Anticipating a Software Audit: What Should You Do?

All the publisher wants to make sure of is that your licence count covers the installations/usage.  If you have too many licences then no one else other than you is going to worry about that.  All large publishers have a good idea about the licences you have bought (and generally they will share this with you if you ask them) and most will have a pretty good idea about what you should have bought.  If there is a significant gap between your software profile and your purchases you will almost certainly be earmarked for an audit. 

So having been informed that you will be audited, now what do you do? 

The first thing is to go through your control processes and make sure they include all the things you need and that they are working and effective.   This should cover everything from the AUP through procurement, system build, deployment and disposal etc. 

Whilst the desktop area is a favourite for publisher activity the server/mainframe patch should not be overlooked. 

Assuming your processes pass your checks the next thing is to check you documentation have you got up to date copies of your contracts and licence agreements, can they be easily linked to the inventory/installations?   

For the desktop, if you have an audit/discovery tool installed then check that it’s working OK and the data it produces has been verified (and is complete) and can be linked to the licence and contract information.. A number of associated processes may be needed in here (e.g. checking you have control of/the right number of CALs etc).  You may even need to do a sample audit to check all is OK. 

Whilst you are doing all this it is well worth while to check that the software you have installed is actually being used.  

 

The Audit Day is upon you? 

When audit day arrives you should have a set of process documentation, evidence that the processes are working, documentation showing that your licensing and installation data is up to date and any specific license model information readily available.  You should also line up the key staff responsible for making the processes work.  If you have done a sample audit, have the output ready with a list of findings and any follow-up actions that are needed.

What are the common pitfalls?

  • Not understanding/complying with the OEM software rules.
  • Not knowing which products can be upwardly licensed
  • Not understanding the restrictions in the contract terms
  • Not having control of your purchases
  • Changes in company structure (and names) not being properly transitioned
  • Outsourcing, hidden transition costs
  • Unsigned and undated contracts

What you must take care of!

  • Publisher (and reseller) supplied licence information – even if it’s on a spreadsheet
  • Any letters varying the usage terms of an agreement

Acceptable Documentation 

Dated Invoices in the Name of the Audited Entity
Account Statements from recognised Resellers
Signed and dated Licence Agreements
Dated Cash Receipts that clearly state Product, Version, Quantity and Price Paid
Statements from Publishers (Claret report from MS for instance)

Received Notification of  an Audit?? 3 HOT TIPS

1. Note the date on the letter
2. Establish an inventory and check your processes as quickly as possible as per the letter date
3. Do not go on a licence buying spree before having established all the facts