SlideShare a Scribd company logo

Software License Audit Preparation

N
NPI_Spend_Mgmt

The document discusses preparing for and conducting software license audits. It notes that software vendors are increasingly conducting audits both to ensure compliance and as a revenue stream. The document outlines common reasons for unintentional non-compliance, such as changes in licensing terms or upgrades/downgrades. It recommends companies conduct internal self-audits using the same scrutiny as vendors to identify issues and develop remediation plans. Engaging specialists experienced in vendor licensing can help optimize audit outcomes through identifying compliance gaps, interpreting terms favorably, and negotiating penalties.

Technology
1 of 5
Download to read offline
SmartSpend TM Bulletin Preparing for a Software License Audit npifinancial.com ©2017 NPI, llc. All Rights Reserved. Are you ready to be audited by your enterprise software vendors? If not, it’s time to prepare. The frequency of vendor audits is skyrocketing. Fortunately, there are steps enterprises can take before and during an audit to ease compliance concerns and minimize unexpected license fees and penalties. Chances are most enterprises will undergo a major IT vendor audit in the near future. Cloud computing and the proliferation of mobile devices throughout the enterprise has fundamentally transformed how businesses integrate, access, consume and pay for information technology. Add virtualization and frequently changing product use rights to the equation and this new landscape is a recipe for non-compliance. Vendors’ decisions to audit more customers, more frequently is not without justification. Many companies – if not most – are unintentionally out of compliance with their licensing agreements. The corporate IT ecosphere is growing and it has become more difficult to track and monitor software license usage. KPMG has reported that 52 percent of software vendors surveyed felt their losses incurred through unlicensed use of software equaled more than 10 percent of their company’s revenue. It’s no wonder that the likes of Microsoft, SAP, Oracle and others levy seven-figure penalties on their largest enterprise customers. Another major factor driving audit activity is the migration of traditionally on-premise vendors to the cloud. During the transition, there is typically a dip in revenues as purchases shift from one-time perpetual license fees to annual subscription fees. Audits are a meaningful revenue stream to fill the gap. IT and sourcing executives should take heed. If you haven’t undergone a major software audit recently, expect one soon. For vendors, it’s no longer a matter of contractual compliance – it’s a profit center.
2 SmartSpendTM Bulletin npifinancial.com ©2017 NPI, llc. All Rights Reserved. Unintentional Non-Compliance – How Does it Happen? Few enterprises willingly engage in rampant, non-compliant license use. So, how is it that most companies today would be found out of compliance if they underwent a major software audit? The most common reasons are: • You bought software for one reason, now you use it for another. Certain license types, such as limited use licenses, can only be used in non-production environments like development, testing or failover. Companies often purchase these licenses over full use licenses to obtain a pricing discount. Then, months or years later they discover their limited use licenses are being used for production use purposes like internal data processing operations. • No one told you the product use rights changed. Product use rights can change at any time, and the rate of change is growing among larger IT vendors. For example, during recent contract negotiations and audits, SAP and Oracle are asking some clients to purchase additional licenses for third-party application access. A business with 100 Salesforce.com licenses that need to access information from SAP may now be required to buy 100 additional licenses. It’s only been in the last few years that the vendors have begun to interpret “indirect access” this way and attempted to enforce it with clients. • Your definition is different from the vendor’s. Licensing programs and definitions have changed dramatically over the last several years. What constitutes a qualified user or device (Microsoft)? What about a concurrent user or a floating user (IBM)? What’s the difference between an application specific full use license or an embedded software license (Oracle)? Any misinterpretation can unwittingly throw a customer out of compliance. • You upgraded your software. Or maybe you downgraded. If you upgrade or downgrade your software, which product use rights apply – the rights that came with your original purchase, or the rights that came with your up/downgrade? How will your support and maintenance agreement be impacted? Well, it varies and it can be confusing, depending on your vendor. Here is a headache-inducing example from Microsoft’s Volume Licensing Blog: Let’s continue using the same example above with SharePoint 2013 Server licenses purchased on an Agreement/Enrollment started in December 2012. With these licenses,let’s say you also purchased Software Assurance (SA) coverage, which aligns to the term of your Agreement/Enrollment. If during the term of your SA coverage, a new version of SharePoint Server is released and you decide to install/upgrade to the newest version – the PUR currently available when the new version is released will apply to your use of the new version. Please note that if you have rights to a new
version via SA coverage,and choose not to upgrade your software,you may choose to use the new PUR, or continue to use the PUR you were originally required to. However, if you upgrade your software,you will be required to use the new PUR as outlined above (unless the Product List says otherwise)….In some cases, customers buy a license through a Volume License program for current versions of products with the specific intent on downgrading to a prior version of that product.When this is the case, you must use the PUR in effect on the Agreement/Enrollment start date for the version you licensed –not the version you will downgrade to and deploy or run. The Auditing Top 5: Who’s Auditing Now? NPI has seen a marked increase in the number of audits being conducted by the following vendors: 1. Microsoft 2. SAP 3. Attachmate 4. Oracle 5. IBM
3 SmartSpendTM Bulletin npifinancial.com ©2017 NPI, llc. All Rights Reserved. • Virtualization. Virtualized environments are hotbeds for unintentional non- compliance as each vendor has very specific rules around how hosts and software are coupled and managed. For example, let’s say you have two physical Microsoft Windows Servers (2012), with two virtual sessions running on each. Using VMware’s tools, you move one virtual session from one server to the other. Soon thereafter, you want to move it back again. Unfortunately, Microsoft doesn’t allow “server mobility” beyond the first move. The virtual session can move one time (in this case from the first server to the second), but is then stuck on the second server for 90 days. In this instance, this is ground for non-compliance as Microsoft requires a new license to run three (rather than two) virtual sessions on one machine. • You unknowingly purchased software licenses from an ISV. More companies are turning to independent software and technology vendors for complex, industry- specific IT solutions (e.g., diagnostic equipment in healthcare, production floor technologies in manufacturing). In some cases, these solutions contain third party software that isn’t disclosed to the buyer and, therefore, isn’t on your asset management radar screen. • You don’t have a formal process and tools for distributing, licensing and managing licenses. Large enterprises often engage in checkbox license management. They invest in software