One of the most common misconceptions we see from organisations is concern and confusion surrounding software licensing audits. The “concern” part is always valid as audits are a legal right your organisation agreed to when buying the license and the consequences for non-compliance can be very high. It’s important to treat any request for a “self-assessment” or other audit demand seriously as the requesting company is not likely to go away if you ignore them.
The “confusion” element may be somewhat lessened by knowing that just because you receive an audit notification doesn’t necessarily mean you are suspected of being out of compliance. In the case of Microsoft®, they attempt to audit each of their Volume Licensing customers at least once every three years so the notification may simply mean that your time has come. Of course there are other events or scenarios under which you may be singled out. If your organisation appears to be under-reporting usage, for example, or you have been part of a widely publicised merger or acquisition(s), these events may cause the licensor to investigate.
Another scenario which is almost always cause for concern is if the Business Software Alliance© (BSA) is involved. The BSA is a global organisation of software developers focused on compliance and the legal use of software. The BSA offers financial rewards to individuals who report piracy or illegal software usage. This may be the result of a disgruntled ex-employee or a current employee who may question whether an organisation is fully compliant.
An organisation that has been audited in the past and was found widely non-compliant may also be scrutinised more closely than others.
Regardless of the reason a software audit is initiated, it’s much better to be prepared before an organisation receives notification. Any audit, whether a self-assessment or if it’s performed by a third party, can be resource consuming and disruptive to normal business operations. Since it’s likely to happen at some point, it’s better to be prepared than to hope it won’t happen.
Proactive software asset management (SAM) should be a priority for any organisation, and I submit that the more you spend or rely upon software, the more you should prioritise managing it effectively. Consider the steps that will be taken during an audit and periodically perform them before you are contacted by the software vendor. The annual true-up date is a good time to do this since you’ll probably need the data at that time.
In the case of Microsoft, I suggest starting with the Microsoft Assessment and Planning (MAP) Toolkit. The MAP tool may not provide an exhaustive report of inventory and usage, but it’s a good baseline and since it’s a tool from Microsoft, the initial results are rarely challenged. The MAP Toolkit includes a Software Usage Tracking feature to track devices and users.
Once you assess your software usage, it’s time to compare it with your entitlements. The best way to do this is to obtain a License Statement from your re-seller or the Microsoft Volume Licensing Service Center (VLSC). It’s important to use a current License Statement, rather than rely upon your own records since that is the document Microsoft will use in the event of an audit. There may be software in your environment that is detected by the MAP tool but does not appear on the License Statement such as OEM Windows which was pre-installed on PCs, or retail purchases.
Performing a gap analysis between software usage and entitlements can be a very complex exercise but it’s the best way to ensure compliance.
Whether an organisation elects to do this themselves or hire experts, but doing so proactively before being notified of an audit should be an integral part of any organisations IT management.
It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!