If you have been selected for a software audit or review, you might be feeling something akin to missing a step while walking down the stairs, or standing in front of a crowd of bosses and realizing you brought the wrong notes and now you have nothing to say. But what is the difference between a Software Asset Management (SAM) Review vs Audit? You’re panicking, you’re frustrated, and you’re wondering if it isn’t impossible to make a career out of basking on the edge of a quiet lake in the middle of the woods where software auditors will never find you.
Hold onto whatever soothing picture captivates you and stay calm. The first step (or planning for the first step) to your software audit is figuring out if you’ve been given a SAM Review or a Software Audit and what the difference between the two is.
In this article we are comparing the two in the following areas:
Defining a Software Audit vs a Software Review
Software Asset Management Reviews
One thing that sets a SAM review (also called SAM Engagement, Self-Audit or Software Compliance Review, according to Aberdeen) is that SAM reviews are often presented as voluntary. Since a SAM Review often appears voluntary, you may question what is in it for you? Software vendors will often position these reviews as an optional learning experience (you should read that as revenue-driven for them), so you may think it’s ok to decline and in fact, according to Scott and Scott LLP, there is little to be discovered that your own internal team couldn’t determine by themselves.
However, life becomes immediately harder when you refuse a SAM review. In most cases, if you push back against a vendor issued-SAM review, the vendor’s response is to send you a full audit regardless. After all, anyone who doesn’t want to be examined has something to hide, right? Resistance as THEY say… is futile, my friends.
The other major difference between a SAM review and a legal audit is the fact that SAM reviews are often conducted internally, using the company’s own SAM tools and their own SAM expert team.
Full Software Audits
Full audits (also called Legal Contract and Compliance (LLC), according to Aberdeen) are very much not voluntary, and it is rare for a business to be able to resolve a software audit notification by simply ignoring it. When you signed your contract for your licences, software companies maintain the right to validate your compliance against the terms of the software contract.
Most contracts only limit software companies to perform an audit every twelve months and that they must provide notice so as not to disrupt your business. Software audits also cannot be conducted during what is defined as the ‘busy season’ of your business. Putting off an audit until the busy time has passed will not remove it entirely. The auditors can be patient, and they can wait.
Proving to be a challenge upfront in the audit, may not be the best strategy. You are going to need to build goodwill through the audit process. At the completion of the audit, you are most likely going to want to negotiate a settlement and your vendor will be far less flexible if you make it difficult from the start.
You should also note that different vendors have varying methodologies when it comes to audit operations. Some vendors have their own internal audit teams while others use third party firms like Deloitte or KPMG.
How Much Do SAM Reviews and Audits Cost
Once a SAM review or a full audit has begun, what will happen after is pretty much the same. In both you are required to collect data about what is installed on your servers and desktops, which will be compared against what you actually own. The main difference between the two is the remedy of any shortfalls or findings against you.
Full SAM Audit
- In a full audit, you may be required to pay list price for any software you need to purchase (any discounts you have with the vendor will not be applied). If you are found out of compliance (for Microsoft, you only have to be out of compliance by 5%), you will have to pay for the entire auditing process, including compensation for the third-party auditors.
- In a SAM review, you can potentially could just purchase against the terms of your contract and the cost of the review is usually paid for by the software vendor.
Now that you understand how much an audit will cost, check out our Software Audit Pricing Guide to figure out the determining factors in hiring audit assistance.
The software publishers will often tell you the whole process of both an audit and a SAM review will take between 30 and 90 days (depending on the size of your organization) but this has never been our experience. Many audits and SAM Reviews that we’ve seen have gone on for 6 months or longer. The true driving factor to the length of either a software audit or a SAM review is the quality of your data.
Do You Know Where Your Useage Data Is?
Do you have strong accuracy of data in your inventory tools? Do you have good records of all your software licenses and contracts? Even though a team of auditors will be asking you to collect data during a full audit, it’s important that you understand why they are asking for specific data and what they are planning to do with it once you give that data to them. So often we have seen audits that have been dragged out unnecessarily, as companies produce data that is easily misinterpreted by the auditors. The presence of a third party auditor may also impact the length of your negotiation, as the third-party auditors are going to want to ensure 100% completeness of data (and if you have gaps in your data, they will make assumptions that could be costly to you).
Being organized and ready to begin the moment you are notified by the auditors is a great way to reduce the overall time your audit or SAM review will take.
When an audit is finalized you will want to get a closure statement (also called a release) from the software publisher. Without the closure statement, the vendor may be able to just turn-around and audit you again, if the findings did not come out as they anticipated.
Further Information on How We Can Help
Software audits and SAM Reviews are confusing and time consuming, but you can do this and with the right information on your side, you’ll get out of this audit or SAM review with as little damage to your company’s budget as possible. At Metrixdata360, that is our goal, to save you money and provide you with a clear licensing position. Don’t let the auditors push you around! To learn more about how we can help you if you are in an audit or a SAM review, please look at our Audit Services page.