How to Respond to a Software License Compliance Audit and Prepare for the Next One

[vc_row][vc_column width=”1/4″][vc_column_text]

Lisa Detwiller
Lisa Detwiller
SSD Technology Partners

[/vc_column_text][/vc_column][vc_column width=”3/4″][vc_column_text]

In the previous article, we discussed the prevalence of unlicensed software in the workplace. This has not gone unnoticed by software vendors, especially Microsoft, which is why software license audits are on the rise. Just responding to an audit is expensive enough for a small or medium-sized business, but penalties and adjustment costs can easily reach six figures.

Even if you think you’re doing a good job managing your software licenses, some software companies do routine audits of random customers. Organizations should operate on the assumption that a software license compliance audit will occur at some point and respond accordingly.

First, don’t ignore an audit notification. Contact your attorney immediately to coordinate the audit process. Your attorney will review your contracts and explain your rights and obligations regarding the audit. The lawyer should also discuss with the auditor to establish the scope and timing of the audit. The issuance of requests and the drafting and review of reports and documents should be handled by your attorney. Documents should include a non-disclosure agreement to ensure that all of your proprietary information is protected.

Once the scope of the audit has been established, IT should conduct an internal software license compliance assessment to quickly determine the extent of software usage. Although the software vendor does its own audit, that doesn’t mean you should blindly accept the results and, if non-compliance is found, pay what the vendor demands. Your organization should have the opportunity to review, comment on, and possibly challenge audit findings, and negotiate a settlement.

Some organizations are so shaken up by an audit that they revise their software licensing strategy based on that audit. As we mentioned in the previous post, many organizations overcompensate by buying too much software and end up wasting money on unused or underused licenses. Instead of reactively setting policy after an audit, take a proactive approach that minimizes the risk of non-compliance.

As a first step, perform a review of all installed software and collect proof of ownership (purchase orders, paid invoices, receipts, etc.). This process can be time-consuming given the complex nature of most computing environments, but it’s the only way to ensure that every application you need is properly licensed. It will also allow you to get rid of applications and licenses that you don’t need and quantify your risk of non-compliance. Look for Software-as-a-Service licenses that allow you to use only the services you need with pay-as-you-go pricing. Finally, support your strategy with documented policies and procedures that define the rules for purchasing, using, and distributing software and reporting risky activity.

You may not be able to stop software vendor audits, but don’t let the vendor crush you and don’t let an audit dictate your approach to software management. Take stock of your existing software, ensure software usage is aligned with business needs, and develop a software license compliance strategy that reduces risk and controls costs.


Lisa Detwiler, president, joined SSD Technology Partners in 2006 as chief marketing officer, and in 2014 she and her two partners Woodie Bowe and Nick Ewen purchased the company. Detwiler holds an MBA in Marketing and Strategy from Carnegie Mellon University. Lisa successfully steered SSD through a tough economy in 2012, setting the company’s biggest growth record in 31 years.

Lisa believes that the basis of our success does not come from business buzzwords or the latest management fads. Success comes from behaviors and commitments to the basic guidelines of how we operate as individuals and as a business; do what is best for the customer, practice flawless problem solving, seek to create win/win solutions, check ego at the door and communicate to be understood.

Lisa serves the community as chair of the board of the American Red Cross and the Delaware Better Business Bureau and has been a member of the Wilmington Rotary Club for 10 years.