The Audit Process
Typically software vendor's send written notice letting the organisation know that they want to perform a software audit to ensure compliancy. Within the correspondence the contracted auditor is named, the start and end dates, as well as the scope of the audit. Be sure to respond to the vendor in a timely manner.
Upon receiving a written notification of an impending vendor software audit, companies would be wise to have their legal team check the licensing details. The company should first challenge whether the contracted accounting firm is suitable to conduct the audit. It's not uncommon according to Aspera, for there to be no legal basis for an audit because sometimes there is no corresponding audit clause in the relevant contracts.
Once you have the scope of the audit then an internal audit should be done to not only check the accuracy but to find out why you are non-compliant. Was it intentional, a process failure, an evolving business process, etc.? Getting to the root cause can prevent further instances of non-compliance. Then vendors will work with the organization to execute the audit. Each vendor will have different methods in place to locate their software on your systems. "Rest assured, "says Houghton, "that the vendor will have a tool that will discover their software on your network."
If the audit is done and your organization is found to be non-compliant you will need to work with the vendor to balance the books or true-up at the lowest possible cost. Don't be afraid to negotiate.
Tips for Avoiding Software Audits
We asked the experts interviewed for their best tips on how to stay ahead of the curve when it comes to software compliance and here is what they had to say.
Conduct regular internal audits. "Some organizations do not perform audits frequently and/or thoroughly enough (i.e., with the correct scope) and thus are not aware of their non-compliance proactively," says McCabe. Experts warn that if licensing discrepancies are found the best policy is to be open about it and work with the vendor to resolve the issue. Being proactive puts you in a better position to negotiate with various software vendors.
Put together an education and awareness program that consists of onboarding and annual sign-off on software compliance policies. "Some businesses do not communicate the importance of compliance," says Houghton.
Make sure that your sourcing channels are limited to a select section or team. Rogue purchasing is high on the list of compliance issues.
Create a solution like SpendMap or create your own hardware software portal for approved purchases. In some of the biggest corporations only one or two people may hold the key to signing off on software and hardware purchases.
Sign up for CIO Asia eNewsletters.