It seems like a random question, but I bet it’s one of the metrics software publishers track when presenting you with a software audit letter. Okay, maybe not, but it could be.
As I’ve talked with asset managers, and other IT professionals around the world, I’ve found that when it comes to software audits, there are several emotions that everyone seems to experience; whether they’re receiving their first software audit letter or their hundredth. Not surprisingly, the most commonly expressed emotion reminds me of a quote from Jim Carrey in The Grinch, “Hate, hate, hate. Hate, hate, hate. Double hate. Loathe entirely!” (The Grinch, 2000).
Although an audit letter may not come as a surprise, given the estimate that “68% of organizations can expect at least one software audit in the next 12 months” (Gartner, 2014), there are definitely other emotions you and your organization may experience:
- Fear of the unknown – What is this audit going to cost us? How much time is it going to take? Are we going to be okay?
- Frustration – I don’t have time to deal with this right now; I still have my day job. Proejct X is going to fall behind.
- Loss of control – I’m at the mercy of our auditors and I can’t do anything. How do I get all departments to respond in an efficient manner?
- Utter panic – What do I do? Where can I find the information they’re requesting? Am I going to lose my job over this?
The goal to managing these feelings, and to securing the best possible outcome for your organization, is to have a Software Audit Plan in place. Don’t wait until the first audit notice arrives before making your plan.
Software Audit Plan
A Software Audit Plan is a guide of steps to take when receiving an audit letter. If followed, these steps can help reduce the financial and productivity impact the audit has on your organization and significantly impact your personal emotional well-being.
These steps will most likely be consistent between software publishers, but they can be modified to meet specific requirements as needed.
Here is an example plan in as little as 10 steps.
Step 1 – Receive the Audit Letter
Identify the individuals or departments that need to be made aware of the audit letter immediately. Ideally this will include the ITAM/SAM manager, legal, and the CIO. Don’t let an audit letter circulate from one department to the next because no one knows what to do with it.
Step 2 – Get Legal Involved Immediately
If you have a legal Team, involve them immediately. Legal needs to be included in every step of the process to respond, negotiate, and communicate with the software publisher. Sometimes this can be handled by procurement or the software asset manager. In either case, be sure to notify the CIO or Executive Team that an audit is taking place.
Step 3 – Setup a Mandatory Meeting for all Applicable Parties or Departments
Call a meeting with all stakeholders to facilitate an understanding of individual responsibilities during the audit. Designate a representative from each team or department who needs to be involved, and make future meeting attendance mandatory. They will be the point of contact for that team in providing all relevant data in a responsive manner.
Step 4 – Negotiate a New NDA With the Software Publisher
Work with Legal to put together a new NDA with the software publisher. The NDA should reinforce that only information required for the audit will be shared between parties.
Step 5 – Negotiate Audit Terms
Negotiate the terms and conditions of the audit. Be sure to spell out what information will be gathered and reported. Not every product for the publisher needs to be included in the audit. Specifically, spell out which products or apps are included in the audit.
Step 6 – Gather Relevant Data
As per the terms and conditions determined in the previous step, gather all relevant data. Hopefully you already have most of this data. Be sure to leverage the individuals designated in Step 3.
Step 7 – Send Data to Software Publisher (Nothing More, Nothing Less)
Provide the collected data to the auditor in the specified timeframe. Be sure not to include any more or any less data than you absolutely need to provide. Organizations that provide too much data often find that it can hurt them in the end. If you negotiated to only provide data for a select list of apps and products, be sure not to provide data about anything else.
Step 8 – Negotiate Outcomes
After the necessary information has been identified, evaluated, and provided to the vendor, work with legal again to negotiate the outcomes of the audit with the software publisher. The outcomes can include true-up costs, fees or fines, or new contract terms. Use this opportunity to negotiate volume discounts or reduce costs. Don’t just accept what was outlined by the publisher. You may even be able to remove audit clauses from your contract if you true-up on an annual basis.
Step 9 – Record Results
The most important step is to record the results of the audit. What steps worked and which ones didn’t? How much money did the audit cost us or how much money did we save? What negotiating tactics were used and did they work?
Step 10 – Prepare for Next Audit
After recording the results, be sure to make any changes to your Software Audit Plan as needed. Start preparing now for your next audit.
These steps are built to help guide you through the audit. Make note of which steps work and which ones don’t. When the next audit comes, refer back to the results that were documented and use them in the next audit.
Putting together a Software Audit Plan isn’t that difficult, but the benefits can be enormous. Think about how much time and stress will be saved because you know what you will do when that letter comes. Plus, as you prepare and get better at doing proactive, automated discovery, you may even get to the point of knowing what an audit will cost to within the nearest hundred dollars. Who wouldn’t want to tell their CIO and executive team how much the audit will cost on day one?
These plans can also help reduce fines or fees associated with being out of compliance. Software publishers like Microsoft, Adobe, IBM, and others don’t care how much pain these audits cause your organization. They only care about how much more money they can make. If you can limit that, so publishers only end up making a few hundred dollars per audit, audits of your organization’s software usage will slow down.
Get your Software Audit Plan in place today. Check out how the LANDESK IT ASSET Management Suite can help with its new embedded software vendor audit process. You can also participate in one of our on-demand webinars or attend Interchange 16 to learn more.