How to prepare for a software audit
June 30, 2011 at 1:35 PM
With software vendors pursuing audits more heavily than ever, according to recent Gartner research, enterprise IT executives must figure out how to get and stay in compliance with their licensing agreements. Toward that end, Gartner recommends that organizations that don’t already have asset management processes, procedures, tools and funding in place get them now.
“Organizations must fund IT asset management disciplines or will risk high, unexpected financial liability due to software compliance problems. Having good asset management can reduce the time and pain of a software vendor audit,” Gartner says in recent analysis of a software audit survey it conducted with IT financial, procurement and asset managers.
Based on his experience working with companies that have embraced IT asset management, Steve Schmidt, vice president of corporate development at Flexera Software, agrees. “You can’t wait to be audited,” he says. Rather, he adds, “organizations have got to plan ahead for an audit event and have processes in place before that occurs.”
“Don’t wait to be audited” is the first of five best practices Schmidt recommends around software audits. The second, “seek a continuous audit compliance environment, follows out of that.
“You can’t just plan around an audit event but make sure there’s an automated mechanism for maintaining that compliance. This includes being able to generate reports that show compliance,” Schmidt says.
As a third best practice, implement the next generation of software assessment management, Schmidt suggests. “You don’t want to determine just what’s installed in the environment – that’s not enough information,” he says. “You need to know what is actually being used and what you’re entitled to use and then be able to tie those two pieces of data together to provide business intelligence on how to optimize your license estate.”
Fourth, start with the areas of greatest spend and greatest risk, Schmidt advises.
“What I mean by this,” he says, “is pick a top few applications to begin with, have your successes there and then move on to others. You don’t need to address all applications immediately, although it’s good to have a plan on how to address many or all of them over time.”
Lastly, Schmidt says he encourages taking a broad view across the organization. In the case where one department is over licensed and another is under licensed and out of compliance, an organization may be able to leverage assets among departments, he explains.
On the latter point, Schmidt says some software vendors will let customers remix the set of titles and entitlements they have to achieve balance and optimize their license positions. “By taking a broad view across the organization, these opportunities might present themselves,” he says.
Beth Schultz , contributing editor, has more than two decades of experience as an IT writer and editor. You can find her work at a number of leading IT publications, where she writes on a variety of topics including cloud computing, mobility, network/systems management and security. Find her Linkedin profile here or e-mail her here.
Please add a comment