avoid defeat during a software license audit
DESCRIPTION
A look at what a software license audit is, and ways to avoid fines and other sanctions.TRANSCRIPT
Avoid Defeat During a Software License Audit.
Fact: In 2012, the Business Software Alliance settled 14 cases of software piracy in Australia totaling more than $440,000. Apart from being fined, each business was required to purchase legitimate copies of the pirated software they’d been using. Many were not aware they had acquired pirated software or had pirated software being utilised within their business. Further to this, some resellers have been found guilty of selling unauthorised copies of software to unsuspecting businesses! [Source: computerworld.com.au]
What Is a Software Audit?A software audit is a formal review of an organisation’s software suite which can be limited to one manufacturer (for example, a Microsoft or Adobe-specific audit), or open to all operating software within a business.
In a lot of cases, audits will be conducted by specific manufacturers (or parties acting for those manufacturers) who are interested exclusively in their own products. However, businesses may have a partnering company who can do a complete audit on their entire software suite.
The purpose of a software audit is to determine the nature of a software product, software process, or set of software processes to assess compliance with specifications, standards, contractual agreements, or other criteria.
A software manufacturer may audit a business that has agreed to terms in response to receiving a benefit (special pricing, additional support etc). The manufacturer is then permitted to conduct an audit at their leisure to ensure that the agreement has been adhered to. Note that “Agreed to Terms” may be implied if you are simply using their software.
The Difference Between Manufacturer & Preparatory AuditsManufacturer auditsA manufacturer will conduct an audit to ensure their IP and relevant agreement are being protected. The audit may detect, amongst other things, the use of pirated, expired, or unauthorised software. Typically, a manufacturers audit will result in compliance, or, the business being required to take immediate action to prevent further legal or financial penalties. Penalties could be as lenient as having to update software versioning or licenses or as harsh as being severely fined or jailed if the case is severe enough.
Preparatory auditsPreparatory audits are audits conducted by a business itself or by a partnering organisation. A preparatory audit can examine the compliance of all software within an environment, and can reallocate licenses that aren’t being used, saving the organisation money. Feasible and potentially more economical strategies can then be devised to address potential non-compliance issues.
Compliant
Manufacturer Audit
Preparatory Audit
Immediate action required. Fines may apply.
Compliant
Action required. No imme-diate threat of fine/penalty.
or
or
Common Non-compliance IssuesSoftware not evolving with changes in IT systems or hardware may conflict with your licensing structure or agreement. Some software license contracts may be aligned with certain technologies and once these technologies are replaced or upgraded, the license agreement you were operating under may be unintentionally compromised.
Not conducting regular internal software audits. Regular internal software audits can save businesses a lot of trouble. They can be executed any which way a business chooses - by acquiring a partnering business to examine the environment, or by walking around the office with a clipboard and pen. Whichever method a business chooses will help avoid compliance issues should an external audit be thrust upon your company.
An unclear software licensing policy inside an organisation can catch them unaware of potential licensing breaches. Multiple license types - open licensing, OEM, per device, per user, volume licensing, upgrade licensing etc, can make it decidedly tricky to understand what can and cannot be done with particular licenses. It is not difficult to breach an agreement if your team is not aware of the internal licensing policy.
Example: A business may buy 100 per-device licenses. If they “ghost” (or replicate) an image of one PC to create a standardised desktop, a new license will be required for each new system that the replicated image is loaded on to. The new system will still work without a new license, however “sharing” a license could be in breach of the original agreement.
Not establishing and enforcing software installation and usage policies can complicate software licensing issues from day one. Installation and usage policies are critical to outlining how software is to be utilised, shared, or acquired within a business. The usage policy will outline what is acceptable (or legal) and what is not. The consequences of breaching these policies also need to be communicated. The team inside a business needs to remember that operating outside of this policy may not just cost the business a lot of money, but could also unintentionally unleash damaging malicious utilities on the entire organisation.
Not dedicating the responsibility of compliance to an internal team or business partner will hinder a businesses ability to stay on top of their software licenses. Whilst allocating responsibility to one person inside a business creates bottlenecks and redundancy issues, an internal team or external business partner can strategise ways to ensure your organisations software is compliant by conducting regular preparatory audits as part of their regular business-as-usual activities.
BYOD can cause various non-compliance issues within an organisation. If the user chooses to utilise non-compliant software on their device (under the assumption that they own the device, and can do with it what they choose), but that device is audited as part of the operating pool of devices within an organisation, the business will likely be in breach of their agreement.
The issues above are a few common areas where businesses fall short of meeting the guidelines of licensing agreements. Have a discussion with your IT partner about ways to stay compliant, and avoid being on the wrong end of a software audit.
Percentage of organisations that are “accidental pirates” - using more software than they have paid for.
Percentage of organisations that were audited at some point in the last 18 months.
Percentage of organisations that were charged $1 million or more in the past year to true-up their licenses.
What Could Possibly Go Wrong?During the 2013 calendar year, 58% of 1800 executives surveyed from Australia, the USA and Europe said they had been audited by one specific major manufacturer of software, whilst 20-30% acknowledged that they had been audited by at least four other major software brands.
Of those who were audited, more than 20% incurred “true-up” costs of more than $1M, while the majority of respondents incurred costs of around $100K.
More than a quarter of those surveyed had manual methods for tracking software compliance, mainly through the use of spreadsheets and various document types, with only a third reporting to be using automatic tracking software.
Of those trying to monitor software compliance using manual methods, only 6% were satisfied with their methods overall! [Source: rcpmag.com]
How to Ensure ComplianceSchedule Regular Preparatory AuditsWhether this responsibility sits with an internal team or an external business partner, regular preparatory audits will save a business a lot of money and grief.
Allocate the TaskThe compliance of a businesses software agreements should be allocated as a regular responsibility. Be it to an internal or external party, the task needs to be owned by a team.
Communicate and Enforce Robust PoliciesCommunicating and enforcing precise policies around software usage, acquisition, and sharing will help to ensure your team operates in a software-compliant manner.
Explain the ConsequencesIt only takes a few seconds to download or update software online which may cost a business a small fortune. Explaining the consequences may reduce such actions.
Talk to Your Business Partner and SuppliersIT partners may learn of audit patterns through their networks. Keep the conversation open with them to ensure you get the heads up before you get the knock at the door.
