The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

The Dreaded Audit Request

The Dreaded Audit RequestThis article has been contributed by Sandi Conrad of Conrad & Associates.

Sandi is the author of the “SAM Starter Kit” published by The ITAM Review.

So, you’ve just received a call from your software publisher that went something like this:

“Hi. I’m the software asset management rep from Microsoft, and I’d just like to chat with you for a few moments about your software asset management processes. I’m looking at a report of your purchases from the past few years and would like to know how many desktops your company has right now.”

Immediately, your stomach does a flip, you check your calendar to see if you can clear your schedule over the next month and you wonder at what point of non-compliance they send CIOs to prison.

Will you be lucky enough to be in with the rock stars and CFOs or will you be in with the general population?

Don’t Panic!

First: in the words of the great and wonderful Douglas Adams “Don’t Panic.”

Think Positive

Secondly: in almost all cases, they do actually want to work with you, not against you. Of course, it will help their bottom line if you need to fill a gap in your license inventory, but in reality they are looking at ways to solidify the relationship, ensure that you are comfortable with the information you have on how to license the products and keep you from being so far out of compliance that you can’t find budget to fix it. They want their customers to be happy and continue to use their product, but use it according to the end user agreements too. After all, they’ve spent a ton on research and development to make your employees more productive.

I’ve worked with clients who have had internal audit requests from vendors, who have called me in a panic and we’ve been able to resolve most of the issues very quickly, without need for legal representation. Here’s some advice to help you should this call happen to you.

Sandi Conrad

Sandi Conrad

  1. Be friendly and co-operative. If they think you are trying to hide something they will be more likely to pursue the information aggressively. No one wants to be the bad guy and they are not necessarily targeting you for any particular reason. It may just be that they have finally hit your company name on their alphabetical list of clients. If you don’t know the answers, ask them for a few days to check into the finer details and call them back.
  2. Ask your software publisher and vendor for help. You should be able to get reports from both that you can compare to each other and that you can compare to your inventory. This is especially important if you are looking at a combination of purchasing options such as license, subscription, retail boxes and OEM. The publisher most likely will only have license or subscription on file.
  3. Review your internal processes and see where there is room for improvement. Do you have a corporate anti-piracy policy? Do you have employee communication and sign off? Do you have a controlled software distribution process? Do you have appropriate SAM tools in place? (How quickly can you get these in place?)
  4. If your software really is out of control, contact a SAM partner to assist. They know what to look for and the fastest way to find it. They will know the questions to ask about how you are using the software to decide if you are licensed appropriately. They will also be focused on your issues without other “regular, day-to-day, work” getting in the way, like what your IT staff might be facing. Plus they can act as liaison between you and your publisher on the sketchier issues.
  5. Communicate fully with the software publisher. If they know that you have put strong policies in place and that you are getting assistance from someone in the field, or have someone dedicated for XX amount of time, they will most likely back off and give you some space to determine your compliance situation. They will be less likely to impose unrealistic deadlines, fines and retroactive charges if they know you are taking the license issues seriously.

SAM Starter Kit SmallThis article has been contributed by Sandi Conrad of Conrad & Associates.  Sandi is the author of the “SAM Starter Kit” published by The ITAM Review.

Sandi has been in the software business since 1991 and was one of the first Software Contract Administrators in Canada.

She has been providing consulting services since 1996, helping hundreds of clients to understand their obligations and rights under a myriad of contracts, and comparing licensing programs to find the most advantageous options for her clients.

About Martin Thompson

Martin is owner and founder of The ITAM Review, an online resource for worldwide ITAM professionals. The ITAM Review is best known for its weekly newsletter of all the latest industry updates, LISA training platform, Excellence Awards and conferences in UK, USA and Australia.

Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.

He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.

Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).

When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.

Connect with Martin on LinkedIn.

5 Comments

  1. Mike Paterson says:

    From what I hear, the large software companies are setting up teams to actively target accounts to raise

    revenue.

  2. Greg Larsen says:

    Mike, it’s a given that in a down economy as we’re in, that software companies will ramp up their customer

    compliance audits to capture that “low hanging fruit” for revenue generation. They’ve been doing it since the mid- to late-90’s and

    once the program is in place, it becomes addicting for them to continue the practice on a full-time basis.

    I posted a similar

    article to Sandi’s back in March 2008, but more from the perspective of what the publishers’ compliance/sales teams are being trained

    to look for in their targeting. It can be found at:

    http://www.zerofindings.com/Blog/news/2008/03/17/d3497a73-98e1-47b8-b103-

    b5d677562e29.aspx

  3. Andy Ellwood says:

    The key to ease the pressure of a request is to always have an accurate picture of what you

    have and what is beng used. For many, this is a lot easier to say than achieve! Many organisations invest in a manual process to get a

    snapshot of this but it is so painful and time consuming that they are not keen to repeat the exercise. Therefore it quickly gets out of

    date and is prone to errors.

    A rapid and repeatable process powered by an automated discovery tool can help you get an initial

    accurate picture and keep it up to date with no disruption to your day to day operation.

    If you have the facts you can take action

    as it is needed, not when it is forced on you. Automated Accuracy = No Fear Audits

  4. Andy Ellwood says:

    The key to ease the pressure of a request is to always have an accurate picture of what you have and what is beng used. For many, this is a lot easier to say than achieve! Many organisations invest in a manual process to get a snapshot of this but it is so painful and time consuming that they are not keen to repeat the exercise. Therefore it quickly gets out of date and is prone to errors.

    A rapid and repeatable process powered by an automated discovery tool can help you get an initial accurate picture and keep it up to date with no disruption to your day to day operation.

    If you have the facts you can take action as it is needed, not when it is forced on you. Automated Accuracy = No Fear Audits

  5. Derek Alexander says:

    Well, yes and no Andy (congrats on getting certified by LMS by the way).

    An automated tool is

    important, but its main purpose is to give you some certainty that the data discovery element is correct, and that human error in this

    has been eliminated. Which is, of course, hugely important. It also saves a lot of time.

    Having all the data can still be like staring

    into a ditch if you don’t know what you are looking for. As a licensing consultant, my work only really starts when the data is

    returned. Also, good data doesn’t interpret your contractual obligations (which can work both for and against you).

    You can only be

    audited on the contract you signed, not on today’s Ts&Cs. A vendors approach to usage (what actually constitutes an installation for

    example?) can often be hidden in their own internal documentation.

    Having the skills to interpret the data (particularly when dealing

    with usage withing data centres) – that is still a key element to ensuring both compliance and protection from over eager audit functions

    and sales people.

Leave a Comment