Audits disrupt operations and can result in significant unplanned expenditures.
As software companies pursue revenue growth, compliance audits have become a source of additional license income and a means to push new products or subscription services. License agreements are complex, ambiguous, and differ in the metrics used to determine compliance.
The vendor has the upper hand in an audit because they:
- Have insight into the more nuanced areas of their software license terms
- Provide the tools for discovery (which sometimes “discover” more than they purport)
- Are financially motivated to upgrade your enterprise agreements, sell new products or lock in multi-year cloud-based subscription services.
At best, the time spent defending your organization represents an opportunity cost by drawing resources away from revenue-generating or mission-based activities. At worst, an audit also results in financial penalties, unbudgeted purchases or disadvantageous and costly multi-year changes to license agreements.
Not all audits start with a software compliance audit letter. Some seem innocuous, even helpful, like a software asset management (SAM) program. SAM engagements are touted by vendors as a way to optimize licenses by providing the vendor with an inventory of your software assets to evaluate their use in your environment and make recommendations. Of course, vendors are not financially motivated to identify areas of under-utilization but can quickly spot over-utilization. It is critical to protect your organization by having a thorough understanding of your SAM programs, licenses, entitlements and with documented evidence of software purchases, deployments and commitments.
BLC uses a four phase approach for Software Audit Defense:
Engage with vendor and auditor to understand and document the audit scope, instructions and to review the vendor’s discovery tools. (This is critical, as audit scripts often take advantage of system access to “discover” products outside of the audit scope.)
BLC utilizes proprietary tools and data science techniques to research and develop an enterprise license position, considering agreements, entitlements, licenses, commitments and usage.
Our asset management and licensing experts thoroughly analyze the results of the vendor’s audit discovery tools, spreadsheets, calculations and assumptions for accuracy and relevance, to assure accuracy before any information is sent to the auditors. Having a well-researched and documented license position not only reduces costs on your current audit, it decreases the likelihood that you’ll be audited again in the near future.
BLC’s role is to protect the interests of our client. Together, we review the detailed results of the analysis phase and develop a response and action plan:
- Challenge inaccurate or out-of-scope findings
- Expose vendor assumptions, miscalculations or inaccuracies
- Provide confidence in the response strategy through evidence-based documentation
The objective of the Achieve phase is to not only negotiate the most favorable audit outcome, but to build an ongoing plan of action to mitigate risk, including self-audit monitoring processes and tools.