asset (or license) management tools that provide limited auditing capabilities and limited visibility into license usage, and call it a day. Unfortunately, effective management of software licenses requires dedicated people and processes that ensure a 360-degree view and control over how licenses are purchased, distributed, harvested, archived and retired.As the complexity of IT and IT contracting increases, the need for formal asset and license management programs within the enterprise will become even more imperative. Before the Audit, Self-Audit If you’ve received an official audit request from your vendor, or have a sneaking suspicion you’ll receive one soon, or even if you’re looking to switch vendors – it’s imperative you conduct an internal self-audit before vendors initiate their process. Most vendors enlist third parties to conduct audits on their behalf (Oracle is one notable exception – they have a dedicated internal auditing department).These auditing teams are typically contracted from the consulting world’s power players (Deloitte, KPMG and Accenture, to name a few). They are financially motivated to find non- compliance, which they most often do. If material non-compliance is identified, in many cases the customer is required to cover the consultant’s fees in addition to any penalties incurred. Remember – the interests of the auditors are more aligned with those of the vendor than your own. There is no such thing as a friendly audit! With this in mind, enterprises should take all precautions to avoid or minimize the negative impacts an audit could have on their business. The most effective tactic is to conduct a preventive internal self-audit using the very same level of scrutiny that the vendor’s team would use – as well as similar tools and processes. Companies that lack the bandwidth or capabilities in-house should seek outside expertise. When is the right time for a self-audit? Most enterprise customers will be audited by at least one large software vendor in 2017. Conducting an internal self-audit before an official audit request arrives gives you more time to identify and remediate non- compliance, and minimize risk.
4 SmartSpendTM Bulletin npifinancial.com ©2017 NPI, llc. All Rights Reserved. At a minimum, the self-audit should involve the following activities: • Establish a formal license position. First, develop an accurate record of deployments. Then compare that to license entitlements to identify gaps. This requires a PhD in product use rights for each vendor as they are ground zero for non-compliance. Product use rights are complex, confusing (often intentionally) and are subject to change at any time. It’s important to point out that auditors perform this complex analysis in the vendor’s favor. Customers need to perform this same complex analysis in their own favor. Note: One benefit of having a formal license position at the ready is that, in some cases, a vendor will actually cancel an audit once they see the report. • Review and clarification of audit rights. Audit rights should be stipulated and agreed upon with every enterprise software vendor. They should specify how much time a company has to respond to a formal audit request, which vendor resources are authorized to audit, what tools will be used, what data has to be provided (and how soon) and how arbitration will be handled. By fully understanding audit rights prior to an official audit, companies can model their self-audit using the same rules of engagement that the vendor will use. • In the event of non-compliance, development of a remediation plan defining how compliance will be achieved. If material non-compliance is discovered during a self-audit, companies need to develop a remediation plan that takes into account their current and future software needs. Remediation can take many forms – tuning virtualization strategy, changing servers to avoid certain size “taxes,” making simple changes to eliminate unnecessary access that would drive user charges even when there is no actual usage, changing usage for certain constituencies because the cost outweighs the benefit, migrating to alternate solutions for certain constituencies, changing to alternate license types that are a better match for actual usage or, if no other alternative is practical, purchase additional licenses. Even if the outcome of a self-audit is the requirement to purchase licenses, companies have the ability to work through the funding challenges on their own cadence. Why Engage a Self-Audit Specialist In the best of circumstances, large software vendor audits are arduous and costly to the enterprise. They require time and human resources that are already stretched thin. And, when going head-to-head with vendors’ auditing teams, companies typically find themselves unable to defend their license position.Today’s IT and sourcing professionals need an ally with the vendor-specific licensing expertise, tools and proven processes that will help them optimize the outcome of a software license audit. As a third-party auditing consultant, NPI has a deep familiarity with the myriad ways that vendors foster non-compliance. Our understanding of changing product usage rights gives us the inside track into where companies are unwittingly falling out of compliance with their licensing agreements, and where auditors are incorrectly interpreting the situation (this occurs frequently). We use the same or similar tools and processes that the vendors use, and are able to understand, summarize and present
npifinancial.com ©2017 NPI, llc. All Rights Reserved. v1116.1 5 SmartSpendTM Bulletin NPI Headquarters 271 17th Street Suite 550 Atlanta, GA 30363 T 404-591-7500 F 404-591-7501 E info@npifinancial.com About NPI NPI is a spend management consulting firm that protects companies from overspending in three cost categories where pricing is opaque, complex and inconsistent – information technology, telecommunication and transportation. Using price benchmark data and vendor-specific cost reduction expertise, NPI helps clients assure that each purchase is priced at or below fair market value and program selection, licensing and business terms are cost-optimized. Reviewing more than 14,000 purchases annually, NPI provides objective oversight for billions of dollars of strategic spend for its clients. To learn more about how NPI can help your company start saving today, visit www.npifinancial.com or call 404-591-7500. the data that emerges to vendors in the most favorable way. NPI’s self-audit specialists have expert knowledge of the full range of solutions, terms and costs that are acceptable to vendors, as well as what they are willing to concede during post-audit negotiations. At NPI, we look at every audit from two perspectives – options for remediating current non-compliance (before the vendor finds it), and how clients can protect themselves from non-compliance in the future. We advise clients on license strategies and scenarios that are based on the enterprise’s current and future requirements. We also recommend license management processes and best practices, as well as help clients negotiate fair audit rights for future protection. NPI helps clients achieve significant reductions in compliance penalties through remediating non-compliance before an official audit is conducted, negotiating a less costly penalty post-audit, and optimizing licensing throughout the process – some, or all, of these factors may apply in each individual audit event. The cost reductions delivered by NPI are material, often exceeding 25 percent and, in some cases, reaching 90 percent. At a time when vendors are auditing more than ever before, this impact goes beyond financial measures. It’s a proven tactic for reducing risk across the IT organization, and protecting the capital and human resources that are otherwise committed to business operations and innovation.

