How to Prepare for a Software Licensing Audit   

Software Licensing Audit

It doesn’t matter how hard you work or how solid your Software Asset Management (SAM) practices are – a software licensing audit makes even the most experienced SAM professional nervous. Audits aren’t fun but panicking isn’t an option (however tempting it may be). To help, in this blog, I share some practical guidelines for preparing for a software licensing audit.

Build your processes with audits in mind.

When designing any process, I always like to start with the mindset that I could be audited tomorrow. Call me old-fashioned, but old habits die hard after a lifetime of working in some highly regulated sectors. When creating my SAM process, I build in checks from the outset. One of the most critical steps is ensuring you provide the right licensing structure for your organization. Examples of licensing structures include:

  • Single user / per seat license
  • Multiple user license
  • Per site location
  • Per region license
  • Enterprise-wide licenses
  • Subscription licenses

Know what’s suitable for your organization and plan accordingly. We’ve already found many different licensing solutions – make sure you know what works for your organization to avoid being over or under-licensed.

When building your SAM working instructions, define the auditing process. Build up a bank of templates like response emails, meeting requests, and responses to vendor discovery so that any auditor or vendor has a consistent, professional experience.

Understand the complexity of your environment.

The more complex your environment, the greater the potential for exposure. Depending on the vendor, proof of license could be one or any of the following:

  • Receipts and invoices
  • The master copy of the software itself
  • Distribution copies of software on the freestanding media or servers
  • Installed operational instances of the software.
  • Software passcodes or license keys, either electronic or paper-based
  • Software maintenance authorization codes
  • Software license certificates, or other ‘proof of licenses’
  • Documentation
  • Terms and conditions of licenses
  • Support contracts
  • Maintenance contracts
  • Software release documentation
  • Upgrade components.
  • Training material

Be proactive with suppliers and partners.

Build and maintain strong relationships with all of your software vendors and partners. Regular service reviews will make you less likely to be under or over-licensed. Have a timetable of renewals and audit schedules. This way you know when to start planning for audit activites and renewal negotiations.

When working with a new vendor, define protocols and audit rights early because it’s much easier to negotiate license audit behaviors and limits during the purchasing stage than immediately before an audit. Things to discuss include audit frequency, intrusiveness, and provisions for meeting any shortfalls in the event of inadvertent non-compliance. Get your software vendor to confirm in writing what acceptable proof of license is during negotiations. Have it as a mandatory requirement for any bids your organization accepts.

Know your vendor.

Ask for an initial meeting with your vendor’s audit team so that you can get any questions answered quickly. Make sure that any NDAs are in place to prevent errors or sensitive information from being published inadvertently. Confirm the scope of the audit. Is it your production environment only? A particular site? What software is included? Ask for the scope of the audit in writing so you can plan accordingly and focus your efforts. 

Practice makes perfect.

We all know that practice makes perfect, and this is particularly true in the event of a software audit. Work with your colleagues to do a practice run. Capture the licensing information in your organization and compare it with the data requested by the auditor. This is where your team comes in. Work with your procurement, legal, and IT teams to identify data gaps, errors, or inconsistencies, such as missing licenses, expired licenses, or duplicates. Work through these discrepancies so that you can correct them before the real audit or at least have a plan for putting things right.

Get organized.

  • Ensure all your process documentation is current, has recently been reviewed, and is in a central location. Ensure that things like headers, footers, and version control information are correct, as a lack of attention to detail could raise concerns in an audit situation. Ensure everyone knows where to go for the documentation and any questions.
  • Review your bank of templates so that everything is as consistent as possible.
  • Uncertainty over what software maps to what hardware can be seen as a red flag during an audit, so make sure you have your asset register or CMS up to date and a central point to check.
  • Depending on your change cadence, consider having a change freeze around the software to be audited. Protecting and ring-fencing the software means no changes could occur that could inadvertently affect software licensing.
  • Run a refresher course on licensing for all service desk and IT support teams so that all colleagues involved with the installation of end-user software are up to date with the rules around software licensing, reducing the potential for human error. Ensure to cover checking for available licensing and installing software from a central source such as a DML.

The big software licensing audit day

  • Ensure the auditors have somewhere to set up and act as a center of operations. This sounds basic, but any audit could potentially cover secure or sensitive information, so make sure that is considered when booking a meeting room or work area.
  • Ensure that only authorized personnel with the appropriate training talk to software vendors and external auditors to prevent confusion or misinformation, such as mixing up development systems with production services.
  • Make everyone aware that an audit is going on. Before the start of the audit, it is helpful to communicate the nature of the audit, advise people on what to do if asked a question, and explain who to refer the auditor to if you don’t know or are unsure. Remember, the golden rule should be to check the process documentation or ask for help if you are in doubt.

Preparing for a Software Licensing Audit – Review

When the software licensing audit is over, ensure that the review meeting includes an opportunity to review findings before settlement and validate that the auditor has included all licenses to which the customer is entitled. Look at what worked well so the approach can be used as a template for future audits. Also, look at any observations or potential process improvements to make your next software licensing audit easier.

FAQs

  • What are the most common types of licensing structures? Common licensing types include single-user / per-seat licenses, multiple-user licenses—per site location, per region licenses, enterprise-wide licenses, and subscription licenses.
  • What is proof of license? The short answer? Every vendor is different! The long answer? Read your contract to understand what your vendor will accept as proof. Some examples include receipts, invoices, and license keys.
  • How do I prepare for an audit? Practice! Ted Lasso says, “The harder you try, the luckier you get,” the same is true with audits. Do your prep work, run practice audits beforehand, and have a plan for the day.

    What do you think? Concerned you can’t go it alone? Take a look at how LicenseHawk can help if you have an upcoming IBM Software Licensing Audit.