By John Emmitt
This is the third installment of my blog series on the SAM Summit event in Chicago, May 29-30, 2012. On Wednesday, I attended a session on the Dos and Don'ts of Major Supplier Audits by Carol Nicola of Liberty Mutual. They have more than 45,000 desktops and 10,000 servers and use 3 different discovery and inventory tools.
Here are Carol's recommendations for what to do to be software audit ready, with some commentary from yours truly:
- Assign an executive owner to your software asset management (SAM) and license optimization program and define SAM roles and responsibilities.
- Document and periodically update software asset management policies and procedures. Train IT personnel regularly on these internal SAM policies.
- Understand software license agreement terms and conditions and establish an easy way for people to inquire about license T's and C's. Document anything that clarifies the agreement. This goes hand-in-hand with the next one:
- Centrally record and track proof of license (license entitlements). This is where an asset management repository comes into play-- something you get with the leading software asset management and license optimization tools on the market. These tools can automate the purchase order management process to capture license entitlements in a central repository and link them to software installations.
- Negotiate the software vendor's audit clause in your agreements to--
- Limit time onsite during the audit
- Require auditors to sign an NDA
- Define your "most favored language" to include things such as the right to select your auditor
- Limit the scope of the audit, where possible--by organizational structure/business unit, geographic location, software product family, etc.
- Perform routine self-audits. Its helpful to have software asset management and license optimization tools and processes in place that provide reports such as an accurate vendor license position. An accurate license position requires you to be able to incorporate extensive knowledge of vendor-specific software product use rights to ensure that you are not over-licensed, or asked to pay for additional unneeded licenses during an audit true-up.
Carol also offered a couple of "don'ts":
- Don't give answers to auditors on-the-fly and don't allow end-users to talk about software usage with the vendor.
- Don't rely on the vendor or auditor's results or findings. This is very important, as the auditors may make mistakes. Flexera Software has had a number of customers that were facing a software audit where the auditor erroneously said that the customer was under-licensed for a certain application. In one case, an independent analysis revealed that the auditors had mistaken a free application for one requiring payment for a license-- and the license liability was reduced by more than $3.8 million!
As we've reported previously, software vendor audits are still on the rise, so its important for organizations to be audit ready. Carol provided some great guidance to allow you to do just that.
Readers may also be interested in viewing our on-demand Webinar on Top Tips for Surviving a Software Audit, presented jointly by IAITAM and Flexera Software.