Recommended

Software Licensing & Compliance: Two Strategies, One Goal
Software Licensing & Compliance: Two Strategies, One GoalSoftware Licensing & Compliance: Two Strategies, One Goal
Software Licensing & Compliance: Two Strategies, One GoalJeff Gustafson
 
7steps software-licensing
7steps software-licensing7steps software-licensing
7steps software-licensingsuyashawasthi
 
Software Licence Audits - Facts Survival Benefits
Software Licence Audits - Facts Survival BenefitsSoftware Licence Audits - Facts Survival Benefits
Software Licence Audits - Facts Survival BenefitsEric Chiu
 
Ais Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesAis Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesSharing Slides Training
 
Moving up the Software License Optimization Maturity Curve to Drive Business ...
Moving up the Software License Optimization Maturity Curve to Drive Business ...Moving up the Software License Optimization Maturity Curve to Drive Business ...
Moving up the Software License Optimization Maturity Curve to Drive Business ...Flexera
 
Cipher_Guide-To-Selecting-the-Right-CI-Software-Solution
Cipher_Guide-To-Selecting-the-Right-CI-Software-SolutionCipher_Guide-To-Selecting-the-Right-CI-Software-Solution
Cipher_Guide-To-Selecting-the-Right-CI-Software-SolutionBenjamin Decowski
 
How to Choose an Agency Management System
How to Choose an Agency Management SystemHow to Choose an Agency Management System
How to Choose an Agency Management SystemStrategic Insurance Software
 
Microsoft Licensing and Benefits
Microsoft Licensing and BenefitsMicrosoft Licensing and Benefits
Microsoft Licensing and BenefitsTechSoup
 

Recommended

Software Licensing & Compliance: Two Strategies, One Goal
Software Licensing & Compliance: Two Strategies, One GoalSoftware Licensing & Compliance: Two Strategies, One Goal
Software Licensing & Compliance: Two Strategies, One GoalJeff Gustafson
 
7steps software-licensing
7steps software-licensing7steps software-licensing
7steps software-licensingsuyashawasthi
 
Software Licence Audits - Facts Survival Benefits
Software Licence Audits - Facts Survival BenefitsSoftware Licence Audits - Facts Survival Benefits
Software Licence Audits - Facts Survival BenefitsEric Chiu
 
Ais Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesAis Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesSharing Slides Training
 
Moving up the Software License Optimization Maturity Curve to Drive Business ...
Moving up the Software License Optimization Maturity Curve to Drive Business ...Moving up the Software License Optimization Maturity Curve to Drive Business ...
Moving up the Software License Optimization Maturity Curve to Drive Business ...Flexera
 
Cipher_Guide-To-Selecting-the-Right-CI-Software-Solution
Cipher_Guide-To-Selecting-the-Right-CI-Software-SolutionCipher_Guide-To-Selecting-the-Right-CI-Software-Solution
Cipher_Guide-To-Selecting-the-Right-CI-Software-SolutionBenjamin Decowski
 
How to Choose an Agency Management System
How to Choose an Agency Management SystemHow to Choose an Agency Management System
How to Choose an Agency Management SystemStrategic Insurance Software
 
Microsoft Licensing and Benefits
Microsoft Licensing and BenefitsMicrosoft Licensing and Benefits
Microsoft Licensing and BenefitsTechSoup
 
Time & Attendance System Purchasing Guide - Purchasing.com
Time & Attendance System Purchasing Guide - Purchasing.comTime & Attendance System Purchasing Guide - Purchasing.com
Time & Attendance System Purchasing Guide - Purchasing.comPurchasing.com
 
Microsoft Licensing Overview
Microsoft Licensing OverviewMicrosoft Licensing Overview
Microsoft Licensing OverviewMotty Ben Atia
 
It For Dummies Kamens 081107
It For Dummies Kamens 081107It For Dummies Kamens 081107
It For Dummies Kamens 081107kamensm02
 
Microsoft audit defence gotchas check list
Microsoft audit defence gotchas check listMicrosoft audit defence gotchas check list
Microsoft audit defence gotchas check listMartin Thompson
 
Ibm odm fraud detection & management system
Ibm odm fraud detection & management systemIbm odm fraud detection & management system
Ibm odm fraud detection & management systemsflynn073
 
White Paper: DIY vs CIAM
White Paper: DIY vs CIAMWhite Paper: DIY vs CIAM
White Paper: DIY vs CIAMGigya
 
Vistacom in the Facilities Management Journal (September-October 2015)
Vistacom in the Facilities Management Journal (September-October 2015)Vistacom in the Facilities Management Journal (September-October 2015)
Vistacom in the Facilities Management Journal (September-October 2015)Destiny Heimbecker
 
17 domains
17 domains17 domains
17 domainsAllison Giddens
 
The Hidden Economics of Business Content - A Revelation by Union Bank
The Hidden Economics of Business Content - A Revelation by Union BankThe Hidden Economics of Business Content - A Revelation by Union Bank
The Hidden Economics of Business Content - A Revelation by Union BankPyramid Solutions, Inc.
 
Inside The Buyers Head Tim Clark May 4
Inside The Buyers Head Tim Clark May 4Inside The Buyers Head Tim Clark May 4
Inside The Buyers Head Tim Clark May 4SIIA12
 
InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings Data Resolve Technologies Pvt. Ltd.
 
