Software Audit Defense

Software compliance audits can be time consuming and expensive. BLC can help.
Home / Software Audit Defense
Audits disrupt operations and can result in significant unplanned expenditures.

As software companies pursue revenue growth, compliance audits have become a source of additional license income and a means to push new products or subscription services. License agreements are complex, ambiguous, and differ in the metrics used to determine compliance.

The vendor has the upper hand in an audit because they:
  • Have insight into the more nuanced areas of their software license terms
  • Provide the tools for discovery (which sometimes “discover” more than they purport)
  • Are financially motivated to upgrade your enterprise agreements, sell new products or lock in multi-year cloud-based subscription services.

At best, the time spent defending your organization represents an opportunity cost by drawing resources away from revenue-generating or mission-based activities. At worst, an audit also results in financial penalties, unbudgeted purchases or disadvantageous and costly multi-year changes to license agreements.

SAM Programs

Not all audits start with a software compliance audit letter. Some seem innocuous, even helpful, like a software asset management (SAM) program. SAM engagements are touted by vendors as a way to optimize licenses by providing the vendor with an inventory of your software assets to evaluate their use in your environment and make recommendations. Of course, vendors are not financially motivated to identify areas of under-utilization but can quickly spot over-utilization. It is critical to protect your organization by having a thorough understanding of your SAM programs, licenses, entitlements and with documented evidence of software purchases, deployments and commitments.

BLC uses a four phase approach for Software Audit Defense:

BLC Process

Assess:

Engage with vendor and auditor to understand and document the audit scope, instructions and to review the vendor’s discovery tools. (This is critical, as audit scripts often take advantage of system access to “discover” products outside of the audit scope.)

Analyze:

BLC utilizes proprietary tools and data science techniques to research and develop an enterprise license position, considering agreements, entitlements, licenses, commitments and usage.

Our asset management and licensing experts thoroughly analyze the results of the vendor’s audit discovery tools, spreadsheets, calculations and assumptions for accuracy and relevance, to assure accuracy before any information is sent to the auditors. Having a well-researched and documented license position not only reduces costs on your current audit, it decreases the likelihood that you’ll be audited again in the near future.

Advise:

BLC’s role is to protect the interests of our client. Together, we review the detailed results of the analysis phase and develop a response and action plan:

  • Challenge inaccurate or out-of-scope findings
  • Expose vendor assumptions, miscalculations or inaccuracies
  • Provide confidence in the response strategy through evidence-based documentation

Achieve:

The objective of the Achieve phase is to not only negotiate the most favorable audit outcome, but to build an ongoing plan of action to mitigate risk, including self-audit monitoring processes and tools.

With BLC as your audit defense partner, you’ll save time, money and a lot of frustration.
BLC Software Audit Services

Vendors systematically audit customers, prioritizing the best opportunities. Customers attract the attention of the vendor when purchase patterns change, agreements are not renewed, mergers or acquisitions are announced, and when they learn of projects that could change the technology footprint. Even a simple call to vendor support can trigger an audit.

Common Audit Challenges:
  • Complicated and misunderstood licensing terms
  • Undocumented or even renegade environments
  • Assumptions made on an incorrect understanding of license ownership
  • Scattered purchasing documentation
  • Virtualized, cloud, or shared implementations
  • Incorrect or changing server specifications
  • Pirated, temporary, or trial installs on servers or workstations
  • Environments exposed to external or public users
  • Forgotten or incorrect true-ups

Common Audit Errors:
  • Incorrect information sent to auditors
  • Using the last renewal as an entitlement report
  • Not optimizing virtualized environments
  • Unchecked communications that confuse or alert auditors
  • Dependence on the auditor’s tools without running in-house scan tools
  • Sending unrestricted data or supporting information beyond the fields or environments requested
  • Reporting installs outside of the publishers and product scope
  • Incorrectly indicating software versions such that install counts are inflated
  • Not filtering phantom installs like trial versions, uninstalled versions



Connect with us Engagement Models



Partnering with BLC puts your resources to their highest use: Your teams stay focused on mission-based, profitable and strategic initiatives while we focus on savings. Those savings can then be directed to priorities within IT, organizationally, or to the bottom line.

Maximizing value is all we do: We review and negotiate hundreds of license and maintenance agreements, true-ups, audits and proposals annually. Individual organizations manage these events as they arise - we see them every day.

Broad insight: Our clients span a wide range of industries including healthcare, insurance, education, banking, logistics and retail. With over a decade of experience, we have insight into best-in-class agreements, arrangements and solutions to position IT as a value-driving entity.