Are you ready for a software audit?

September 12, 2017
Team schreiben

Author

Team schreiben

According to Gartner, more and more software audits have been carried out in recent years. Software manufacturers use the audits both as a source of revenue and to stem software piracy.

Gartner’s reports also include proactive recommendations for CIOs and IT managers to invest in software asset management (SAM) processes and tools to comply with the license agreement terms.

In addition to Gartner’s advice, I would also recommend improving the communication and operations between the IT department and purchasing, as it is essential to use a software asset tracking process, from the time of purchase (financial Records) to its sorting out. It is extremely important to understand the nature of the purchase of a software license (type of contract), the type of use (installation), the rights to use them on different devices, and the associated financial / legal documents.

Recently, many manufacturers have made a number of changes to their licensing models. They now use a variety of metrics (per CPU, per core, NUP, PVU, etc.), which makes licensing even more complex. With IT and IT environments changing as a result of virtualization and cloud computing, IT decision makers are forced to explore ever-widening areas of knowledge, with most of them having nothing to do with licensing.

The frequent changes in licensing rules and the lack of appropriate tools for software management and control mean companies are at risk of exposing themselves to major financial risks through manufacturer audits.

General criteria for carrying out audits
Just as forecasters are looking for changes in weather patterns to create the week forecast, software manufacturers are looking for patterns in a company’s history that indicate a potential audit need. These include, for example:

Mergers and acquisitions
Mergers and acquisitions (as good as) do not involve the transfer and consolidation of software licenses between the companies. In such cases, the new company generally does not have enough licenses available and thus violates the Software Terms of Use.
The inferences that manufacturers draw from your acquisition history and your company’s official financial data
This implies that the number of licenses does not match the company’s economic growth, such as number of employees, equity, etc.
Audits by other manufacturers
We know companies that have been audited by other manufacturers due to an audit by a software vendor.
Non-renewed license agreements
This applies to companies that are not interested in extending their current license agreements or converting them to another type of contract.
Types of software audits
A “soft audit” is the simplest audit type. In this process, companies that are audited need to create a list of the license stock used and send it to the manufacturer. The data is then compared to the acquisition history to determine compliance.

A “hard audit” is more difficult and costly and is performed by an authorized auditor acting in the best interests of the manufacturer. The auditor is authorized by law to verify the license evidence, to carry out on-site technical inspections and to present the results of the audit to the software manufacturer.

The best protection against an audit is the introduction of a continuous SAM solution that has emerged as a result of collaboration between the partner and the customer’s specialist / licensing staff, and keeps your organization’s software compliance up to date.

The 5 stages of a software audit
If you are going through a hard audit, you are preparing for a process that could be as follows:

Kickoff meeting
In this first phase, the auditors mandated by the manufacturer schedule a meeting (usually a telephone conference) to introduce the phases of the audit and the timetable.
data collection
The company being audited must collect and provide certain information about the IT infrastructure to the auditor. These include z. B .:
the hardware configuration of the devices,
a list of applications installed on the devices,
the users who have access to these devices and their applications, and
a proof of licensing (documents).
On-site visit
During this phase, the auditors visit the company being audited to verify the accuracy of the data provided and, if necessary, to collect additional data.
Preliminary report
Based on the data collected in phases 2 and 3 prepares

Leave a Reply