While the debate about the actual volume of software audits performed by vendors continues what’s not in doubt is that software vendor audits are disruptive, time-consuming and expensive. And that’s not even presuming there’s any ‘guilt’ on your part. Even if the audit exercise concludes with little or no need for financial redress, it was likely still disruptive, time-consuming and expensive (the licensing spend is only a portion of the cost of defending a software audit).
Wouldn’t it be better to avoid having an audit in the first place?
There are some commonly-recognized triggers for a software audit: not buying any new licenses or subscriptions for a long time, renewing at lower volumes, mergers and divestitures, centralizing or decentralizing purchasing habits, cancelling support and maintenance etc.
A lot of these triggers are outside the SAM owner’s control (who’s going to stop a multi-billion-dollar merger because the SAM manager warns “Oracle might audit us!”?), so when and where you become an audit target for one or more vendors might not be something you can do much about. But you probably can see it coming.
What can you do about it?
I think there are three key strategies – not mutually exclusive, but also not interdependent – that you can adopt to help lessen the risks of experiencing a disruptive, time-consuming and expensive audit. But, as I’ll explain, I think only one of these can help you avoid the audit completely.
First, and perhaps most obviously, you need to take a proactive approach to Software Asset Management. Not just fighting fires as they flare up but looking ahead and working with stakeholders from across the organization to actively manage software deployments, licensing and vendor relationships. If you see change on the horizon, be ready for it. If you find problems, fix them on your own terms.
Being able to demonstrate that you have an effective SAM program in place can be enough to change the conversation with an auditor and smooth some of the audit experience. It won’t take away the pain completely, but it will help.
Second, you could invest in a SAM tool. Having a full inventory of software consumption and the ability to produce an Effective Licensing Position (ELP) is a big step towards audit readiness. There are still several problems, however. For a start, many software vendors are highly suspicious of canned reports from SAM tools, especially ones that are known to not handle entitlements or non-instance data very well. Another common issue is when the data output from the SAM tool isn’t in the format that the auditor wants, which means a lot of manual labor in transforming reports, adding in extra data points and correlating to legacy purchase agreements.
And finally, auditors know pretty well which licensing schemes SAM tools support and which they don’t. If you’re signed-up to a licensing scheme that your SAM tool doesn’t support, an auditor is unlikely to take your ELP at face value.
The third strategy is what you might call the ‘Beware the Dog’ approach. For many years, Livingstone has provided Software Asset Management and audit defense services to organizations around the world. And we see two distinct trends. Our audit defense work usually comes in when the customer has already received an audit demand. They know they need help and the auditor knows the customer most likely has a problem. Enter Livingstone to act as the mediator and get the best deal possible for the customer (and a fair deal for the vendor).
However, those customers that retain our SAM services when there’s no imminent audit threat tend to have a very different experience. When audit demands land in the CIO’s inbox (and they still do), responding to the auditor with “Livingstone will be handling this on our behalf” somehow seems to radically transform the narrative with the auditor.
In some cases, we’ve had auditors completely back down and decide it’s not worth carrying on any further. In others, we find the experience becomes a lot less confrontational. And in all cases where the audit has continued, it’s been the customer in the driving seat.
Why does Livingstone have that effect on audits when in-house teams and tools alone don’t?
Because we know more about software licensing than most auditors (it sounds a little arrogant, but we’re confident it’s true). If an organization has already onboarded a SAM managed service from Livingstone (and that vendor is in-scope) then we’ve already highlighted and helped the customer address any risks prior to an audit.
If and when the auditor comes knocking, it’s already too late. Our customer’s house is in order and their licensing is already optimized (and, of course, compliant). Auditors that challenge our team’s licensing knowledge often go away red-faced and frustrated.
For teams that expect a 10x return on any audit work they undertake, we can destroy their profit margin very quickly!
Choose your guard dog wisely
Just as many big accounting firms have finally stopped undertaking audit work on firms they also provide other services to, there is a strong potential for a conflict of interest when licensing resellers undertake audit defense work. If the team you expect to defend you also has a reseller relationship with the vendor auditing you, alarm bells should be ringing.
All of the three strategies above will help you minimize the cost – if not the likelihood – a software audit. And that’s a good thing. But if you want to make the threat of a software audit go away as much as possible, only the third has been proven to really make that happen.
You might call it an insurance policy, but I think it’s a little different. It’s more a deterrent policy. Or simply, a guard dog.