Microsoft Licensing Options
Microsoft Licensing OptionsMicrosoft Licensing Options
Microsoft Licensing OptionsJon Jensen
 
Dit yvol5iss36
Dit yvol5iss36Dit yvol5iss36
Dit yvol5iss36Rick Lemieux
 
Aligning Business Models And Technology Architectures Ore Dev Conferenc...
Aligning Business Models And Technology Architectures Ore Dev Conferenc...Aligning Business Models And Technology Architectures Ore Dev Conferenc...
Aligning Business Models And Technology Architectures Ore Dev Conferenc...Enthiosys Inc
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of SecurityNetwork Intelligence India
 
Licensing
LicensingLicensing
Licensingbalekai100
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Managementicomply
 
Microsoft Software Assurance
Microsoft Software AssuranceMicrosoft Software Assurance
Microsoft Software AssuranceMotty Ben Atia
 
IT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software EngineeringIT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software EngineeringShiv Koppad
 
Removing-the-cost-coding-errors-in-building-materials
Removing-the-cost-coding-errors-in-building-materials Removing-the-cost-coding-errors-in-building-materials
Removing-the-cost-coding-errors-in-building-materialsBenjamin Kyalo
 
Reportagem especial marketing esportivo 14.10
Reportagem especial marketing esportivo 14.10Reportagem especial marketing esportivo 14.10
Reportagem especial marketing esportivo 14.10Meio & Mensagem
 
Laborge magic fruit back
Laborge magic fruit backLaborge magic fruit back
Laborge magic fruit backLaborge Laboratories
 

More Related Content

What's hot

Time & Attendance System Purchasing Guide - Purchasing.com
Time & Attendance System Purchasing Guide - Purchasing.comTime & Attendance System Purchasing Guide - Purchasing.com
Time & Attendance System Purchasing Guide - Purchasing.comPurchasing.com
 
Microsoft Licensing Overview
Microsoft Licensing OverviewMicrosoft Licensing Overview
Microsoft Licensing OverviewMotty Ben Atia
 
It For Dummies Kamens 081107
It For Dummies Kamens 081107It For Dummies Kamens 081107
It For Dummies Kamens 081107kamensm02
 
Microsoft audit defence gotchas check list
Microsoft audit defence gotchas check listMicrosoft audit defence gotchas check list
Microsoft audit defence gotchas check listMartin Thompson
 
Ibm odm fraud detection & management system
Ibm odm fraud detection & management systemIbm odm fraud detection & management system
Ibm odm fraud detection & management systemsflynn073
 
White Paper: DIY vs CIAM
White Paper: DIY vs CIAMWhite Paper: DIY vs CIAM
White Paper: DIY vs CIAMGigya
 
Vistacom in the Facilities Management Journal (September-October 2015)
Vistacom in the Facilities Management Journal (September-October 2015)Vistacom in the Facilities Management Journal (September-October 2015)
Vistacom in the Facilities Management Journal (September-October 2015)Destiny Heimbecker
 
The Hidden Economics of Business Content - A Revelation by Union Bank
The Hidden Economics of Business Content - A Revelation by Union BankThe Hidden Economics of Business Content - A Revelation by Union Bank
The Hidden Economics of Business Content - A Revelation by Union BankPyramid Solutions, Inc.
 
Inside The Buyers Head Tim Clark May 4
Inside The Buyers Head Tim Clark May 4Inside The Buyers Head Tim Clark May 4
Inside The Buyers Head Tim Clark May 4SIIA12
 
Microsoft Licensing Options
Microsoft Licensing OptionsMicrosoft Licensing Options
Microsoft Licensing OptionsJon Jensen
 
Aligning Business Models And Technology Architectures Ore Dev Conferenc...
Aligning Business Models And Technology Architectures Ore Dev Conferenc...Aligning Business Models And Technology Architectures Ore Dev Conferenc...
Aligning Business Models And Technology Architectures Ore Dev Conferenc...Enthiosys Inc
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Managementicomply
 
Microsoft Software Assurance
Microsoft Software AssuranceMicrosoft Software Assurance
Microsoft Software AssuranceMotty Ben Atia
 
IT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software EngineeringIT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software EngineeringShiv Koppad
 
Removing-the-cost-coding-errors-in-building-materials
Removing-the-cost-coding-errors-in-building-materials Removing-the-cost-coding-errors-in-building-materials
Removing-the-cost-coding-errors-in-building-materialsBenjamin Kyalo
 

What's hot (20)

Time & Attendance System Purchasing Guide - Purchasing.com
Time & Attendance System Purchasing Guide - Purchasing.comTime & Attendance System Purchasing Guide - Purchasing.com
Time & Attendance System Purchasing Guide - Purchasing.com
 
Microsoft Licensing Overview
Microsoft Licensing OverviewMicrosoft Licensing Overview
Microsoft Licensing Overview
 
It For Dummies Kamens 081107
It For Dummies Kamens 081107It For Dummies Kamens 081107
It For Dummies Kamens 081107
 
Microsoft audit defence gotchas check list
Microsoft audit defence gotchas check listMicrosoft audit defence gotchas check list
Microsoft audit defence gotchas check list
 
Ibm odm fraud detection & management system
Ibm odm fraud detection & management systemIbm odm fraud detection & management system
Ibm odm fraud detection & management system
 
White Paper: DIY vs CIAM
White Paper: DIY vs CIAMWhite Paper: DIY vs CIAM
White Paper: DIY vs CIAM
 
Vistacom in the Facilities Management Journal (September-October 2015)
Vistacom in the Facilities Management Journal (September-October 2015)Vistacom in the Facilities Management Journal (September-October 2015)
Vistacom in the Facilities Management Journal (September-October 2015)
 
