What are Software Audits, and Why Are They On The Rise?

Recent years have seen an uptick in software audits, with more companies being asked to provide evidence of licensing compliance. This is largely due to the fact that organizations are now using more software than ever before, with an increasing number of employees working remotely.

Watchdog groups like the Business Software Alliance (BSA) and the Federation of Software Theft (FAST) serve the sole purpose of ensuring the protection of software vendors’ intellectual property. These groups and software vendors are dedicated to discovering and auditing non-compliant organizations every single day with little to no notice. According to Gartner, the likelihood of an assessment for a medium to a large firm over the next two years is predicted to be 40%, which is expected to rise by 20% annually.

But why do software vendors act in this manner? 

Simply put, the main motivator is money. Revenue from software sales fell when the American economy saw a downturn and software expenditures were slashed. Software vendors were forced to hunt for alternative income sources when these profits started to decline. Audit fines and penalties of several hundred thousand dollars to even millions of dollars appeared as lucrative options for these vendors. According to the BSA, 25% of businesses that operate in the US are non-compliant in some way, costing software vendors an estimated $6 billion in the loss. 

 

What is a Software Audit?

A software audit is an assessment of a company’s compliance with software licensing agreements. Organizations that use pirated or unlicensed software can be subject to expensive penalties, including fines and damages. In some cases, they may even be required to forfeit their business’ computers and other equipment. 

 

How Do Organizations Fall Out of Compliance?

 The truth is that conformity is not simple. It involves more than just purchasing adequate licenses. Even techies typically struggle to completely comprehend software licensing laws because they are so sophisticated, and even when they do, modifications to the regulations occur so often that it is challenging to stay up to date. 

Most businesses lose their ability to comply with the rules when they lack proper record keeping and miscomprehend software usage rights. Both parameters are equally crucial to stay in compliance. The first approach is to have clear visibility into your integrated software usage. In the unfortunate case of your company being audited, this can be an added benefit because you will be able to provide records immediately and demonstrate your good faith efforts to adhere to the regulations.

Furthermore, it’s crucial to have an attorney or specialist who excels in contract negotiations. They can elaborate to you how you can lawfully utilize your software, saving you from involuntary non-compliance. Avoid attempting to resolve this on your own, as it is easy to misinterpret or fail to notice crucial facets of software use terms and conditions. For instance, there have been instances where a business has expanded internationally and had staff members using software in other countries. They believed this was acceptable since they had many licenses, but since those licenses were only intended for use in the United States, they were in violation without even recognizing it. 

 

How to Lower Your Risk of Being Audited

  1. Exhibit a Sound Understanding to the Software Auditors 

To show that you have a good grasp of your software agreements, it is crucial that you respond to any inquiries the auditors pose in an efficient and thorough manner. In order to achieve this, you’ll need a workforce in control of the project, a SAM solution in place to oversee your software inheritance, and frequent internal audit findings to get a complete picture of your software assets utilization. 

This is especially true if your business has just undergone a merger or acquisition or if it is a large corporation with numerous branches. Such circumstances will make you prone to disorganization, which in turn raises the possibility of overlooking factors important for compliance.

  1. Stay Prepared

Inform your staff on the importance of software asset management, and prepare a defense plan in case a software inspection occurs. Even if a software audit is conducted, a quick assessment with a few fines will show the software provider that you are not an easy catch. Preparing includes having your licenses in order, appointing a specific person to oversee your company’s software audit, and having an audit defense strategy in place. Knowing what to do will ensure that every software audit of your company proceeds without incident and with the least amount of damage possible.

  1. Be aware of your Software Architecture

Establish an efficient asset life cycle, along with a streamlined procedure to purchase and retire software resources to keep a close check on them. Failure to do this can lead to the acquisition of numerous unnecessary licenses, which quietly drain the company’s IT budget. Keep track of what licenses you have and how many licenses you need so that you can stay compliant. Additionally, make sure that only authorized users have access to your organization’s software. Implement user controls and set up alerts so that you can immediately spot any unauthorized access or usage. 

Often, the majority of software audits search in the company’s Active Directory (AD) to assess compliance. A company’s AD contains all devices and accounts—not just those that are currently in use—that have ever used their software resources. There will be ex-employees in your Active Directory, along with devices that have been gathering dust in the company’s store, and the auditors will claim that each of these entities needs a license.

 

Conclusion 

Monitoring your software resources will cost much less than having them audited. In addition to achieving compliance, successfully managing your software and how they are used also ensure that your software resources are used to their full potential. You may delete shelfware and restructure your agreements to ensure that every software program you have is being successfully utilized. Efficient asset administration has no drawbacks because the added administrative costs will eventually result in equal cost reductions. By making sure all of your organization’s software is properly licensed and keeping track of who is using it and when, you can help your company avoid costly penalties associated with non-compliance.

