Prepare and Defend Against a Software Audit

Audit defense starts long before you get audited. Negotiating your vendors’ audit rights and maintaining a documented consolidated licensing position ensure that you are not blindsided by a sudden audit request.
Notification of an impending audit can cause panic. Don't panic. While the notification will be full of strong language, your best chance of success is to take control of the situation. Prepare a measured response that buys you enough time to get your house in order before you let the vendor in.
If a free software asset review sounds too good to be true, then it probably is. If a vendor or one of its partners offers up a free software asset management engagement, they aren’t doing so out of the goodness of their heart — they expect to recoup their costs (and then some) from identified license discrepancies.

Our Advice

Critical Insight

The amount of business disruption depends on the scope of the audit, and the size and complexity of the organization coupled with the contractual audit clause in the contract.
These highly visible failures can be prevented through effective software asset management practices.
As complexity of licensing increases, so do penalties. If the environment is highly complex, prioritize effort by likelihood of audit and spend.
Ensure electronic records exist for license documentation to provide fast access for audit and information requests
Verify accuracy of discovered data. Ensure all devices on the network are being audited. Without a complete discovery process, data will always be inaccurate.

Impact and Result

Being able to respond quickly with accurate data is critical. When deadlines are tight, and internal resources don’t exist, hire a third party as their experience will allow a faster response.
Negotiate terms of the audit such as deadlines, proof of license entitlement, and who will complete the audit.
Create a methodology to quickly and efficiently respond to audit requests.
Conduct annual internal audits.
Have a designated cross-functional IT audit team.
Prepare documentation in advance.
Manage audit logistics to minimize business disruption.
Dispute unwarranted findings.

Prepare and Defend Against a Software Audit Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should be prepared and ready to defend against a software audit, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Prepare and Defend Against a Software Audit – Executive Brief

1. Prevent an audit

Begin your proactive audit management journey and leverage value from your software asset management program.

2. Prepare for an audit

Prepare for an audit by effectively scoping and consolidating organizational response.

3. Conduct the audit

Execute the audit in a way that preserves valuable relationships while accounting for vendor specific criteria.

4. Manage post-audit activities

Conduct negotiations, settle on remuneration, and close out the audit.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

Client

Experience

Impact

$ Saved

Days Saved

Testimonial

Chief Industries, Inc.

Guided Implementation

10/10

$32,499

This conversation was very beneficial. We learned some things that we expect will save us some stress as well as financially. Excited to have ano... Read More

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Table of Contents

Need Extra Help?
Speak With An Analyst

Get the help you need in this 4-phase advisory process. You'll receive 13 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Prevent an audit

Call 1: Red flags leading to increased odds of an audit
Call 2: Maturity assessment and conducting an internal audit
Call 3: Structuring and preparing an audit team

Guided Implementation 2: Prepare for an audit

Call 1: Steps to take upon notification
Call 2: Examine the various engagement requests from self-audit to formal
Call 3: Defining the scope and how to respond

Guided Implementation 3: Conduct the audit

Call 1: Overview of processes conducted
Call 2: Kick off and discuss the confirmed audit scope
Call 3: Prioritize business continuity
Call 4: Working with auditor personality types

Guided Implementation 4: Manage post-audit activities

Call 1: Discuss the results of the audit
Call 2: Discuss the validity of the findings
Call 3: Negotiation terms and close out

Authors

Scott Bickley

Aadil Nanji

Contributors

Filip Lauwereys, ASIST
Richard Spithoven, B.Lay
Max Ablimit, Tarim Consulting, LLC
Eric Chiu, HW Fisher & Company
Three anonymous company contributors

Search Code: 79315
Last Revised: March 14, 2016

TAGS:

SAM, software asset management, vendor management, vendor, software purchasing negotiation, licensing, Microsoft, IBM, Oracle, audit procedures, license agreement