17 domains
17 domains17 domains
17 domains
 
The Hidden Economics of Business Content - A Revelation by Union Bank
The Hidden Economics of Business Content - A Revelation by Union BankThe Hidden Economics of Business Content - A Revelation by Union Bank
The Hidden Economics of Business Content - A Revelation by Union Bank
 
Inside The Buyers Head Tim Clark May 4
Inside The Buyers Head Tim Clark May 4Inside The Buyers Head Tim Clark May 4
Inside The Buyers Head Tim Clark May 4
 
InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings InDefend-Integrated Data Privacy Offerings
InDefend-Integrated Data Privacy Offerings
 
Microsoft Licensing Options
Microsoft Licensing OptionsMicrosoft Licensing Options
Microsoft Licensing Options
 
Dit yvol5iss36
Dit yvol5iss36Dit yvol5iss36
Dit yvol5iss36
 
Aligning Business Models And Technology Architectures Ore Dev Conferenc...
Aligning Business Models And Technology Architectures Ore Dev Conferenc...Aligning Business Models And Technology Architectures Ore Dev Conferenc...
Aligning Business Models And Technology Architectures Ore Dev Conferenc...
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
 
Licensing
LicensingLicensing
Licensing
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Management
 
Microsoft Software Assurance
Microsoft Software AssuranceMicrosoft Software Assurance
Microsoft Software Assurance
 
IT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software EngineeringIT Asset Management System for UL-Software Engineering
IT Asset Management System for UL-Software Engineering
 
Removing-the-cost-coding-errors-in-building-materials
Removing-the-cost-coding-errors-in-building-materials Removing-the-cost-coding-errors-in-building-materials
Removing-the-cost-coding-errors-in-building-materials
 

Viewers also liked

Reportagem especial marketing esportivo 14.10
Reportagem especial marketing esportivo 14.10Reportagem especial marketing esportivo 14.10
Reportagem especial marketing esportivo 14.10Meio & Mensagem
 
Dueitt Middle School Meet In The Middle In Sports Report
Dueitt Middle School Meet In The Middle In Sports ReportDueitt Middle School Meet In The Middle In Sports Report
Dueitt Middle School Meet In The Middle In Sports ReportMary Jane Carvell
 
Independencia de méxico
Independencia de méxicoIndependencia de méxico
Independencia de méxicojimmyRios500
 
Dueitt March 9, 2010 Meeting
Dueitt March 9, 2010 MeetingDueitt March 9, 2010 Meeting
Dueitt March 9, 2010 MeetingMary Jane Carvell
 
WORKFLOW
WORKFLOW WORKFLOW
WORKFLOW TW Carl
 
Types of maternity bras [infographic]
Types of maternity bras [infographic]Types of maternity bras [infographic]
Types of maternity bras [infographic]cakematernity
 
Transcript three pages
Transcript three pagesTranscript three pages
Transcript three pagesRod Wise
 
Social studies abc book
Social studies abc bookSocial studies abc book
Social studies abc bookMarcie Stewart
 

Viewers also liked (15)

Reportagem especial marketing esportivo 14.10
Reportagem especial marketing esportivo 14.10Reportagem especial marketing esportivo 14.10
Reportagem especial marketing esportivo 14.10
 
Laborge magic fruit back
Laborge magic fruit backLaborge magic fruit back
Laborge magic fruit back
 
Dueitt Middle School Meet In The Middle In Sports Report
Dueitt Middle School Meet In The Middle In Sports ReportDueitt Middle School Meet In The Middle In Sports Report
Dueitt Middle School Meet In The Middle In Sports Report
 
J Denys Profile
J Denys ProfileJ Denys Profile
J Denys Profile
 
Currículum vitae
Currículum vitaeCurrículum vitae
Currículum vitae
 
Independencia de méxico
Independencia de méxicoIndependencia de méxico
Independencia de méxico
 
Dueitt March 9, 2010 Meeting
Dueitt March 9, 2010 MeetingDueitt March 9, 2010 Meeting
Dueitt March 9, 2010 Meeting
 
Santhosh_ Production Support_
Santhosh_ Production Support_Santhosh_ Production Support_
Santhosh_ Production Support_
 
RESUME
RESUMERESUME
RESUME
 
Chast 1
Chast 1Chast 1
Chast 1
 
Aguia
AguiaAguia
Aguia
 
WORKFLOW
WORKFLOW WORKFLOW
WORKFLOW
 
Types of maternity bras [infographic]
Types of maternity bras [infographic]Types of maternity bras [infographic]
Types of maternity bras [infographic]
 
Transcript three pages
Transcript three pagesTranscript three pages
Transcript three pages
 
Social studies abc book
Social studies abc bookSocial studies abc book
Social studies abc book
 

Similar to Software License Audit Preparation

Why Choose the Nalpeiron Licensing Service vs. Building Your Own
Why Choose the Nalpeiron Licensing Service vs. Building Your OwnWhy Choose the Nalpeiron Licensing Service vs. Building Your Own
Why Choose the Nalpeiron Licensing Service vs. Building Your OwnJon Gillespie-Brown
 
What Does it Take to Achieve Software License Optimization?
What Does it Take to Achieve Software License Optimization?What Does it Take to Achieve Software License Optimization?
What Does it Take to Achieve Software License Optimization?Flexera
 
Finance :: Insurance Software Solutions - Build or Buy
Finance :: Insurance Software Solutions - Build or BuyFinance :: Insurance Software Solutions - Build or Buy
Finance :: Insurance Software Solutions - Build or Buytorpidpenitenti59
 
Software Audit Assist Introduction forLinkedIn
Software Audit Assist Introduction forLinkedInSoftware Audit Assist Introduction forLinkedIn
Software Audit Assist Introduction forLinkedInSean Gilbert
 