Why You’re Failing Your Microsoft Audit

Does it ever feel like you’re fighting an uphill battle when it comes to your Microsoft software audits? You try your best to keep up with the auditor’s demands, collecting data and checking licensing details, but it all amounts to you owing far more than you feel could be possible? This is a very common situation, as we have helped clients who despite their best efforts to work with the auditors, have found themselves being forced to pay out millions more than they need to. At MetrixData 360, we have Microsoft’s software audits down to a science and we have seen patterns in the common mistakes people make before we are called onto the job. So here are the most common mistakes companies make in a Microsoft software audit and what you can do to avoid them.

Common Microsoft Audit Mistake #1: You’re Trusting Microsoft’s Audit Team Too Much

Microsoft will often bring on a third-party auditing firm like Deloitte and KPMG, and it’s tempting to fall into the mindset that they are the professionals in this situation — that they know best. We have often seen companies that go along with the auditor’s every demand and who take the software auditor’s findings as though they were set in stone.

Solution: Remember Who the Software Auditors are working for

Microsoft hired these auditors and Microsoft may even pay them based on how large a compliance gap they can find. It’s not to say that the auditors won’t do their job properly, but they have no incentive to investigate grey areas or ambiguous findings when they could instead just assume that the most expensive case is the scenario and call it a day. These expensive assumptions can greatly over-inflate your compliance gap while lining the pockets of Microsoft and their team.

When the software auditor’s hand over your Estimated License Position at the end of their investigation, the important thing to remember is that it is, in fact, an estimate. It’s not a receipt like the kind you would get in the restaurant, think of it instead as the beginning point of your negotiations and it is important to challenge any findings you don’t agree with.

Common Microsoft Audit Mistake #2: You’re Handing Over Everything Without Question

Microsoft’s auditors can be an intimidating bunch and having Microsoft ticked off at you is not a good feeling. So, there can be a knee-jerk reaction to play nice, do damage control by complying with demands, and exposing your entire software environment to the auditors as a sign of good faith, to show you have nothing to hide. However, we have often seen how this can backfire on many well-meaning companies since not everything that the software auditors will ask for will be relevant to the software audit. One client that we helped through a software audit was asked for information that wasn’t relevant to the audit and would be used in a later case against them.

Solution: Ask Questions

You can and should ask for justification on any data requests, especially if you think they are outside of the scope of the audit. We did that for a client, and it resulted in the audit being brought to a standstill which lasted months, with the auditors going silent. Our client received valuable time to prepare their own defense and carry on with their business. There are some requests that you can push back against and some which you will have to comply with. Knowing which request is which will greatly benefit you during a software audit against Microsoft.

Common Microsoft Audit Mistake #3: You Have no Single Point of Contact

Who are the software auditors talking to? Where do they go when they want something? And who is tailoring a response for them? This is often a simple question that for many companies goes unanswered during their Microsoft audit to produce devastating results. If just anyone is talking to the software vendor, including people who may not have the best information to answer the question completely, then the end result is that you do not know what Microsoft knows, where the software vendor is getting these assumptions from and, therefore, having no way to correct or challenge any misplaced information.

It also makes it quite difficult to structure a proper defense for yourself if you do not know what the vendor could possibly use in their own argument, making you essentially blind during the software negotiation process at the end of the software audit.

Solution: Establish a Single Point of Contact as Soon as You Received Your Audit Notification

Establishing a single person or team who will be in charge of interacting with the software auditors should be one of the first things you do when you receive your software audit notification. This Single Point of Contact (SPC) will review all data before it is passed onto the software auditor in order to maintain a clear understanding of your company’s stance with the vendor. The SPC will also review any data requests that the software auditor provides in order to ensure it is relevant to the scope of the audit.

In the event that an employee is interviewed by the software auditor, the SPC will prep the employee to ensure that the employee is ready to address the questions with a full understanding of the answer.

Common Microsoft Audit Mistake #4: You Trust your Microsoft Sale’s Rep Too Much

Microsoft sales reps are often friendly in nature and may come across as though they have your company’s best interest at heart. Due to this seemingly friendly nature, many companies will trust their sales reps to understand their business needs and their compliance requirements. This trust has resulted in companies wasting time and energy purchasing licenses they don’t need while remaining exposed to compliance risks during their next software audit.

Solution: Know What You Want

Don’t let the sales rep tell you what to do because it is important to remember that at the end of the day, Microsoft’s sales reps have the main goal of selling you more licenses regardless of whether it is of any advantage to you. This is why it is so important that you have a good understanding of what you want and how many licenses you need in order to remain compliant and get your company to where you want to go from a software perspective. This type of visibility into your software environment is typically only achieved through software asset management if your software environment is large enough.

