliance program at your company to mitigate the risk of unlicensed software usage. Various IT asset management (ITAM) services are available in the market today and enterprises have started to notice their usefulness. They provide you with a bevy of tools to manage your software, keep track of the systems and IT equipment on your network, and also access to their respective software allocations.
Saving software license regulations in your ITAM database will help you track the expiration dates and ensure your compliances. You can also keep track of software issued to end users in your company and know which kinds of systems do not qualify for a certain software under the license.
In a report by Flexera on software licensing, 18% respondents were found to be using an ITAM service for ensuring compliances. This group had the highest satisfaction rate (54%) in managing their licenses, while the lowest (6%) came from respondents who were using manual spreadsheets.
2. Configure hardware and software assets
Upon acquisition, configure all your existing hardware into the database of your ITAM software. Update the software information for each hardware asset, and also specify the date your license expires so the system can notify you for timely renewals. This way, you track how many users have registered for the software so you don’t end up deploying more software than your license permits.
As you keep procuring new software or new recruits, be sure to add them into your database. Your ITAM data should be up-to-date in order to get the most benefit from the service. Additionally, improving your query response time will help curb unauthorized software acquisition by employees. Providing prompt responses via your ITAM help-desk will mean that employees will refer to the company for legal software installation. This level of transparency and workflow optimization can greatly improve your odds during a software audit.
3. Perform timely internal audits
The importance of internal audits cannot be overstated. Performing an audit to ensure you have all your bases covered will help you periodically verify compliances. You can gauge the state of your compliances, so any existing problems can be identified and plans can be developed to resolve them privately. You can also maximize the utility of your current licenses by having complete knowledge of your software inventory. This can help you reduce overheads by withdrawing from licenses that are no longer in use.
Performing internal audits at least once a year using your ITAM solution to ensure compliances is just good practice. These will also help you verify industry standards, legal regulations, and best practices. Most importantly, it will be your backup during the external software audit process, and can be vital in driving a settlement.
4. Carefully consider vendor agreements and audit requests
Once you have chosen a software to buy, it is important to be mindful of its terms and conditions during the acquisition. Most vendors prefer being evasive in their proposal clauses in order to allow the buyer to make errors over the course of the license or justify compliance issues. Most audit claims are made based on language ambiguity, hidden clauses, and additional documents that the licensee might not have known about. Tech giants like IBM, Oracle, and Microsoft, all go down this route. Loopholes like these provide substantial means for them to initiate audits. As an example, ILMT is a contractual requirement for every server that has an IBM product installed and yet, few customers know this.
Some crucial information to take note of includes vendor pricing (product packaging, financial proposals, pricing guides), the type of license (perpetual, term, subscription) and any supporting documents. In addition, you can also negotiate the contractual flexibility for license re-allocation to minimize the penalties should you be found to be out of compliance in the future.
5. Have legal help at hand
The importance of having a software attorney at hand at all times cannot be overstated. Quite often during the software audit process, you have little time to verify the compliances of all issued software. Software attorneys help speed up the process as they are well-versed in matters of compliance. They also verify the legal and technical grounds for a software audit and can help drive away unnecessary audits that are likely only sales pitches for unnecessary licenses.
Vendors threatening software audits have their own legal teams which will try to maximize the benefits for them. This is why it is important for companies to establish a level playing field. Software providers are not afraid to change license terms over its course and it is likely that you will not hear about them. IBM introduces roughly 3000 license changes a year and they may apply differently to you depending on what you have purchased from them.
Attorneys are familiar with these changes and know the current market licensing norms. Their help allows companies to evaluate the impact of these changes on the outcome of an audit. Licensing experts can also be referred to during audits for an independent opinion and can help you identify your vulnerabilities.
6. Know your data and take a proactive stance
Often companies learn that they are not in compliance with software terms only when they receive an audit notice. As a result, they dutifully comply with the audit in order to avoid further repercussions. This allows vendors to maximize their exploitation and generate as much revenue from the audit as possible.
Audits can severely impact a company’s confidentiality. Mars Inc. had to provide more than 233,089 documents at their own expense to Oracle in an audit that lasted several months and compromised their confidentially. Mars Inc. ultimately filed a lawsuit against Oracle in response to their aggression.
Experts suggest that being intimidated by a software audit and caving into their demands is not the best course to take. Understand the audit claims, and refer to your attorney and internal audits before you compromise your data security. Identifying errors in the vendor’s claims should be the starting point for every company. Sean McIntosh from Method180, talks about how 50% of every $1 million in noncompliance found in a Microsoft audit will be invalid.
Knowing your data and revisiting your contract is key while facing a software audit. Having all your bases covered gives companies the confidence to challenge audits and actively negotiate the terms. Once challenged, most companies will find discrepancies between their internal audits and the claims of external audits.
Software audits can be a traumatizing experience for companies, but being actively involved during (and prior to) their course can help companies mitigate their impact. Software vendors will most likely not target you again if you were able to provide a well-presented defense to them and drove a settlement which did not generate a hefty revenue for the vendor. Therefore, our key takeaways from this piece can be summarized as follows:
- All companies can be subject to software audits, particularly resellers and vendors as they often use a wide variety of software services.
- Non-compliance can cause companies huge losses, both in terms of manpower as well as financial penalties.
- A great way to manage and prepare for software audits is to invest in an ITAM software which can improve the transparency of digital assets.
- It is also important that you treat hardware and software assets distinctly, conduct your own internal audits, carefully consider vendor agreements, have legal help at hand, and are proactive in the way you deal with audits.
- Some audits are unavoidable, but being prepared can help you dodge penalties, and even lower the chances of future audits.
In short, if you’ve been approached with an audit request, don’t fret! Be prepared, and defend that audit with full confidence in your ITAM management processes.