Companies are experiencing vendor-initiated software license audits at an alarming rate. Gartner estimates that 70% of companies receive at least one audit notification per year. It is not uncommon for penalties to exceed $1 million, $10 million or more.
IT procurement has a critical role to play in reducing audit risk for software vendors as well as navigation. To understand this role, it is important to understand what drives supplier behavior.
A few years ago, KPMG reported that 52% of software companies estimated that their losses from unlicensed software use amounted to more than 10% of their revenue. And according to The Software Alliance, a third of the software downloaded onto PCs worldwide is unlicensed (worth $46 billion). Vendors have responded by turning software license audits into revenue streams. Many vendor-side licensing compliance groups now have revenue quotas and their account teams are trained to spot audit-generated revenue opportunities.
Ultimately, audits have become an unspoken part of the routine conversation between purchasing and suppliers. In this respect, IT procurement teams represent a first line of defense against compliance and audit risks.
So how can IT procurement help manage software vendor audit risk?
1. Know the red flags
Is your company an attractive target for a software vendor audit? The answer is yes if you have a large enterprise agreement to renew or if you have a highly virtualized environment. Both provide suppliers with an easy opportunity to spot nonconformities. And, contrary to popular belief, having been audited in the past actually increases the likelihood that you will be audited again.
Here’s another red flag: vendors are able to identify customers who have strong SAM/ITAM processes and capabilities. Companies that do not demonstrate a clear understanding of what they own, how they are used and by whom (and whether or not they are in compliance with product use rights) are the best candidates for an audit. Speaking of product use rights, those used to be static, but that’s no longer the case. They are constantly changing. “How do we stay on top of changes in product use rights? is a question every IT procurement team should ask.
2. Perform your own license position assessment and optimize current licenses
License post assessments (think of them as self-audits) are critical to (1) minimizing the risk of non-compliance and (2) maximizing the outcome of an audit. In a self-audit, the first step is to collect deployment data. The next step is to compare deployments to your entitlements to identify over- or under-utilization gaps. This data and analytics will allow you to define remediation options and establish a remediation plan based on your organization’s conditions versus those of the vendor. As a bonus, it also provides accurate usage benchmarks for upcoming purchases and renewals.
Note: This exercise requires an in-depth knowledge of license/subscription swaps and product use rights. If you don’t have this knowledge in-house, seek outside advice.
3. Establish internal protocols for what to do if an audit is served
Strict protocols must be in place to avoid self-incrimination in the event of an audit. Who makes up the internal team that will take care of the audit and what will be the role of each? How will you centralize and manage communication with suppliers? Who speaks to whom and who does not speak? Did the supplier inform you correctly and is the audit in accordance with the specifications of the contract? These are just a few of the questions that should be addressed as part of your protocol.
4. Be Prepared to Challenge Software Vendor Audit Results
Vendor interpretations of deployment data are rarely accurate. Plus, they’re designed to produce results that serve the provider’s interests, not yours. This is one more reason why an assessment of the licensing position using third-party tools and in-depth licensing expertise should be performed. The resulting findings will allow you to challenge the provider’s findings while validating your true licensing position. This will help you minimize non-compliance costs or mitigate them entirely.
5. Perform price benchmarking for all required post-audit purchases
If a software license audit leads to the requirement to purchase additional licenses, be sure to perform a price benchmark analysis on these new purchases to ensure you get a fair deal.
Kim Addington is COO at NPI.
NPI is an IT sourcing advisory firm that provides transaction-level price benchmarking, license and service optimization advice, and vendor-specific negotiation insights that enable IT buying teams to make measurable savings. For more information, visit www.npifinancial.com.