Common Microsoft Audit Mistake #5: You have no SAM Tool or Software Asset Management Strategy in Place

Software asset management is perhaps one of the best defenses you can deploy when it comes to protecting yourself against the heavy fines of a software audit. However, very few companies have a software asset management strategy in place and only consider employing SAM in their software environment after they have received their audit notice. To ensure the strongest defense, however, SAM should be a year-round endeavor, to ensure you don’t fall back into the SAM bad habits that opened you up to compliance risks in the first place.

Solution: Have a Strong SAM Strategy Long Before

Implementing a strong software asset management strategy not just during the event of a software audit but for all year round comes with many benefits including but not limited to:

  • Realized Savings: Software asset management implemented in the long term can result in an estimated 20%-30% of your current software spending to be reclaimed and reinvested into your IT budget.
  • Long Term Software Audit Defense: Clients who have implemented our long-term SAM strategies have found that they can sleep easy at night knowing that they are well prepared for a software audit if ever one should occur (and it will happen because software audits are a matter of when, not if).
  • Improved Security: It isn’t often that SAM is thought of when considering IT Security but having a good understanding of your assets and making sure those assets are organized and not filled with noise can make the job of IT security that much easier. It’s also important to note that cybercriminals will often use old forgotten assets to enter your software environment and software asset management’s job is to hunt down such assets.

MetrixData 360: Microsoft Audit Specialists, Here to Help

At MetrixData 360, we have gone up against Microsoft on multiple occasions for close to a decade now. We have been tenacious in our approach to defend our client’s interest and our success can be found in the millions of dollars we have saved our clients over the years. We take a data-first approach, where we build a defense against the onslaught of auditors that allows us to beat Microsoft at their own game. If you’d like to learn more about our tireless defense of your business’s interests, you can contact us today and we can get started helping you through your next Microsoft Audit because MetrixData 360 has your back!

Book a Meeting with Your Audit Defense Today

Software Auditing Firm vs. Software Asset Management Firm

At the beginning of a software audit, the software vendors will introduce you to your auditors. These people may be from an external auditing firm, like Deloitte or KMPG, or be part of an internal auditing team from the software vendor themselves. It might be tempting to assume that these auditors are the experts and will provide all the assistance you need to get through your software audit smoothly.

However, at MetrixData 360, we know firsthand how very little these auditing teams are invested in looking after your company’s interests or even represent your case accurately. We firmly believe that you will need a software audit defense team of your own to verify the auditor’s findings, and working with an external SAM team is an excellent way to create a strong defense.

But what exactly is the difference between blindly trusting the software auditors and getting your own team to defend you?

Software Auditors are hired by the Software Vendor

The first and most important thing to note when you are working with a software auditor vs. a SAM expert is that the software auditor has been hired by the software vendor and that will greatly affect their motivation during the audit. They may be paid based on how large a compliance gap they can find, and this will create a bias in their efforts.

If there are any grey areas or missing data, they will assume the most expensive scenario is the reality, and it is unlikely they will dig any deeper than that. Why would they? Further research will either present no effect or possibly negatively affect their final payment. 

SAM Experts are Neutral Third Parties

Software Asset Management Professionals, on the other hand, are people that your company hires, so they are here to represent your interests. Their goal is to keep things as legal, accurate, and cost-effective as possible. Where there are grey areas, they will seek out the answers — whatever those answers may be. At MetrixData 360, we always pride ourselves in defending the best interests of our clients and we usually charge based on a flat rate or on a contingency basis, and our approach has often led to whittling down seemingly huge compliance gaps to much more manageable levels (or even nothing!).

Software Auditors will Ask for Data Outside the Scope of Your Audit

We have often run up against software auditors who collect data that has nothing to do with the audit they have been hired to investigate. The reasons for this may vary: perhaps they aren’t finding the results they need within the scope of the audit and they are trying to spread their investigations elsewhere, or perhaps the software vendor is looking for data with a competitive edge that has everything to do with your next true-up and nothing to do with the audit you’re in right now. Blindly handing over data simply because it is what the software auditor asked for can easily put you at a disadvantage as you help the software auditors build a case against you!

SAM Experts Know What Data the Auditors Need and Which They Don’t

We recently helped our client drive their Oracle audit to a stalemate (a valuable thing, as it gave our client the time they needed to thoroughly prepare a defense for the audit that followed) simply because the software auditors asked for a piece of data, and we asked them to provide proof for how that data was relevant to the audit (hint: it wasn’t, and it would have been used against our client later).

SAM experts know how audits work. In fact, at MetrixData 360 we have it down to a science, and they know when a piece of data needs to be handed over and when the software auditors have taken too much liberty poking around your software environment. They can defend your best interests by keeping you from handing over documents the auditors don’t need to see.

