There are several dynamics to consider when discussing software vendor audits. They can be an internal audit – best-practice SAM exercise, or external audits; either a formal procedure instigated by software vendors, or they can arise as part of a conversation with vendors or resellers, such as a ‘SAM Review’ or when discussing what you may need to buy.

Internal Audits

There are many reasons as to why you may choose to conduct an internal audit:

• Verify license your compliance and identify risks
• Track and report on software and associated usage
• Quality Assurance, a Health check on the software being used
• Investigate cost-reducing license optimization opportunities
• Comply with industry / corporate standards and legal requirements

External Audits

External software audits are typically initiated with a formal letter in the mail. If your request comes via an email or telephone call, it is more likely a software review (also called SAM Engagement, Self-Audit or Software Compliance Review).

Be mindful that an audit and a review are different; SAM reviews are conducted voluntarily, but audits are something that you are legally obligated to adhere to. (Although if declined, SAM reviews can often result in an official audit).

 The golden rule is to always be aware that any time you submit information to a vendor or agree to undergo the scrutiny of a formal audit, you are disclosing confidential information that could lead to unplanned expenditure – if you’re not fully in control of your software licensing.

Therefore, think cui bono – who gains?

Formal vendor audits are usually funded by the vendors and they’ll bring in a partner at their expense – would they do this if they were not confident of a significant return?

Resellers are in business to sell you volume licenses – should you pay them to perform an audit for you and then buy whatever they recommend is needed? How can you ensure confidentiality? This presents a potential conflict of interest.

Or should you work out your licensing strategy independently? Either in-house or with a trusted SAM partner with no conflicting commercial interest to sell you anything other than their licensing optimization expertise?

To protect your business and avoid the cost and disruption of software vendor audits, you have two options;

• Have a robust SAM in-house SAM program, with the skilled people, processes and technology to stay in control of your licensing.
• Augment or outsource your in-house team with a trusted independent SAM partner like Certero, who can perform an internal audit for you directly and advise you on precisely how you to mitigate any risk and optimize your licensing to reduce costs.

Both of these approaches mean you can stay informed and in control and will be able to easily prove it to a vendor in the event of an audit, or even likely avoid the audit altogether.

There’s additional cost and security benefits too, SAM identifies all your software, so you can easily identify any potential security vulnerabilities quickly, understand precisely where your company data resides and be able to progress an optimal licensing strategy, buying precisely what you need and not over-spending.

The audit process is really about identifying your Effective License Position (ELP) – an evidenced and agreed position that shows how correctly you are licensed at a point in time. An independent SAM partner can provide this for you as a emergency Audit Defense Service, a tactical ELP and Optimization service, or can sustain the value of this clarity through an on-going SAM Managed Service.

With each, the independent SAM partner will apply their knowledge and expertise to finding every possible cost-benefit for your business and particularly under a 12-month SAM Managed Service. They will work closely with your business to understand your strategy and actively guide you through a series of recommended actions, that will optimize your licensing and reduce costs as much as is possible.

Consider that all software vendors deploy a multitude of tactics to keep you within their ecosystems and on the treadmill of steadily increasing spending. This means that they know the cycles with which you should be spending and the rates at which your spending should be increasing.

So, trigger-points and red-flags for audit activity can be found everywhere, including:

• Routines and major renewals – you are more likely to incur the soft-touch ‘lets see what you’re using’ approach, but still – any event where by you need to disclose information is a risk and the vendor has a vested interest to maneuver you into a position. Also, the more complex your agreement, the higher the risk.
• Change – anytime the complexity of your organisation increases such as with Mergers, Acquisitions and Divestitures (MAD) activity, there’s a new scope to contend with and a high chance of being out of control – blood in the water for auditors.
• The 3yr Cycle – Obviously following an audit and being found lacking, you will have to spend considerably to bring your organization back into compliance. So, where do you go from there? Do you invest in SAM and put measures in place to ensure the nightmare you’ve just experienced doesn’t happen again? Or… do you consider it done and dusted? Happy that the vendor will leave you alone now for…about 3years? It’s just enough time for you to get significantly out of control again and then guess what…?
• Times are Hard – This one isn’t within your ability to control. Any times where the software vendor’s sales teams are struggling to hit their numbers because there is a pandemic or some other disruption, is a risk for you. Audit activity generates revenue, particularly approaching the vendor’s end of year…
• The difficult break-up – “It’s not you, it’s me” might ease the pain slightly, but if you really want to start seeing other people and dating other software vendors, watch out. Your Ex has an ace up their sleeve that could see you out of the dating game for good. Spending less will be noticed, vendors and their resellers talk, so beware. If you’re moving away you’d better be on top of your licensing or you could find yourself with a huge bill that you can only mitigate by investing further in the technology you wanted to move away from. Another reason why SAM is for life, not just for Christmas.
• Whistleblowers – can report unlicensed software use to organizations such as the British Software Alliance or the Federation Against Software Theft. Beware of that disgruntled employee or better yet… proactively manage your software licensing!
• Loose lips, Sink Ships – Vendors are always listening. Whether your techie is speaking to them regarding an upcoming project or your support team has requested some additional help – any changes or deployments in your environment can flag license audits. Vendors can sometimes send informal ‘questionnaires’ to be filled out by a database admin, who unknowingly, incorrectly declares an exposure and the vendor will hold you to account – if you want to question it, you’re in an audit.
• Downloads – Some software vendors allow you to freely download software from their website, its important to remember they may be able to see exactly who is downloading what. If your downloading something that you are not entitled to use this will be a sign of non-compliance and may trigger an audit.

Software Audit Defense is exactly as it sounds – an ‘emergency’ service provided by independent SAM partners who can rapidly come to your aid, as soon as the letter arrives from the software vendor, requesting a formal audit.

There are lots of reasons why this is a shrewd move, your SAM partner should be able to help control the scope and scale of the audit, help to establish a much more commercially favorable Effective License Position (ELP) for you by limiting any under-licensing exposures and leverage any incumbent extra value in your complex licensing agreements.

Your SAM partner will expertly guide you through your communications with the vendor. At this point, it’s contract law and so having a team of hugely experienced SAM consultant in your corner, means they can help to take the stress and uncertainty away.

From advising on timescales and scope, to providing strategic guidance on what to buy (without having any interest in selling it to you), your trusted SAM partner’s Software Audit Defense Service will save you money, precisely as costs could otherwise spiral out of control.

Did you know… It is possible to challenge the results of a formal vendor audit, even after it is complete? This remarkable case study from independent SAM partner Certero, demonstrates how they were able to bring in their superior SAM technology and expertise and identify inaccuracies in the formally sponsored report, providing evidence that successfully reduced the customer’s bill with Microsoft by over $140,000!

If you’re concerned about software vendor audits or would like to know more about how you can create or super-charge a robust Software Asset Management function, then contact Certero today and discover truly independent, SAM technology solutions, Services and expertise to help you stay in control!