According to findings published on Gartner.com, 68 percent of organizations can expect at least one software audit in the next year. Rarely does an organization get audited just once, many report being subjected to several audits annually.
With a software audit looming in the near future, you may be asking yourself what’s next? How do you prepare for, and pass an audit?
The secret to surviving an audit is to understand what to expect and the steps you must take to ensure compliance. Don’t wait until the first notice arrives to start making your plan.
10-Step Software Audit Plan
1. Receipt of audit letter
Immediately identify the individuals or departments that should be made aware of the audit letter. Ideally, this will include the ITAM/SAM manager, legal, and the CIO. Don’t let an audit letter circulate from one department to the next because no one will know what to do with it.
2. Involve legal immediately
If you have a legal team, get them involved right away. Legal must be included in every step of the process to communicate and negotiate with the software publisher. Sometimes this can be handled by procurement or the software asset manager. In either case, be sure to notify the CIO or executive team that an audit is taking place.
3. Set up a mandatory meeting for all applicable parties or departments
Call a meeting with all stakeholders to establish a clear understanding of individual responsibilities during the audit. Designate a representative from each team or department to be involved, and make future meeting attendance mandatory. These representatives will be the point of contact for their teams in providing all relevant data in a responsive manner.
4. Negotiate a new non-disclosure agreement (NDA) with the software publisher
Work with Legal to finalize a new NDA with the software publisher. The NDA should reinforce that only information required for the audit will be shared between parties.
5. Negotiate audit terms
Negotiate the terms and conditions of the audit. Be sure to spell out what information will be gathered and reported. Not every product of the publisher needs to be included in the audit. Spell out specifically which products or apps are included in the audit.
6. Gather relevant data
As per the terms and conditions determined in the previous step, gather all relevant data. Hopefully you already have most of this data. Be sure to leverage the individuals designated in step three.
7. Send data to software publisher (nothing more, nothing less)
Provide the collected data to the auditor in the specified timeframe. Be sure to include only the data you absolutely need to provide, no more, no less. Organizations that provide too much data often find that it can hurt them in the end. If you negotiated to only provide data for a select list of apps and products, don’t provide data about anything else.
8. Negotiate outcomes
After the necessary information has been identified, evaluated, and provided to the vendor, work with legal again to negotiate the outcomes of the audit with the software publisher. The outcomes can include true-up costs, fees or fines, or new contract terms. Use this opportunity to negotiate volume discounts or reduce costs. Don’t just accept what was outlined by the publisher. You may even be able to remove audit clauses from your contract if you conduct true-ups annually.
9. Record results
The most important step is to record the results of the audit. What steps worked? Which ones didn’t? How much money did the audit cost you? How much money did you save? What negotiating tactics were used and did they work?
10. Prepare for the next audit
After recording the results, be sure to make any changes to your software audit plan as needed. Start preparing now for your next audit.
If followed, these steps can help reduce the audit’s financial and productivity impact on your organization. These steps will most likely be consistent between software publishers, but can be modified to meet specific requirements as needed.
Putting together a software audit plan isn’t that difficult, but the benefits can be enormous. Think about how much time and stress you’ll save knowing what to do when that letter arrives. Plus, as you prepare and get better at performing proactive, automated discovery, you may even come to know within the nearest $100 what an audit will cost. Who wouldn’t want to tell their CIO and executive team what the audit would cost on day one?
These plans can also help reduce fines or fees associated with non-compliance. Software publishers like Microsoft, Adobe, IBM, and others don’t care how much pain these audits cause your organization. They only care about how much money they can make. If you can limit what publishers end up making per audit to a few hundred dollars, future audits of your organization’s software usage will slow down.