Software Auditors will not Accept Data from Your SAM Tools

It doesn’t matter if your SAM tool is high powered or accurate, it might even be approved by the software vendor who is auditing you, but software auditors will usually refuse to accept data unless it is drawn by their own tools. There are a few reasons for this, but it is mainly because the auditors want consistent data that is arranged in a certain way to save themselves time.

However, this is a terrible situation for you, because you do not know what their SAM tool will pick up. It may not take into consideration the unique licensing metrics and complexities of your software environment, and it may come up with a wildly inaccurate number that will leave you blindsided and scrambling to disprove.

Your software architecture is delicate. What will happen if the auditor’s tool needs to be installed into your software environment and the tool damages it? Your first job during the software audit is to defend and prove the accuracy of your own tool.

SAM Experts Work with Your Tools and Come with Their Own

At MetrixData 360, we work with what you give us. If you have your own SAM tools, we can work with the data it provides us and supplements any missing data with our own tools. If you don’t have your own tools, we can use ours exclusively, so there’s nothing to worry about.

With a SAM expert on the team, you shouldn’t have to resort to throwing all the hard-earned data that you’ve gathered with your SAM tool in the trash just because the software auditors aren’t used to working with the format your data is presented in. We often advise advocating for the validity of your own SAM tool by asking your software auditors to use data samples to determine accuracy or agree to use the software auditor’s tools only to supplement for missing data.

Related: Interested in Learning more about SAM Tools? Check out our article:
What Are SAM Tools

Get Data Experts that Represent Your Interests!

Software audits are not everyone’s cup of tea, and the software auditors that attend them often do not make the matter easier. Between unreasonable requests, ELPs that claim you owe thousands more than you actually do, and aggressively short turnaround times, software auditors can make the challenge of defending yourself that much harder if you are left to rely only on their services.

It’s important that you have someone in your corner backing you, someone who knows the intricate and unique inner workings of your software environment and knows how to defend your interests so that you are paying only what you need. MetrixData 360 can give you that kind of support. We have helped many companies fight their way out of seemingly hopeless situations and saved them millions of dollars in the process. If you’d like to learn more about how MetrixData 360 can help you during your next software audit, you can check out our Audit Defense Service Page.

How to Cut Software Costs During a Crisis

How to Avoid Getting Nominated for a Software Audit

Have You Received a Software Audit Notification?

What are Microsoft Audit Penalties

Microsoft Audit Penalties: The High Cost of Software Audits

 

If you’re found non-compliant in a Microsoft Audit you’ll be faced with fines as outlined in your software contract. In this video, SAM Expert Mike Austin explains how Microsoft calculates those audit penalties and how you can make sure you’re not paying more than you’re obligated to. If you’d like to explore the penalties in deeper detail, feel free to download our Microsoft PDF below the video.

 

Everything You Need To Know About Microsoft Audits and Audit Penalties:

Ever wonder what one of these ‘SAM engagements’ could end up costing your organization’s pocket book at the end of the day? Would you like to know if it’s necessary to respond to them? Fill out the find out:

  • What are the biggest costs in a Microsoft audit?
  • Where to find help in reducing penalty costs
  • The differences between a Microsoft SAM Engagement Vs. Software Audit



What to Expect During a Software Audit Kickoff Meeting

What is a Microsoft License Verification Process?

In the trying times of the 2020’s no organization is safe from the Microsoft License Verification Letter. Small or large businesses have been receiving these in higher frequency than in normal years. Let’s take a dive into this phenomenon:

A Microsoft License Verification is not actually a software audit. It’s more like a tax return where you report what your Microsoft licensing holdings are. It’s also an optional review, designed to help organizations stay compliant and (more than less) to help protect Microsoft’s intellectual property.  Maybe even generate a little back end revenue on the non-compliance fines too. But that’s not official.

Although this is an optional procedure it is recommended to always respond to it in a timely manner. This is because ignoring one could lead to an actual mandatory software audit due to Microsoft thinking you may have something to hide. It could also lead your team to forget about it, which could harm your standing if this leads to heated negotiations down the line.

Either way, when you receive one of these letters, you need to prepare a few things and take certain steps to make sure you come out unscathed.

These steps are:

  1. Contact an expert
  2. Gather all proofs of licensing purchases
  3. Run a report on your software inventory
  4. Review findings – share only what you need to
  5. Create an accurate licensing position
  6. Submit a Deployment Summary to Microsoft
  7. Negotiate with Microsoft

 

Now negotiating with Microsoft on the technicalities of what you should and shouldn’t be paying for can be the dragon many people don’t want to slay. Which is why step one is so important. Having an expert in arms length that can negotiate on your behalf is going to safeguard you from falling prey to Microsoft’s dubious reporting practices and keep their assumptions at bay.

If you have received a License Verification Letter from Microsoft, please book a meeting with one of our negotiation experts to help set you on the right track. Don’t forget to check out the video as well.

Data Collection During the Software Audit Process