How to prepare for software audits

- select the contributor at the end of the page -

How many copies of Office or Photoshop or SQL Server has your company paid for? How many are you actually using? If the numbers don’t match up, you’ve either wasted money because you’ve paid for more licenses than you need, or you've caused an unexpected expense in having to catch up with all the installed copies you don't have licenses for. And worse yet, if an auditor finds this out before you do, you could get slapped with a nasty fine. No matter the scenario, not properly tracking your software negatively affects your finances.

Audits will happen

If you don't think you're susceptible to audits, you might want to think again. According to a survey for management vendor 1E, 84 percent of the companies asked (in the US, UK and France) had been audited by a software vendor in 2012, and half of them had been audited more than once in the last year. Over a third had been audited two, three for or even five times, and 17 percent of the 250 businesses in the survey had been audited more than five times in the previous 12 months. You have to feel particularly sorry for the three percent of firms that were audited eleven or more times in a year. With that many audits, it’s surprising that only half the companies used software to keep track of what software was installed on desktop and laptops, and only 40 percent of companies had an audit tool that checked their servers for programs that were installed and never used. Remember, you’re still liable for an installed copy of a program even if it's never been used to create a single document. You’ll also need to check both running virtual machines, and the images you use to create them, to make sure there won't be a conflict between what VMs are running when you do your own asset checking and what’s running when an audit happens.

Be proactive

Tracking your software means knowing exactly what's running on the servers, virtual machines, desktops and laptops around your company, including systems brought in from home and remote desktop connections from tablets, and how many of each. If it’s software that’s used to make money for your business, you need to make sure your business has paid for the right to do that. So if users have Windows RT tablets or Windows 8 systems that came with a free copy of Office 2013 Home and Student that they’re using for work spreadsheets or presentations, you need to make sure they get proper commercial licenses instead. You have to start by keeping good records, and putting all your software contracts together in one place. You can do that by hand or in something like Microsoft Intune, which can import software agreements from any vendor as well as look up your Microsoft SA licenses. The nice thing is it will tell you what software is running on devices you’re managing with it. Even with official software, the more users you have, the more different applications you’ll find. Paul Prince, CTO at Dell, estimates that for every thousand users in your business you’ll find 100-200 different applications. Find out how many of them are still needed. You might find that you can cut back and have fewer things to support (or to migrate in the next upgrade), track and audit.

Use management tools

Counting up how many license keys you have left unused isn’t enough to stay ahead of software audits these days. You need to employ tools such as System Center or Intune or any of a wide variety of auditing and asset management systems to help you keep track of your inventory and what's active. Think about all the places you have to look: server and desktop virtualization, remote desktop connections, streaming virtualized apps, home devices, seats on cloud services, CALs — licensing is more complex than ever. If you have a limited number of pricey seats for expensive software like Photoshop or AutoCAD, you want to be using software controls to make sure it’s the design team rather than the part-time receptionist installing them. In fact auditing what software is running on your company network may be something of an eye-opener, and you’ll almost certainly find software you’re not expecting. In its 2012 consumerization study for Unisys, Forester found that 40 percent of employees were bringing their own apps to work to get things done. Video conferencing, personal email and cloud storage tools were the most common — which could mean security issues as well as software liability. Avecto ran a survey among TechEd attendees in the same year and found that 76 percent of admins didn’t know how many unauthorized apps were running on their network, but 40 percent had traced a network infection back to unauthorized software.

Know your agreements

When you do get audited and you supply the vendor with details of what software is running in your business, you need to make sure your information is accurate. But a word of advice: Be cautious about being too candid about your IT architecture and competitive software products you’re using. If you give away too many details, you could end up getting some eerily well-targeted pitches from their sales team trying sell you a new version, a more powerful package or their version of software you’ve bought from another supplier. It’s getting hard to tell the difference between some audit requests and sales pitches. At contract renewal, remember to compare the language used between new and old agreements in case it changes, and check what audit rights are included in contracts — you don’t have to accept the terms the vendor suggests without negotiating. Make sure you will be receiving written notices of audits, including timelines and project plans of what will be involved in audits, with lists of what products will be covered. The contract will cover what happens if you’re not in compliance. Look for terms that let you just pay the difference without any fines if you’re only using five to ten percent more seats than you’re licensed for, or exemptions from repeat audits for a year or two once you're caught up. Between making sure you have sound licensing agreements, and being proactive by keeping track of everything going on in the business when it comes to your licenses, you'll be able to have a much less painless experience when an audit arises, and save a bit of money along the way.

Get our content first. In your inbox.

Loading form...

If this message remains, it may be due to cookies being disabled or to an ad blocker.


Mary Branscombe

Mary Branscombe has been a technology journalist for over two decades, and she’s been the formal or informal IT admin for most of the offices she’s worked in along the way. She was delighted to see the back of Netware 3.11, witnessed the AOL meltdown first-hand the first time around when she ran the AOL UK computing channel, and has been a freelance tech writer ever since. She's used every version of Windows (client and server) and Office released, and every smartphone too. Her favourite programming language is Prolog, giving her a soft spot for Desired State Configuration in PowerShell 4. And yes, she really does wear USB earrings. Find her on Twitter @marypcbuk.