It’s no crime to not enjoy software audits, who would? They’re stressful, unpleasant experiences that can result in crippling audit penalties and the feeling of being powerless when it comes to your own software. Humans naturally want to avoid things that cause us distress, so is there any way to avoid software audits? The short answer is no, there is no guaranteed way to completely eliminate the chance that you’ll be audited but there are ways you can decrease the frequency and likelihood of your company being audited. At MetrixData 360, we have noticed a pattern in the behavior of the auditors, and we’d like to share our findings in what can lower your chances of getting audited.
Why Do Software Audits Happen?
The first step in understanding how to decrease your chances of incurring a software audit is understanding why software audits happen.
(Un)Luck of the Draw
There is a sense of randomness to software audits, as some software vendors send out audit notices either regularly to their customers or through picking unfortunate names out of a hypothetical hat. So, there’s little you can do to stop it from simply being your turn. However, many companies think this is the only reason for software audits and so hang their heads and accept their fate, but there are other things that can cause a software audit as well.
Money
I wish I could tell you it’s more complicated than that, but in the world of business the heart and soul are plated in gold. Software publishers will often use software audits as a source of revenue, and if the software audit plays out the way they want it to (with you being out of compliance and writing a check to them with many, many zeroes on it), then they won’t even have to cover the expenses for the software audit process, that will instead be handed to you. However, if their goals are purely fiscal, then that means they’ll target companies that are guaranteed to reap massive rewards. Companies that the software publishers have strong reason to assume are out of compliance enough to yield a large return on investment might as well coat themselves in barbeque sauce, because all the software publishers will see is a meal.
Sales
Software Audits are also used to meet sales quotas because at the end of a software audit, you’re forced to purchase all your missing licenses at full price (no historical or contractual discounts will be included, sadly). It also puts you in a pressured position to buy, they’ve got you in a corner, they wait until they see the glint of panicked sweat on your brow and then they deliver to you a sales pitch.
The Payout for Hyper Complex Software Contracts
There are plenty of legitimate reasons why software contracts are as discouragingly complicated as they are: technology is constantly changing and licenses constantly struggle with dealing with that complexity, and many customers request hand-tailored licensing options. However, that doesn’t eliminate the fact that software vendors make no effort to simplify the matter into something their customers can actually understand.
How to Lower Your Risk of Being Audited
Now that we understand why software publishers conduct software audits, we can talk about what you can do to reduce the risk of software audits.
Demonstrate Organization and Understanding to the Software Vendor
This is especially true if you are a sizable company with multiple branches or if your company has recently gone through a merger or acquisition. Such situations will make you susceptible to disorganization and from there it increases the likelihood that you’ve missed something. If you are asked questions by the software auditors, it is important that you answer them effectively and completely to demonstrate a strong understanding of your software contracts. To gain full insight into your software estate, you will need to perform internal audits regularly, have a SAM tool in place that manages your software estate, and a team in charge of the project.
For more information on getting someone to manage your SAM or if you’re in the market to buy SAM tools, check out our articles: How to Hire a SAM Expert and 5 Factors to Consider When Buying a Software Asset Management Tool.
Have a Plan in Place
Educate your employees on the value of software asset management and have a defense strategy in place in case of a software audit. Even if you do receive a software audit, having the process be organized, streamlined, and resulting in minimal penalties will prove to the software vendor that you are not an easy target. Getting organized means having your licenses in order, having a defined person in charge of your organization’s response to a software audit, and having an audit defense plan in place. Software audits tend to have tight response times, so this cannot exactly be a ‘learning on the job’ scenario. By knowing what to do, it will mean that any software audit that is presented to you will go smoothly with minimal damages, so you are less likely to be audited again in the future.
Know What is in Your System
Have an effective asset life cycle in place, including a means of purchasing and a means of retiring any assets to ensure they are effectively tracked. We have seen rogue purchasing and ineffective asset retirement result in a quiet drain on IT budgets through the purchasing of multiple unneeded licenses.
Your Active Directory is the place most software auditors will look when attempting to compile your compliance gap. Many companies do not have access to their Active Directory and as such their AD will consist of every device and every account that has passed through their software architecture, not just the ones that are currently in use. Employees that have left the company, and devices that have been sitting in storage collecting dust will all be present in your Active Directory and the auditors will argue that they will all need a license.
For More Audit Defense Information
Software audits are on the rise and they aren’t slowing down anytime soon. There’s no magical cure to repel auditors for good, but there are ways to reduce your risk of software audits. Your best weapon of defense is to be prepared. If you’d like to learn more about how to get ahead and stay ahead of the audits, you can download our Audit Risk Checklist, which will give you a breakdown of all areas where we see our clients struggle with compliance.