Software Compliance Review

Manage software audit risk in advance with a Software Compliance Review
Home / Software Compliance Review
Software License Compliance: Essential Steps

You commit to extensive licensing terms when you purchase each software product. But the terms are extremely complex with important information buried in the fine print. Some use rights and restrictions might only exist in remote areas on a vendor website. Even the vendor’s sales team is likely unclear about licensing details during the sales process.

Software auditors, however, are very clear about licensing compliance requirements and have a good idea of what they will find during an IBM SLR, Mircosoft SAM Engagement or Oracle Audit. Unfortunately, IT management is often shocked and unprepared for what is learned from the audit results.

What are software audits?

Software audits (SAM – software asset management, SLR - software license review, compliance review) are comprehensive assessments to determine the extent to which a company is using a vendor’s software, as well as what licensing has been purchased to cover this usage.

Most major software vendors (Oracle, SAP, Microsoft, IBM, Symantec, VMware, Citrix) regularly enforce audits under the contractual rights described in their license agreements. These rights require the customer to run ‘scripts’ to determine the installed footprint, provide detailed documentation about purchases and technical environments, and give the auditor access to extensive supporting information. Audits are intensive and intrusive, requiring your resources and attention for around 3 to 4 months. Upon the conclusion an ELP (effective license position) report is presented.

Why would a vendor audit your company?

The purpose of a software audit is to increase vendor revenue. Auditors identify and document licensing shortfalls so that the vendor can exercise contractual rights to collect payment. These payments include: license fees, back maintenance and support, penalties, and audit and legal fee recovery. Revenue generated per client can be millions of dollars.

How was your company selected for an audit?

Vendors systematically audit all customers, of course, prioritizing the best opportunities. Customers attract the attention of the vendor when purchase patterns change, agreements are not renewed, mergers or acquisitions are announced, and when they learn of projects that could change the technology footprint. Even a simple call to vendor support can trigger an audit.

What are the areas of audit risk?

In a typical company licensing issues exist in all parts of the technology landscape. Classic challenges include:

  • Complicated and misunderstood licensing terms
  • Undocumented or even renegade environments
  • Assumptions made on an incorrect understanding of license ownership
  • Scattered purchasing documentation
  • Virtualized, cloud, or shared implementations
  • Incorrect or changing server specifications
  • Pirated, temporary, or trial installs on servers or workstations
  • Environments exposed to external or public users
  • Forgotten or incorrect true-ups

If you purchased software with sub-capacity IBM PVU licensing for 6 cores of a 48-core server but didn’t install ILMT, you owe IBM for 42 more cores. A simple error, like this one, can easily result in millions in unplanned expenses.

What are common audit mistakes?

Software auditors often reach inaccurate conclusions and it will be up to you and your team to defend your position. You will have better results if you avoid these common errors:

  • Incorrect information sent to auditors
  • Using your last renewal as an entitlement report
  • Not optimizing virtualized environments
  • Unchecked communications that confuse or alert auditors
  • Dependence on the auditor’s tools without running in-house scan tools
  • Sending unrestricted data beyond the fields or environments requested
  • Reporting installs outside of the publishers and product scope
  • Software versions incorrectly indicated so that install counts are inflated
  • Not filtering phantom installs like trial versions, uninstalled versions

How do you minimize audit risk?

Even a tightly managed environment can become non-compliant with a simple mistake or oversight. BLC recommends regular internal audits so that you are always prepared. The sooner you find problems the better your position. An internal audit includes:

  • Review of all related vendor and licensing agreements
  • Analysis of software purchasing documentation
  • Inspection of true-up history
  • Detailed evaluation of product use rights
  • Document a meticulous product footprint
  • Understand clearly who, how and why for each product
  • Deep dive into virtual and shared deployments
  • Awareness of active projects that could change the landscape
  • Update a quarterly ELP

BLC offers a comprehensive deep-dive Software Compliance Review Service.

When experience matters. The business case for a software audit partner. Have you received a software audit or SAM letter? Why is your vendor auditing your software footprint? Should you be concerned about a software compliance audit or SAM? BLC is your SAM or compliance audit partner.

Talk to BLC to learn more about Software Compliance Review Services.




113 Seaboard Lane, Suite A120, Franklin, TN 37067