CXO

How to prepare for an IT vendor's software license audit

One of the most frustrating tasks for an IT leader is to prepare for a vendor audit. Here's how to make it more bearable.

In today's environment, it's commonplace for software companies to audit customers' compliance with license contract terms. In a survey that industry analyst firm Gartner conducted, more than 61 percent of the respondents said they experienced at least one software audit in the past 12 months. Constellation Research reported a 32-percentage point gain in software audits since Q1 2008. IT asset managers have to ensure that their organizations are always ready to face an IT vendor's audit. However, one of the most frustrating tasks is to prepare for a vendor audit. Why?

Preparing for a vendor audit is a nightmare

In an ideal world, IT asset managers would prepare for vendor audits by using their IT asset management (ITAM) systems or their IT operations systems (such as Microsoft System Center Configuration Manager or HP Open View). They would run the reports in these systems which detailed every product they licensed and installed. Then, managers would use this data to determine whether they are in compliance, they need to buy additional licenses, or they need to uninstall unused licenses to become compliant. However, things are never that easy. Why? There are two key reasons:

  • Purchased versus installed: If you've been working with a vendor like Adobe, as an example, many of your employees may have purchased the Adobe Creative Suite, Master Suite or Design Suite. Other users may have installed individual products such as Photoshop or Illustrator. This means your ITAM systems and your operational systems are no longer speaking the same language. Your asset management system thinks you have Creative Suite, Master Suite, Design Suite, Photoshop and Illustrator from Adobe, but your operational system can only see Photoshop and Illustrator. So how do you compare what you purchased to what you have installed or are using?
  • Vendor and product discrepancies: Your ITAM system says that you purchased Dreamweaver, made by the vendor MacroMedia (since acquired by Adobe), but your operational system, which extracts much of its information about the software directly from the software's executable files, says that the Dreamweaver product is from Adobe. In addition, your ITAM system tells you that a few Illustrator licenses are from the vendor Adobe, some from the vendor Adobe Inc. and some more from Adobe Corp. Such discrepancy makes it almost impossible to get accurate information from the systems without a lot of manual reconciliation.

Actual cost of true-up

If you determine that you are no longer in compliance, you now have to figure out the lowest cost of true-ups that will ensure compliance while meeting your business requirements. Unfortunately, most companies overpay for true-ups because they are missing the following information:

  • Compatibility information - If you're spending money to acquire new licenses, you might as well make sure the software is forward compatible with your other IT system plans such as Windows 7.
  • Suite information - If the software in question can be purchased as a part of a suite, you want to know which licensing alternatives will achieve compliance at the lowest possible cost.
  • Support information - Why would you spend money trueing-up on a software version that is due to expire soon? Purchase the latest versions instead and budget for that as a part of the true-up plan.

Vendor audit preparation as easy as 1-2-3

The fastest way to prepare for an IT audit is to first prepare your systems to give you the information you need to clearly understand your state of compliance with license contracts. You can't get this information from your systems unless you can address the inconsistency and gaps in the data. For example, your purchasing systems describe an IT asset in one way, planning systems describe the same asset in another way, and IT inventory and configuration management tools in yet another. In addition, these systems don't have external market information such as support lifecycles, vendor information, licensing details, hardware specifications, etc.

In order to solve the problem, the first step you should take is to normalize the data in these systems by using a reference catalog and leveraging it to update and correct vendor names, make product names consistent, and align version information. Then, you can use the same reference catalog to enrich the system data in these systems by adding the missing market data information, including support information, license details, compatibility information, and more.

The result is that the data from your various IT systems now speaks the common language of IT. It now contains a set of correct and complete information, which you can either use as-is or load back into your IT operational or reporting systems. With the data normalized, you can now pull a report that quickly shows how compliant you are with the license contract and if not, determine the least expensive way to become compliant while keeping your business and technical plans in sight. Software audits will no longer be painful; instead you will find yourself ready to engage in a conversation with the vendor on license compliance anywhere, anytime.

Walker White is the chief technology officer of BDNA Corporation, creators of Technopedia, the world's largest IT reference catalog, with more than 450,000 hardware and software products listed from over 11, 000 vendors.

Editor's Picks