What is a software license audit?: An overview
The consequences of software non-compliance can cause irrevocable harm to a company if not addressed — resulting in regulatory scrutiny, hefty financial penalties, and damage to its reputation and credibility.
These risks, however, aren’t easily mitigated, with a Unisphere survey revealing, among companies audited by their software vendors in the past three years, 64% were charged additional fees for non-compliance. A significant percentage, 35%, had to pay $100,000 or more to achieve compliance with the vendor, while 10% were charged $1 million or more in fees.
Ongoing industry-wide digital transformation ensures that change is the only constant, with the quantity and frequency at which businesses are adopting new technology increasing tenfold.
According to Statista, worldwide IT spending on enterprise software amounted to approximately 783 billion U.S. dollars in 2022, with a growth rate of 7.1 percent from the previous year.
The enterprise software market, in particular, has experienced notable growth in recent years, with market revenues increasing by more than double between 2010 and 2020.
The proliferation of nascent digital tools, software solutions, and IT investments across sectors brings ample opportunities for new value creation. However, a precarious byproduct of navigating this new frontier is the material risks of poor SaaS asset management and a failure to demonstrate due diligence around software license compliance.
As businesses broaden their digital presence, the intricacy of managing software licenses escalates. This has led to software license audits increasingly becoming routine in the business sector. It’s common for license agreements to include a provision that grants the vendor the right to conduct audits and a requirement for the licensee to comply and cooperate during these processes.
This article will explore software license audits, covering key factors contributing to non-compliance, best practices for maintaining compliance, and the importance of effective software asset management through self-audits.
What is a software license audit?
A software license audit is an intricate process of examining a company’s software applications. Its purpose is to validate that the organization abides by the legal and ethical parameters outlined in its software license agreements.
This process involves a thorough examination of all software applications installed across the enterprise network, comparing them to the legal entitlements that the company owns.
Independent third-party auditors typically conduct software license audits on the vendors’ behalf.
While major software providers such as Microsoft, Oracle, and IBM can conduct their software license audits (with Oracle having its internal auditing department), they often contract third-party auditors from global players such as PwC, Deloitte and KPMG, and Ernst & Young.
This approach allows these companies to maintain accuracy and impartiality in their audit processes, as third-party auditors can better ensure an objective and unbiased review of software usage and compliance.
However, it’s worth noting that these third-party auditors have a financial incentive to identify instances of non-compliance.
A reported 33% of respondents in Flexera’s 2021 State of ITAM Report paid vendors between $500,000 in software license penalties in the last year, with 10% paying upwards of $5 million. Similarly, more than half (67%) of respondents have paid fines of up to half a million dollars.
Non-compliant software license use: Contributing factors
Considering the complex and dynamic nature of modern IT ecosystems, the intricacy of managing license agreements makes it easy to fall into noncompliance.
Therefore, businesses must be aware of the common pitfalls and challenges that can lead to such violations. Here are some significant factors that contribute to software license noncompliance:
- Virtualization adds a layer of complexity to licensing, especially when vendors base their licenses on physical hardware, not just the virtual instances used. For example, consider Oracle’s Database Management Systems (DBMS) deployment within virtualized environments. Oracle requires licenses for all cores on the physical host, not just the ones assigned to the virtual machine running their software. So, even if you allocate only four cores to a virtual machine on a 16-core server, you must license all 16 cores. Misinterpreting or neglecting this rule can lead to noncompliance and considerable licensing fees.
- Varying use-case definitions: Software vendors often have their definitions for terms like ‘user’ or ‘usage,’ which can vary significantly from one vendor to another. This lack of standardization can create confusion and misunderstanding. For instance, one vendor might define a ‘user’ as anyone with access to the software, while another might define it as anyone who actively uses it. This discrepancy can inadvertently lead an organization to violate the terms of its license agreement without realizing they’re doing so.
- Inadequate license management and IT inventory processes: Organizations can easily lose track of software usage without a comprehensive tracking mechanism for licenses and IT assets. This oversight may result in discrepancies between the licensed software and its actual use.
