- Audit defense starts long before you get audited. Negotiating your vendors’ audit rights and maintaining a documented consolidated licensing position ensure that you are not blindsided by a sudden audit request.
- Notification of an impending audit can cause panic. Don't panic. While the notification will be full of strong language, your best chance of success is to take control of the situation. Prepare a measured response that buys you enough time to get your house in order before you let the vendor in.
- If a free software asset review sounds too good to be true, then it probably is. If a vendor or one of its partners offers up a free software asset management engagement, they aren’t doing so out of the goodness of their heart — they expect to recoup their costs (and then some) from identified license discrepancies.
Our Advice
Critical Insight
- The amount of business disruption depends on the scope of the audit, and the size and complexity of the organization coupled with the contractual audit clause in the contract.
- These highly visible failures can be prevented through effective software asset management practices.
- As complexity of licensing increases, so do penalties. If the environment is highly complex, prioritize effort by likelihood of audit and spend.
- Ensure electronic records exist for license documentation to provide fast access for audit and information requests
- Verify accuracy of discovered data. Ensure all devices on the network are being audited. Without a complete discovery process, data will always be inaccurate.
Impact and Result
- Being able to respond quickly with accurate data is critical. When deadlines are tight, and internal resources don’t exist, hire a third party as their experience will allow a faster response.
- Negotiate terms of the audit such as deadlines, proof of license entitlement, and who will complete the audit.
- Create a methodology to quickly and efficiently respond to audit requests.
- Conduct annual internal audits.
- Have a designated cross-functional IT audit team.
- Prepare documentation in advance.
- Manage audit logistics to minimize business disruption.
- Dispute unwarranted findings.
Prepare and Defend Against a Software Audit Research & Tools
Start here – read the Executive Brief
Read our concise Executive Brief to find out why you should be prepared and ready to defend against a software audit, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.Besides the small introduction, subscribers and consulting clients within this management domain have access to:
- Prepare and Defend Against a Software Audit – Phases 1-4
1. Prevent an audit
Begin your proactive audit management journey and leverage value from your software asset management program.
- Prepare and Defend Against a Software Audit – Phase 1: Prevent an Audit
- Audit Defense Maturity Assessment Tool
- Effective Licensing Position Tool
- Audit Defence RACI Template
2. Prepare for an audit
Prepare for an audit by effectively scoping and consolidating organizational response.
- Prepare and Defend Against a Software Audit – Phase 2: Prepare for an Audit
- Software Audit Scoping Email Template
- Audit Defense Readiness Assessment
3. Conduct the audit
Execute the audit in a way that preserves valuable relationships while accounting for vendor specific criteria.
- Prepare and Defend Against a Software Audit – Phase 3: Conduct an Audit
- Software Audit Launch Email Template
4. Manage post-audit activities
Conduct negotiations, settle on remuneration, and close out the audit.
- Prepare and Defend Against a Software Audit - Phase 4: Manage Post-Audit Activities
Workshop: Prepare and Defend Against a Software Audit
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
1 Prevent an Audit
The Purpose
Kick off the project
Identify challenges and red flags
Determine maturity and outline internal audit
Clarify stakeholder responsibilities
Build and structure audit team
Key Benefits Achieved
Leverage value from your audit management program
Begin your proactive audit management journey
A documented consolidated licensing position, which ensures that you are not blindsided by a sudden audit request
Activities
1.1 Perform a maturity assessment of the current environment
1.2 Classify licensing contracts/vendors
1.3 Conduct a software inventory
1.4 Meter application usage
1.5 Manual checks
1.6 Gather software licensing data
1.7 Reconcile licenses
1.8 Create your audit team and assign accountability
Outputs
Maturity assessment
Effective license position/license reconciliation
Audit team RACI chart
2 Prepare for an Audit
The Purpose
Create a strategy for audit response
Know the types of requests
Scope the engagement
Understand scheduling challenges
Know roles and responsibilities
Understand common audit pitfalls
Define audit goals
Key Benefits Achieved
Take control of the situation and prepare a measured response
A dedicated team responsible for all audit-related activities
A formalized audit plan containing team responsibilities and audit conduct policies
Activities
2.1 Use Info-Tech’s readiness assessment template
2.2 Define the scope of the audit
Outputs
Readiness assessment
Audit scoping email template
3 Conduct the Audit
The Purpose
Overview of process conducted
Kick-off and self-assessment
Identify documentation requirements
Prepare required documentation
Data validation process
Provide resources to enable the auditor
Tailor audit management to vendor compliance position
Enforce best-practice audit behaviors
Key Benefits Achieved
A successful audit with minimal impact on IT resources
Reduced severity of audit findings
Activities
3.1 Communicate audit commencement to staff
Outputs
Audit launch email template
4 Manage Post-Audit Activities
The Purpose
Clarify auditor findings and recommendations
Access severity of audit findings
Develop a plan for refuting unwarranted findings
Disclose findings to management
Analyze opportunities for remediation
Provide remediation options and present potential solutions
Key Benefits Achieved
Ensure your audit was productive and beneficial
Improve your ability to manage audits
Come to a consensus on which findings truly necessitate organizational change
Activities
4.1 Don't accept the penalties; negotiate with vendors
4.2 Close the audit and assess the financial impact
Outputs
A consensus on which findings truly necessitate organizational change