Publisher audits are practically inevitable. In fact, research shows 48% of publishers generate 4% or more of their annual software revenue from their license compliance program.
In previous articles, we provided guidance on how to maintain a Software Asset Management practice as well as signs of an upcoming audit, all to help prep you in the event of a publisher audit. Today, to help us stay ahead of publisher audits, we’ll listen to the wisdom of the ancient Chinese military general, Sun Tzu: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”
Know Thy Enemy – Understanding the Publisher’s Perspective on Software Audits
A software audit is a request by a software publisher to verify that a business is using software owned by the publisher in a manner consistent with an agreed software license or general copyright law. In other words, when you signed a license agreement, such as a Microsoft Enterprise Agreement or VMware Enterprise License Agreement, you agreed to specific terms which the publisher wants to ensure you have not violated.
Audits can be broken down into three general categories:
- Commonly referenced as Audit, Review, SAM Review, Assessment, Self-Audit, or Friendly Audit
- Initiated adhoc during sales process
- These are voluntary audits to gain a better understanding of the license environment
- Commonly referenced as Audit or True-up
- These are written into the contract
- Occur at a pre-determined time
- Commonly referenced as, well, an Audit..
- Initiated as a breach of intellectual property
- The organization in question is legally obligated to participate
Know Thyself – Preparing Yourself for the Publisher Audit
One of the first lessons we received in Driver’s Ed was the promise that being involved in a car accident is not a matter of “if,” but a matter of “when,” and that we should always buckle our seatbelts to safeguard ourselves from serious injury. As indicated above, at some point or another your organization is going to receive an audit; it is not a matter of “if,” but a matter of “when,” and you can most certainly take extensive measures to safeguard yourself from serious damage:
- Keep track of Proof of Entitlement for every piece of software in use
- Enforce policy about who can install any software you use, and how it can be used
- Know the terms of your license, how users or installations are to be counted, and the quantity of licenses needed
- Keep an ongoing inventory of all the software you have deployed, and regularly compare it to what you own
Perhaps you’re hoping you just won’t get audited. However, publishers understand that licensing terms are incredibly complex and niche, and use the customer’s lack of clarity to their advantage during sales processes or contract negotiations.There are 5 key ideas to keep in mind throughout the audit process:
- When you get the audit letter..
- Provide a copy to your corporate legal department or attorney. Do not respond to any communication without first seeking legal counsel.
- Be sure to request from the publisher..
- Under what contractual document is the publisher making their request?
- What is the scope of their request, and how are they arriving at that scope?
- Who will perform the audit, and how will they gather data?
- Will the publisher accept data from a 3rd party asset management system?
- Once the audit begins..
- Request a report of all the entitlements the publisher will consider for the audit
- Verify the entitlement reports against your purchase records
- Do not allow purchases of any kind with the publisher to move forward
- Audit the auditors..
- Verify any discovered data with your own tool
- Consult with an outside licensing expert to evaluate your usage rights
- Examine any publisher proposed metrics against your contract terms
- When all the papers are signed, and any license shortage is resolved..
- Start preparing for your next audit.
As referenced in our previous signs of an upcoming audit blog, a publisher that has been rewarded with revenue in an audit will be back again for more. Likewise, if one publisher identified your company as an attractive audit target, it is very likely other publishers will too.