Are you a target for a software audit?

According to IT analyst firm, Gartner, the average organization now stands around a 55 per cent chance of being audited by at least one software vendor in any given 12-month period.  In plain English, that means you are now more likely than not to face at least one software audit in 2012. But what is it that makes you a target for a vendor software audit?  Is it just chance, or is there some method behind the vendors’ selection process?

Research conducted earlier this year by global accounting firm, Ernst & Young, asked eight large software vendors what criteria they employed when selecting customer organizations to audit.  The responses make for interesting reading, and can be turned into helpful advice to both help identify whether your organization is a current target, as well as what you might be able to do in the future to avoid being on the receiving end of an audit request.

Inconsistency in purchasing patterns – 75% of vendors question cited odd purchasing histories as a major criteria when deciding which customers should receive an audit request. Organizations with sporadic or unpredictable buying patterns are more likely to be audited than those that make regular purchases through selected resellers or who procure through a volume licensing agreement.

History of poor license compliance – perhaps unsurprisingly, 50% of vendors cited previous transgressions as reasonable cause to suspect that future audits might be required.  Put simply, until an organization has built up a track record of responding positively to audits and showing that they have good practices and data in place, it is more likely that they will be audited on a regular basis. 

Size of customer – 50% of vendors said size was a factor in determining whether an audit was in order. The Ernst & Young survey didn’t go into any further detail, but logic would suggest that it is mid-sized organizations that are most at risk.  Too small and it’s not worth the vendor effort in engaging, too large and the customer is more likely to have an all-encompassing enterprise-wide licensing contract in place, and the process of auditing could become too complex.  But if you’re between 500 and 10,000 seats, you’re probably most at risk.

Mergers & Acquisitions – a quarter of vendors said that organizations that have merged or made acquisitions are more likely to receive an audit request.  Again, the logic is obvious; M&As cause all sorts of logistical challenges, not least of which surrounds the ownership and responsibility for software licenses.  This highlights the importance of a proactive approach to SAM when undertaking any kind of merger or acquisition –  it’s far easier to manage through the M&A process, rather than trying to catch-up retrospectively!

Number of countries operating in – Just 13% (i.e. one of the eight vendors) mentioned that the number of countries an organization had a presence in could have a bearing on the likelihood that they would be asked to complete an audit.  Again, logic dictates that dispersed organizations are less likely to have centralized software license procurement and so could be more at risk of compliance failures.

The results from the Ernst & Young survey are hardly surprising; but they do provide some useful insight into how vendors go about selecting organizations to audit – and thus what steps customers can take to make themselves look less ‘attractive’.  Key among these has to be better Software Asset Management practices and processes, which would themselves prevent inconsistent purchasing habits and would show a commitment to SAM that should avoid creating poor audit histories.

To read more of the Ernst & Young report, ‘Software compliance with tears’, visit: http://www.ey.com/UK/en/Services/Advisory/IT-Risk-and-Assurance

Tags: ,
Ben Eagling

Ben Eagling

Leave a Reply