EY Software Asset Management Advisory
EY Software Asset Management AdvisoryEY Software Asset Management Advisory
EY Software Asset Management AdvisoryMohit Madan
 
9 Considerations Before You License a New ITSM Solution
9 Considerations Before You License a New ITSM Solution9 Considerations Before You License a New ITSM Solution
9 Considerations Before You License a New ITSM SolutionCherwell Software
 
Ais Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesAis Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development Strategiessharing notes123
 
10 things you need to know before buying manufacturing software
10 things you need to know before buying manufacturing software10 things you need to know before buying manufacturing software
10 things you need to know before buying manufacturing softwareMRPeasy
 
Increase ROI by Integrating an Enterprise App Store with your Software Licens...
Increase ROI by Integrating an Enterprise App Store with your Software Licens...Increase ROI by Integrating an Enterprise App Store with your Software Licens...
Increase ROI by Integrating an Enterprise App Store with your Software Licens...Flexera
 
Master Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleMaster Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleInfo-Tech Research Group
 
State of the Cloud Computing Marketplace
State of the Cloud Computing MarketplaceState of the Cloud Computing Marketplace
State of the Cloud Computing MarketplaceFlexera
 
Understanding True CRM Costs before Implementing an Enterprise Solution
Understanding True CRM Costs before Implementing an Enterprise SolutionUnderstanding True CRM Costs before Implementing an Enterprise Solution
Understanding True CRM Costs before Implementing an Enterprise Solutionwilliamsjohnseoexperts
 
A 3 Minute Guide to E-Procurement Software Selection
A 3 Minute Guide to E-Procurement Software SelectionA 3 Minute Guide to E-Procurement Software Selection
A 3 Minute Guide to E-Procurement Software SelectionMavenVista Technologies
 
How to Choose a Legal Document Automation Solution
How to Choose a Legal Document Automation SolutionHow to Choose a Legal Document Automation Solution
How to Choose a Legal Document Automation SolutionHelen Coyne
 
Pitfalls of Software Licenses (2)
Pitfalls of Software Licenses (2)Pitfalls of Software Licenses (2)
Pitfalls of Software Licenses (2)ravimohan2
 

Similar to Software License Audit Preparation (20)

Why Choose the Nalpeiron Licensing Service vs. Building Your Own
Why Choose the Nalpeiron Licensing Service vs. Building Your OwnWhy Choose the Nalpeiron Licensing Service vs. Building Your Own
Why Choose the Nalpeiron Licensing Service vs. Building Your Own
 
What Does it Take to Achieve Software License Optimization?
What Does it Take to Achieve Software License Optimization?What Does it Take to Achieve Software License Optimization?
What Does it Take to Achieve Software License Optimization?
 
Finance :: Insurance Software Solutions - Build or Buy
Finance :: Insurance Software Solutions - Build or BuyFinance :: Insurance Software Solutions - Build or Buy
Finance :: Insurance Software Solutions - Build or Buy
 
Software Audit Assist Introduction forLinkedIn
Software Audit Assist Introduction forLinkedInSoftware Audit Assist Introduction forLinkedIn
Software Audit Assist Introduction forLinkedIn
 
EY Software Asset Management Advisory
EY Software Asset Management AdvisoryEY Software Asset Management Advisory
EY Software Asset Management Advisory
 
9 Considerations Before You License a New ITSM Solution
9 Considerations Before You License a New ITSM Solution9 Considerations Before You License a New ITSM Solution
9 Considerations Before You License a New ITSM Solution
 
Ais Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development StrategiesAis Romney 2006 Slides 19 Ais Development Strategies
Ais Romney 2006 Slides 19 Ais Development Strategies
 
10 things you need to know before buying manufacturing software
10 things you need to know before buying manufacturing software10 things you need to know before buying manufacturing software
10 things you need to know before buying manufacturing software
 
Increase ROI by Integrating an Enterprise App Store with your Software Licens...
Increase ROI by Integrating an Enterprise App Store with your Software Licens...Increase ROI by Integrating an Enterprise App Store with your Software Licens...
Increase ROI by Integrating an Enterprise App Store with your Software Licens...
 
Pragmatic software governance
Pragmatic software governancePragmatic software governance
Pragmatic software governance
 
Software Management
Software ManagementSoftware Management
Software Management
 
Master Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sampleMaster Contract Review and Negotiation For Software Agreements-sample
Master Contract Review and Negotiation For Software Agreements-sample
 
State of the Cloud Computing Marketplace
State of the Cloud Computing MarketplaceState of the Cloud Computing Marketplace
State of the Cloud Computing Marketplace
 
Software Asset Management
Software Asset ManagementSoftware Asset Management
Software Asset Management
 
Create your own enterprise apps store
Create your own enterprise apps storeCreate your own enterprise apps store
Create your own enterprise apps store
 
Understanding True CRM Costs before Implementing an Enterprise Solution
Understanding True CRM Costs before Implementing an Enterprise SolutionUnderstanding True CRM Costs before Implementing an Enterprise Solution
Understanding True CRM Costs before Implementing an Enterprise Solution
 
A 3 Minute Guide to E-Procurement Software Selection
A 3 Minute Guide to E-Procurement Software SelectionA 3 Minute Guide to E-Procurement Software Selection
A 3 Minute Guide to E-Procurement Software Selection
 
How to Choose a Legal Document Automation Solution
How to Choose a Legal Document Automation SolutionHow to Choose a Legal Document Automation Solution
How to Choose a Legal Document Automation Solution
 
Pitfalls of Software Licenses (2)
Pitfalls of Software Licenses (2)Pitfalls of Software Licenses (2)
Pitfalls of Software Licenses (2)
 
Building a business case for crm upgrade
Building a business case for crm upgradeBuilding a business case for crm upgrade
Building a business case for crm upgrade
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

