Author: Anubhav – Senior SAM Consultant at The Mastermind Group
What do C-level executives dread the most?
From our experience, the answer is clear: it is an unexpected and unplanned software publisher-led audit.
These audits have the potential to bring with them unbudgeted expenses resulting from a non-adherence to product terms and contractual requirements. Publisher-led software licensing audits often introduce unwanted stress and worry to any organisations going through this process.
What is a publisher-led software licensing audit?
It is the process by which any publisher (or a third party on their behalf) can request from the customer installation details of the deployments of the applications of the concerned publisher in their IT environment. This information is then assessed against the product term use rights (licenses/subscription) the organisation has procured.
This assessment will determine whether there is any overuse, unauthorised distribution, or other violations that might result in legal or financial outcomes. With fast-changing technologies and growing cloud migration adoption, software publishers also often change their licensing models which makes it difficult for organisations to stay informed of the changes. This is often the case as many do not have in-house expertise to keep abreast of these software licensing changes which impact customers across board.
Licensing audits can be divided into three phases:
Pre-Audit Preparation
- This phase is initiated after the customer receives an audit letter from the software publisher advising that they have been selected for a software audit. It is during this phase that we advise our customers to request a Non-Disclosure Agreement (NDA) with the auditor as they will be potentially accessing sensitive company data when reviewing contracts. If required, assistance from the legal counsels should also be taken.
- The customer has a mandated time frame, as per the signed contracts, in which they must acknowledge the letter. The customer has every right to know the scope of the audit, why they have been chosen, methodology to be used during the audit etc. This provides the customer time to prepare for the audit by conducting their own analysis of their inventory management, usage monitoring, and documentation of the purchases to identify any non-compliance.
Conducting the Audit
- An Effective Licensing Position (ELP) is established by the auditor by comparing, as per the licensing policies, the deployment, and the available use rights.
- This ELP is then shared with the customer with the relevant findings. If they are declared non-compliant, the customer can challenge the ELP based on the belief it was not prepared as per the best standard or is missing data. Any necessary changes can be made in the report to establish a mutually agreed compliance position after discussions.
Post Audit
- If any breach of contract is established, the auditor expects the customer to settle the penalty and address any non-compliance accordingly.
- It is important for the customer to engage in negotiations with the auditor regarding any proposed penalty. The customer should understand what their rights are and understand how any proposed settlement is arrived at under the terms of the contract. The customer should try to negotiate any imposed penalties by purchasing additional licenses, adjusting current usage, or negotiating terms that are mutually beneficial.
Any organisation with an established Software Asset Management program should be equipped to respond to any audit even though it might seem to be daunting experience at first. Having a mature Software Asset Management program helps track deployments of applications and the associated licenses but it also can assist drive a proactive approach rather than a reactive approach towards the management of IT assets. Establishing a Software Asset Management program or engaging with a third party to help manage this can help navigate through these audits and avoid any potential pitfalls by fostering a culture of compliance.
Stay tuned for part 2!
If you would like to know more about the audit defence strategies and how to navigate through these challenges, please reach out to us at info@tmg100.com, we would be happy to assist you.