1. Preparing for the Inevitable
You need to develop policies and procedures to handle the audit before it happens. Processes around assessing current applications matched to purchase data and license rules need time to be put together, and need to be automated and maintained. Developing an audit response strategy and determining what resources will need to be involved, as well as defining the communication channels to manage the audit process will allow for a structured approach to the audit.
2. Understanding Your License Agreement
The license agreement is the contractual agreement relating to the application’s use. This agreement needs to be clearly understood, along with the agreement and all of its rights, entitlements and limitations. Audit details, and timelines around the audit itself will be defined in the agreement. Ensure that your legal department is a part of the audit preparation strategy, as the contract audit is a legal issue.
3. Defining the Scope of the Audit
Managing and controlling the scope of the audit helps you to avoid scope creep, unnecessary disruption and cost. The license agreement needs to be seen as the basis for the scope of the audit, with specific rights for the provider and the user.
Assess the license agreement to determine if the vendor has the right to audit in the first place, as well as understand:
The vendor’s definition of compliance.
What products and versions the vendor is entitled to audit.
The scope of the audit.
What level of assistance is expected; and
When the vendor will conduct the audit.
Further, you will need to request prior testing of any potential software that will be used in your environment as part of the audit in order to avoid disruption. Finally, define a vendor responsibility agreement to specify the levels of disruption that are to be expected and tolerated and avoid starting the audit until your legal department is satisfied with the terms and details. Ensure that you assess the situation around the current agreement as early as possible, as renewal periods can provide leverage with the final negotiations
4. Working through the Audit
If you have already completed a software audit with the vendor, use the true-up agreement data as the new baseline for any audits going forward. Removing software or buying additional licenses will not be effective, as this will be easily discovered by the people trained to track this information. Ensure that one person is tasked with the responsibility of managing all communication, and ensuring that the scope of the audit is maintained. Be sure to have all data organized, structured and automated in order to avoid raising additional questions about the integrity of the data which may result in additional resources being lost to the audit. Avoid providing data that is outside of the information that is requested as this will be likely to do more harm than good.
5. Creating your Audit Response
Avoid responding to the audit findings until the entire report is complete to avoid tying up additional resources. You will want to involve your legal and accounting departments after receiving the final report to ensure that the interpretation is in line with the license agreement, as well as to assess whether any settlements can be negotiated as a component of a new contract.
With the complex nature of software and the upside for the vendor it is inevitable that your organization will be audited. Without an active software asset management program in place it will be difficult to have any real response to audit requests without significant commitments of resources under the pressures of the audit. Preparing for the software audit requires an ongoing software asset management plan.
Software asset management (SAM) needs to be automated with the fluid nature of the products and the need for speed and accuracy. With an active and automated software asset management plan you will be able to avoid potential audits, and/or drastically cut the required preparation time, and likely uncovering some additional software savings.