An audit report published by NASA reveals that the space agency neglected to establish a centralized Software Asset Management tool for discovering, inventorying, and monitoring license data as mandated by federal policy. This oversight led to NASA expending about $15 million on unused Oracle software licenses over the past five years—an amount deemed “wasteful” by the Aeronautics research agency.
- Operating outside of a limited-use license: If the specific restrictions of limited-use licenses aren’t properly understood or are disregarded, organizations may inadvertently exceed the stipulated boundaries of their license agreement.
- Unawareness of shifting product use rights: When organizations fail to stay updated with alterations to the terms and conditions of software licenses, they risk crossing the lines of their agreement without even realizing it.
- Unaware that new iterations of software require new licenses: Software upgrades sometimes call for a new license. Overlooking this requirement can unintentionally cause organizations to operate unlicensed versions of their software.
- Lack of understanding of licensing models: Misinterpretation of the various licensing models available, such as per user, per device, and concurrent, can lead organizations to unintentional misuse of their software licenses.
- Mergers and Acquisitions: During the turmoil of mergers or acquisitions, the newly formed entity might not have a complete overview of all the licenses held by the original companies, which could cause inadvertent licensing oversights.
Maintaining Software License Compliance: Best Practices
Ensuring software license compliance proves ever-critical in business environments where robust software asset management is closely intertwined with success.
The BSA reports that around a quarter of businesses operating in the US are non-compliant in some manner, causing software vendors an estimated loss of $6 billion. As such, business and IT decision-makers must prepare for a software license audit.
A license audit can be a stressful and time-consuming experience, but several best practices are readily known to help your organization prepare for one.
Firstly, having a comprehensive understanding of your licensing agreements is essential. This includes knowing the terms and conditions of each license and understanding how your organization uses the software. It’s also important to have a clear record of all purchases, installations, and usage of software licenses.
Another critical best practice is establishing a dedicated team or person responsible for managing software licenses. This individual or team should be responsible for keeping track of all licenses and ensuring they’re being used in compliance with licensing agreements.
“I would venture to suggest that many businesses aspire to 80% in the cloud, with the remaining 20% technology they can’t move to the cloud. It’s important to watch out for indirect licensing here – granting the users of one system access to the features and benefits of another system…” says Rory Canavan, Software Asset Management Consultant and owner of SAM Charter.
In addition to the above, having a clear process for renewing and upgrading licenses is also essential. It’s important to avoid letting licenses expire accidentally or going out-of-date, which can lead to non-compliance and potentially costly consequences.
Fact-checking for accuracy is also essential to preparing for a software license audit. Ensuring that all information is up-to-date and accurate can help to prevent potential issues during an audit.
Finally, performing regular internal audits to identify potential compliance issues before an external audit occurs is key. This can help correct mistakes and ensure your organization is fully prepared for a software license audit.
Software asset management: Getting it right with a self-audit
While receiving an audit request from third-party auditors is expected, organizations should not rely solely on external audits to ensure compliance. Instead, implementing robust internal controls and software asset management practices can help organizations stay on top of their licensing obligations and avoid the pitfalls of non-compliance.
Gartner Inc. estimates that the probability of an audit for a midsize to large organization is 40% over the next two years and will increase by 20% annually.
However, conducting self-audits can be a daunting task for many organizations. The financial and human capital required to carry out these audits can often leave businesses feeling overwhelmed and ill-equipped to defend their license entitlements in the face of third-party auditors who may be quick to promote and misunderstand noncompliance.
Key parts of the self-audit process involve gaining a comprehensive understanding of the organization’s software assets, including purchases, entitlements, and usage patterns. This information is compared against software deployment to identify discrepancies or non-compliance issues. Throughout this process, careful documentation and record-keeping are also essential to ensure ongoing compliance and guide future software purchasing decisions.
In such cases, it may be advisable to seek the assistance of experienced software asset management professionals who can help organizations navigate the complex landscape of software licensing agreements.
When done right, software license self-audits are proactive asset management solutions that empower companies to traverse the digital ecosphere confidently, maximizing returns on tech investments while working to strengthen overall corporate risk.