Software License Audit Preparation

  • 1. SmartSpend TM Bulletin Preparing for a Software License Audit npifinancial.com ©2017 NPI, llc. All Rights Reserved. Are you ready to be audited by your enterprise software vendors? If not, it’s time to prepare. The frequency of vendor audits is skyrocketing. Fortunately, there are steps enterprises can take before and during an audit to ease compliance concerns and minimize unexpected license fees and penalties. Chances are most enterprises will undergo a major IT vendor audit in the near future. Cloud computing and the proliferation of mobile devices throughout the enterprise has fundamentally transformed how businesses integrate, access, consume and pay for information technology. Add virtualization and frequently changing product use rights to the equation and this new landscape is a recipe for non-compliance. Vendors’ decisions to audit more customers, more frequently is not without justification. Many companies – if not most – are unintentionally out of compliance with their licensing agreements. The corporate IT ecosphere is growing and it has become more difficult to track and monitor software license usage. KPMG has reported that 52 percent of software vendors surveyed felt their losses incurred through unlicensed use of software equaled more than 10 percent of their company’s revenue. It’s no wonder that the likes of Microsoft, SAP, Oracle and others levy seven-figure penalties on their largest enterprise customers. Another major factor driving audit activity is the migration of traditionally on-premise vendors to the cloud. During the transition, there is typically a dip in revenues as purchases shift from one-time perpetual license fees to annual subscription fees. Audits are a meaningful revenue stream to fill the gap. IT and sourcing executives should take heed. If you haven’t undergone a major software audit recently, expect one soon. For vendors, it’s no longer a matter of contractual compliance – it’s a profit center.
  • 2. 2 SmartSpendTM Bulletin npifinancial.com ©2017 NPI, llc. All Rights Reserved. Unintentional Non-Compliance – How Does it Happen? Few enterprises willingly engage in rampant, non-compliant license use. So, how is it that most companies today would be found out of compliance if they underwent a major software audit? The most common reasons are: • You bought software for one reason, now you use it for another. Certain license types, such as limited use licenses, can only be used in non-production environments like development, testing or failover. Companies often purchase these licenses over full use licenses to obtain a pricing discount. Then, months or years later they discover their limited use licenses are being used for production use purposes like internal data processing operations. • No one told you the product use rights changed. Product use rights can change at any time, and the rate of change is growing among larger IT vendors. For example, during recent contract negotiations and audits, SAP and Oracle are asking some clients to purchase additional licenses for third-party application access. A business with 100 Salesforce.com licenses that need to access information from SAP may now be required to buy 100 additional licenses. It’s only been in the last few years that the vendors have begun to interpret “indirect access” this way and attempted to enforce it with clients. • Your definition is different from the vendor’s. Licensing programs and definitions have changed dramatically over the last several years. What constitutes a qualified user or device (Microsoft)? What about a concurrent user or a floating user (IBM)? What’s the difference between an application specific full use license or an embedded software license (Oracle)? Any misinterpretation can unwittingly throw a customer out of compliance. • You upgraded your software. Or maybe you downgraded. If you upgrade or downgrade your software, which product use rights apply – the rights that came with your original purchase, or the rights that came with your up/downgrade? How will your support and maintenance agreement be impacted? Well, it varies and it can be confusing, depending on your vendor. Here is a headache-inducing example from Microsoft’s Volume Licensing Blog: Let’s continue using the same example above with SharePoint 2013 Server licenses purchased on an Agreement/Enrollment started in December 2012. With these licenses,let’s say you also purchased Software Assurance (SA) coverage, which aligns to the term of your Agreement/Enrollment. If during the term of your SA coverage, a new version of SharePoint Server is released and you decide to install/upgrade to the newest version – the PUR currently available when the new version is released will apply to your use of the new version. Please note that if you have rights to a new
version via SA coverage,and choose not to upgrade your software,you may choose to use the new PUR, or continue to use the PUR you were originally required to. However, if you upgrade your software,you will be required to use the new PUR as outlined above (unless the Product List says otherwise)….In some cases, customers buy a license through a Volume License program for current versions of products with the specific intent on downgrading to a prior version of that product.When this is the case, you must use the PUR in effect on the Agreement/Enrollment start date for the version you licensed –not the version you will downgrade to and deploy or run. The Auditing Top 5: Who’s Auditing Now? NPI has seen a marked increase in the number of audits being conducted by the following vendors: 1. Microsoft 2. SAP 3. Attachmate 4. Oracle 5. IBM
  • 3. 3 SmartSpendTM Bulletin npifinancial.com ©2017 NPI, llc. All Rights Reserved. • Virtualization. Virtualized environments are hotbeds for unintentional non- compliance as each vendor has very specific rules around how hosts and software are coupled and managed. For example, let’s say you have two physical Microsoft Windows Servers (2012), with two virtual sessions running on each. Using VMware’s tools, you move one virtual session from one server to the other. Soon thereafter, you want to move it back again. Unfortunately, Microsoft doesn’t allow “server mobility” beyond the first move. The virtual session can move one time (in this case from the first server to the second), but is then stuck on the second server for 90 days. In this instance, this is ground for non-compliance as Microsoft requires a new license to run three (rather than two) virtual sessions on one machine. • You unknowingly purchased software licenses from an ISV. More companies are turning to independent software and technology vendors for complex, industry- specific IT solutions (e.g., diagnostic equipment in healthcare, production floor technologies in manufacturing). In some cases, these solutions contain third party software that isn’t disclosed to the buyer and, therefore, isn’t on your asset management radar screen. • You don’t have a formal process and tools for distributing, licensing and managing licenses. Large enterprises often engage in checkbox license management. They invest in software asset (or license) management tools that provide limited auditing capabilities and limited visibility into license usage, and call it a day. Unfortunately, effective management of software licenses requires dedicated people and processes that ensure a 360-degree view and control over how licenses are purchased, distributed, harvested, archived and retired.As the complexity of IT and IT contracting increases, the need for formal asset and license management programs within the enterprise will become even more imperative. Before the Audit, Self-Audit If you’ve received an official audit request from your vendor, or have a sneaking suspicion you’ll receive one soon, or even if you’re looking to switch vendors – it’s imperative you conduct an internal self-audit before vendors initiate their process. Most vendors enlist third parties to conduct audits on their behalf (Oracle is one notable exception – they have a dedicated internal auditing department).These auditing teams are typically contracted from the consulting world’s power players (Deloitte, KPMG and Accenture, to name a few). They are financially motivated to find non- compliance, which they most often do. If material non-compliance is identified, in many cases the customer is required to cover the consultant’s fees in addition to any penalties incurred. Remember – the interests of the auditors are more aligned with those of the vendor than your own. There is no such thing as a friendly audit! With this in mind, enterprises should take all precautions to avoid or minimize the negative impacts an audit could have on their business. The most effective tactic is to conduct a preventive internal self-audit using the very same level of scrutiny that the vendor’s team would use – as well as similar tools and processes. Companies that lack the bandwidth or capabilities in-house should seek outside expertise. When is the right time for a self-audit? Most enterprise customers will be audited by at least one large software vendor in 2017. Conducting an internal self-audit before an official audit request arrives gives you more time to identify and remediate non- compliance, and minimize risk.
  • 4. 4 SmartSpendTM Bulletin npifinancial.com ©2017 NPI, llc. All Rights Reserved. At a minimum, the self-audit should involve the following activities: • Establish a formal license position. First, develop an accurate record of deployments. Then compare that to license entitlements to identify gaps. This requires a PhD in product use rights for each vendor as they are ground zero for non-compliance. Product use rights are complex, confusing (often intentionally) and are subject to change at any time. It’s important to point out that auditors perform this complex analysis in the vendor’s favor. Customers need to perform this same complex analysis in their own favor. Note: One benefit of having a formal license position at the ready is that, in some cases, a vendor will actually cancel an audit once they see the report. • Review and clarification of audit rights. Audit rights should be stipulated and agreed upon with every enterprise software vendor. They should specify how much time a company has to respond to a formal audit request, which vendor resources are authorized to audit, what tools will be used, what data has to be provided (and how soon) and how arbitration will be handled. By fully understanding audit rights prior to an official audit, companies can model their self-audit using the same rules of engagement that the vendor will use. • In the event of non-compliance, development of a remediation plan defining how compliance will be achieved. If material non-compliance is discovered during a self-audit, companies need to develop a remediation plan that takes into account their current and future software needs. Remediation can take many forms – tuning virtualization strategy, changing servers to avoid certain size “taxes,” making simple changes to eliminate unnecessary access that would drive user charges even when there is no actual usage, changing usage for certain constituencies because the cost outweighs the benefit, migrating to alternate solutions for certain constituencies, changing to alternate license types that are a better match for actual usage or, if no other alternative is practical, purchase additional licenses. Even if the outcome of a self-audit is the requirement to purchase licenses, companies have the ability to work through the funding challenges on their own cadence. Why Engage a Self-Audit Specialist In the best of circumstances, large software vendor audits are arduous and costly to the enterprise. They require time and human resources that are already stretched thin. And, when going head-to-head with vendors’ auditing teams, companies typically find themselves unable to defend their license position.Today’s IT and sourcing professionals need an ally with the vendor-specific licensing expertise, tools and proven processes that will help them optimize the outcome of a software license audit. As a third-party auditing consultant, NPI has a deep familiarity with the myriad ways that vendors foster non-compliance. Our understanding of changing product usage rights gives us the inside track into where companies are unwittingly falling out of compliance with their licensing agreements, and where auditors are incorrectly interpreting the situation (this occurs frequently). We use the same or similar tools and processes that the vendors use, and are able to understand, summarize and present
  • 5. npifinancial.com ©2017 NPI, llc. All Rights Reserved. v1116.1 5 SmartSpendTM Bulletin NPI Headquarters 271 17th Street Suite 550 Atlanta, GA 30363 T 404-591-7500 F 404-591-7501 E info@npifinancial.com About NPI NPI is a spend management consulting firm that protects companies from overspending in three cost categories where pricing is opaque, complex and inconsistent – information technology, telecommunication and transportation. Using price benchmark data and vendor-specific cost reduction expertise, NPI helps clients assure that each purchase is priced at or below fair market value and program selection, licensing and business terms are cost-optimized. Reviewing more than 14,000 purchases annually, NPI provides objective oversight for billions of dollars of strategic spend for its clients. To learn more about how NPI can help your company start saving today, visit www.npifinancial.com or call 404-591-7500. the data that emerges to vendors in the most favorable way. NPI’s self-audit specialists have expert knowledge of the full range of solutions, terms and costs that are acceptable to vendors, as well as what they are willing to concede during post-audit negotiations. At NPI, we look at every audit from two perspectives – options for remediating current non-compliance (before the vendor finds it), and how clients can protect themselves from non-compliance in the future. We advise clients on license strategies and scenarios that are based on the enterprise’s current and future requirements. We also recommend license management processes and best practices, as well as help clients negotiate fair audit rights for future protection. NPI helps clients achieve significant reductions in compliance penalties through remediating non-compliance before an official audit is conducted, negotiating a less costly penalty post-audit, and optimizing licensing throughout the process – some, or all, of these factors may apply in each individual audit event. The cost reductions delivered by NPI are material, often exceeding 25 percent and, in some cases, reaching 90 percent. At a time when vendors are auditing more than ever before, this impact goes beyond financial measures. It’s a proven tactic for reducing risk across the IT organization, and protecting the capital and human resources that are otherwise committed to business operations and innovation.