More

    Preparation Simplifies Software Audits

    ParkinSoftware audits are a fact of life for the modern enterprise. While nothing can stop a vendor from auditing, IT managers should prepare for the possibility of an audit by shifting from a defensive to a negotiating posture.

    While some audits are random, the majority are triggered by a credible report of violation. In such instances, auditors often begin the audit process with a bad taste in their mouth, as they are already suspicious of the licensee’s reporting practices.

    There are only two reasons businesses fear an audit:

    1. They are in violation and they know it.
    2. They are unsure if they have committed a violation or not. 

    If a company is in violation and knows it, there is nothing to be done except to brace for the consequences and prepare to write a potentially sizable check. However, if you are unsure whether you have violated software license agreements, several steps involving research, program setup and simple discipline can help ensure data is fresh and accurate.

    Click through to find out how to be fully prepared should a software vendor initiate an audit. And be sure to read this guest opinion from LANDesk’s Scott Parkin, which outlines in detail the steps that must be taken. As Parkin writes, “If you proactively implement and maintain these basic processes, you will be able to drive software purchases and maintenance agreements based on justifiable fact, not supposition–and you will have the key facts at hand needed to demonstrate compliance to an auditor.”

    Preparation Simplifies Software Audits - slide 1

    Click through to see tips on making sure you are ready for a possible audit.

    Preparation Simplifies Software Audits - slide 2

    The most critical tool required for effective audit readiness is an asset repository specifically structured to support software licenses, contracts, and other reference data. Proper utilization of such a tool will provide a single reference point for everything you need.

    Preparation Simplifies Software Audits - slide 3

    Understand what software titles and versions you actually own, and in what quantities — and gather the documentation to prove it. This should involve a financial paper trail with evidence of payment for original purchase, upgrades and software assurance contracts. Without the financial receipt, you will be unable to prove ownership to an auditor. Unfortunately, there are no easy answers to this process. You have the data, but it may be buried in your financial system or combined with other purchases or agreements in a form better served for cost accounting than software license management. You need to spend the time, effort and pain to dig that data out – or simply pay the costs of purchasing the software again.

    Preparation Simplifies Software Audits - slide 4

    Document the usage terms and conditions for each license, and understand that each purchase may have unique elements. Software agreements can vary — especially bulk or enterprise agreements — and you need to know exactly what you are committed to, and how that agreement translates into software usage entitlements. Some agreements permit a title to be installed on several computers, but only consume one entitlement (right to use the software). Capturing that data with each purchased license and storing it in your asset repository will enable you to allocate software from the most efficient license pool to meet the specific need.

    Preparation Simplifies Software Audits - slide 5

    Accurately document what software is installed on your computers and virtual machines. Remember that installation constitutes use under the vast majority of licenses; compare the number of discovered instances with owned instances to determine basic compliance. If you are using enterprise agreements, the discovered number is your True-Up number (a process to align your EA with the number of total licenses you’ve added in the previous 12 months). Many organizations forget that software installed on a VM or an inactive computer may still be consuming a license (depending on your specific license terms and conditions). If you track the entitlement in addition to the discovery, you will never be caught by surprise, and you can manage accordingly.

    Preparation Simplifies Software Audits - slide 6

    Implement an entitlement program to administratively assign the right to use managed software titles on specific devices. Compare entitlements (right to use) with discovery (fact of use) and police the exceptions. Perform this reconciliation activity on a regular basis and keep records as part of internal audits. Ultimately, this is the most important single project you can implement – and it is also the least commonly implemented program. Most organizations rely on discovery to tell them what they have, but without an administrative entitlement, there is no way to know exactly which installs are rogue, and thus, no way to police the policy exception.

    Preparation Simplifies Software Audits - slide 7

    Create a software request program tied to your entitlement program to ensure that you only deploy software that you legally own — and aggressively police exceptions to that program. Make sure your software request and usage policies are documented and acknowledged by your users. People tend to resist a request program at first. However, if you aggressively remove unauthorized installs, they will learn to use a front-door request system very quickly. When authorized requests are handled by a consistent, repeatable process that ensures the repository is updated, identifying and policing rogues becomes easy.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles