Confessions of a Software Auditor (Pt. 2 of 2)

The storm continued to rage outside when I met with the software auditor again. After I reviewed my notes from the previous meeting, I looked up to see him staring at me, but he wasn’t really looking at me, he was somewhere else, lost in his own mind.

I was surprised when he broke the silence. “Do you believe that software auditors are experts for every software product they audit?” he asked me while he stared out the window.

I responded, “I would assume they have to be experts.” He then looked me directly in the eyes and said, “I remember completing an audit for Adobe, then delivering a bill to a customer for $2.8 million.” “Wow!” I said in disbelief. “But they never paid that bill,” he said, “because they hired an expert who uncovered an error I had made, which allowed for local unbundling of Creative suite.” He explained, “Executable data I used for the audit erroneously identified huge liabilities for standalone software such as Photoshop and Illustrator.”

He told me that the software license expert hired by that organization spent two days optimizing the compliance position of the organization through manual suite wrapping, and as a result the final bill was reduced to $70,000.

“It is a huge mistake to take on software auditors without the proper expertise” he said. “It would be like representing yourself in a court of law after being accused of a crime” he explained.

It was clear to me that no organization should accept or pay a software audit bill until they have their own experts review and evaluate the results. Throughout the evening, I learned so much. For example:

  • Did you know many software companies do not have license keys deliberately, so it’s easy to copy and proliferate, which becomes a sales opportunity for the software vendor?
  • Did you know most software vendors have incomplete records of software resold or distributed through their reseller channels?
  • Did you know if a third party wants to audit your use of a vendor’s products, the third party may not always have the contractual right to do so?
  • Did you know some major software companies have licensing “policies” that cannot be contractually enforced?

“Are mistakes often made by software auditors?” I asked.

He scratched his chin, then said “It’s only a mistake if someone identifies a mistake.” He then told me that he had performed hundreds of audits, and in his eyes they were all accurate. “But as you can see,” he said, “I have made mistakes.”

He then said something that stuck in my mind for a long time after our meeting. He said “I am only aware of the mistakes that were pointed out to me by software license experts, but most organizations just take my word for it, so I am not quite sure if I have made similar errors in other audits.”

The auditor told me that when he was starting out, he billed an organization for $1.5 million after he performed an audit for Microsoft that was, in retrospect, sub-optimal. He said he neglected to take into account legacy licences that could have been applied creatively to cover individual instances of server software. In addition, he presented the shortfall to the organization as a processor licence requirement, when in fact the existence of CALs meant that an optimum position could be reached with minimal spend on server licences.

Lucky for that organization, they had their own licence expert to assist them, and as a result the auditor’s bill was reduced from $1.5 million to $10,000.

Regarding Microsoft, I learned the following:

  • Did you know changes in licensing for major products such as, SQL Server and Windows Server mean that an accurate picture of your hardware estate is essential to ensure compliance when migrating to the latest version? Customers with Software Assurance maintenance that don’t have an up-to-date breakdown of their estate could be liable for additional license charges
  • Did you know the same products may have different licensing rules depending on the agreements with which they were originally purchased? Geographic restrictions, differences in available downgrade rights and license transfer rights might affect compliance for companies with a large global footprint.
  • Did you know Microsoft does not track their customers’ licensing positions and their VLSC portal is available as a record of initial purchase but is not considered by them to be an asset management tool? Customers are expected to keep a record of their own licenses, including Retail and OEM purchases, license transfers through acquisition and divestiture and non-standard agreement terms for review in a potential audit.

Regarding Salesforce, I learned the following:

  • Did you know it is not possible to mix Editions of Salesforce subscriptions, meaning that a great deal of functionality is unused (due to companies overestimating requirements)? However, lower Editions of force.com licenses can be mixed with higher Editions of Sales Cloud and Service Cloud, creating optimization opportunities.
  • Some discovery tools are able to monitor activity for cloud solutions through URL tracking, enabling companies to better understand their actual feature usage.

Regarding Attachmate, the auditor asked if I knew the following:

  • Did you know that Attachmate products have undergone a number of name changes, often causing confusion over a customer’s right to use software?? Attachmate’s “Authorized Alternatives” policy allows customers to retain legacy software through complex ‘downgrade’ rights.
  • Did you know agreements often contain a mix of concurrent and non-concurrent licenses, meaning that ring-fencing concurrent devices/users is critical to managing compliance accurately?

When my meeting with the auditor concluded he stood up, put on his coat, and disappeared into the storm. I was never to see him again but I am sure to this day, he is out there hunting for organizations that are not investing properly in software optimization solutions.

My Conclusion

A Software Optimization Solution will help organizations that do not fully understand the install base of all their commercially licensed products. Furthermore, it helps organizations that do not have a way of determining and optimizing usage of the software products they license.

What is the benefit to organizations with the right software license management tools along with the proper expertise? It gives organizations the ability to have a complete view of all software across the whole organization and the ability to reduce their licensing costs while empowering them for better vendor negotiations. This type of information will help organizations reduce the number of legacy licensing models while providing them knowledge for better planning when it comes to their future upgrades and new technology acquisitions.

Most important, organizations should never accept the results from a software audit without hiring or retaining their own experts to verify any results provided to them by the software auditor.

Be sure to check out Part 1 in this series: Confessions of a Software Auditor (Pt. 1 of 2)