How to mitigate risk and cost associated with software vendor audits

We discuss how to protect your business from unexpected non-compliance findings and reduce the costs and risk of software audits.

In brief

• To minimize the risk of software vendor audits, establish and continually enhance your IT Asset Management (ITAM) program, ensuring readiness for an audit.
• Before a software vendor audit, validate your Software Asset Management (SAM) tool outputs and align resources to ensure accurate license tracking and compliance.
• When negotiating software licensing, effectively communicate, validate findings, and seek reasonable settlement terms that align with your organization's needs.

Increasing cost pressures amid an uncertain economic environment are driving organizations to seek levers for reducing spending, avoiding additional or unexpected cost levers for reducing spending, avoiding additional or unanticipated costs, or optimizing existing costs while still keeping the business competitive and innovative. Software licensing typically comprises a substantial portion of an organization’s IT budget.

However, the risk of a software vendor audit is ever present. Even organizations with robust IT asset management (ITAM) or software asset management (SAM) programs may be subject to such a review. Audits are time consuming, require internal resources and carry a high risk of unanticipated noncompliance findings. Few intentionally run afoul of software vendor licensing yet are often presented with evidence of noncompliance when a software licensing audit occurs. What may be a simple misunderstanding could be costly with an audit settlement of new licensing costs and possibly years of back support.

A software license is a right to use a vendor’s intellectual property (IP). As part of the agreement, the vendor sets the terms on how it is used and licensed and includes the right to audit usage of its IP. While the intent is not for vendors to audit their clients constantly, vendors may decide to devote resources to an audit when the expected payoff is substantial. Some vendors may also hire third parties to perform software audits on their behalf, with the prospect of generating revenue that exceeds the investment.

What can a software customer do to prepare?

• Establish and continually enhance your ITAM program: ITAM programs should be proactive, not only reacting and adapting to events but also operating in a state of continuous evolution, staying abreast of new products, licensing terms and technology. ITAM may include hardware refreshes, cloud migrations and even updating end-user permissions.
• Validate SAM tool outputs: Some tools may be fantastic at discovery and automating processes. However, components may be included with different titles, and tools may need additional administration to align with your organization’s licensing.
• Designate and align resources to handle software vendor audits and inquiries: Miscommunication and resource shortages may lead to time-consuming or costly interactions with software vendors. While some may be merited, expediting your audit will reduce disruption to your business.
• Negotiate licensing to fit your software needs: Licensing by user may be a better fit than licensing with a server-based license metric for an organization with multiple users for a single product, for example. Appropriate licensing metrics should be assessed as part of the license purchase or possible metric migration. Contracting with the right metrics will allow your organization to realize the greatest value from your software investments.
• Understand that cooperation with a software vendor should not impact your organization’s business or security. For example, a retail organization would likely be unable to concentrate on an audit during its annual peak sales period. Communicate with your vendor and set realistic expectations on timing.
• Validate any audit assumptions and findings: With auditors working on behalf of the vendor, if something is open to interpretation, they may err in favor of the vendor. Their goal is accuracy, yet an auditor may not know what the organization knows.
• Negotiate reasonable settlement terms. The vendor weighs if the software is installed and has been used and potentially receives support when deciding whether to waive a finding. Be clear with your business intentions regarding software use and drive outcomes in your organization’s best interest.

Software licensing is an integral part of an organization’s IT budget but can be a high cost. Many organizations have IT software asset management programs to monitor and reduce these costs. However, software vendor audits can be time consuming and risky and lead to unexpected findings and additional licensing charges. To prepare for a software vendor audit, organizations can operationalize an ITAM program with the infrastructure to respond to audits and proactively manage a highly dynamic estate.