You and your team are in the midst of a huge IT project that is an integral part of the strategic planning initiative that was outlined at the beginning of the year that was going to yield huge savings for your organization. You are at your desk and receive a letter from one of your software vendors requesting a software audit. It includes an audit effective date.
Ironically, that was the date you had on your calendar to start investigating a comprehensive Software Asset Management system that would help manage your constantly-changing IT environment. But now it’s too late, at least for this audit. You could have used the time and money you will now devote for this round of software tracking and reconciliation as part of your audit preparation.
So, how much money will this software audit cost you?
Before we delve into that, there’s a question you should address first:
How likely is it that you will be audited in the first place?
Audits used to be carried out primarily by the vendor-funded Software Alliance (BSA). However, in an effort to drive revenue, they have taken on the task of doing it themselves. So, audit activity has increased. According to a 2013 survey by Gartner, 49% of respondents indicated that they had experienced more than one audit in the previous year. A study by Cherwell-Express indicated similar findings, where audits for all organizations were on the increase over a 2 year period (2012/2013).
This is pretty alarming, given the fact that a global study found that only 35% of organizations have written policies on the use of licensed software. This gap in awareness when it comes to compliance shows that many companies are opening themselves up to serious risks.
What costs would be associated with an audit?
There are probably many different costs that could come from a software audit. The list could go on and on. For the purposes of this article, we will focus on the two main types of costs: business operations, and direct costs.
Business Operations
Disruption of day-to-day activities and diversion of man-power are one of the largest costs to your organization when preparing for a software audit. Your staff will need to be focused on performing the tracking and other audit preparations.
The costs related to the man-power required to track an organization’s software can be significant. In the Cherwell-Express study mentioned previously, respondents were asked
“What did you find to be the most challenging aspects of the audit?”
Over 70% of the respondents stated “The amount of time consumed.” This is sobering fact, especially when you consider the fact that 45% of the audits lasted over three months!
Can an organization afford to divert this much man-power from existing projects?
The Direct Costs
According to the Cherwell-Express study, the direct costs of a software audit was at least $50,000. This number was given by 42% of the respondents. 17% of the respondents reported paying $1 million or more. As a matter of fact, some cases had a cost of as much as $5 million!
These costs include:
- True-up costs
- Settlements
- Other penalties
Under the terms and conditions of the End User License Agreement (EULA) the independent software vendors (ISV’s) have the authority to audit their customers. Typically, the EULA provides the client with information about the audit process. It outlines how the client will be notified and how the software audit will be conducted.
Unfortunately, many clients accept the EULA without fully understanding the documentation and its potential consequences. The EULA is a legally binding contract that your organization is expected to comply with. If a company breaches its EULA, there could be even more costs when it comes to legal fees.
How It Works
When an audit is requested, there is an ‘audit effective date’ that is stated in the letter. The audit will include only software products installed on and before this date. Trying to reconcile what is installed with what is purchased after this date could be considered tampering with evidence.
Besides the penalties, your organization’s reputation is at risk. It raises a red flag that your company does not keep accurate records, is not prepared, and will probably be a candidate for a future audit—in essence, you have become a target as reliable stream of revenue for the vendor.
I’m sure you’re thinking “At some point I will get around to reconciling the software that is installed with the software that is licensed.” But, as you already know, there will always be something that comes up in your day-to-day operations that will prevent you from doing this. It will continue in this way until you receive the audit letter in your inbox. At this point, it’s probably too late.
Why?
Because whatever was installed on and before that date is matched with what was actually purchased. If there is a discrepancy, then unbudgeted money will be flowing out of your hands. All those cost savings from strategic sourcing and other efficiency methods you have previously undertaken will have been nullified. It can be a scary situation, right? When companies have hundreds, thousands, or tens of thousands of users, it gets complicated without an automated system.
These findings should be a call-to-action.
What are you doing to help your company avoid wasting large sums of money? Is your Software Asset Management system up to the test of being audit-insurance? Doing your due diligence beforehand will help you keep your organization from losing money and having a damaged reputation.
*An in-depth study was conducted by Cherwell-Express (formerly Express Metrix) seeking to gauge software audit trends, impacts, and outcomes across a statistically significant cross-section of the marketplace. It occurred in November of 2013 based on 178 respondents who were IT/IS professionals with manager- or director-level positions, representing a 95% confidence sample of 10,000 US-based organizations of at least 500 employees.