Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Software license audits come in multiple flavors

Different tactics apply to each type

There are several types of software license audits, each with their own risks and variables, experts say.

Trade groups like the Business Software Alliance often ask companies to conduct "self-audits," where customers collect software installation and usage information and report back any instances of noncompliance.

Customers who receive a request for a self-audit should consider the benefits of this option, such as more flexibility over its timing, according to Scott & Scott, a Dallas law firm that specializes in software audits.

Self-audits are also preferable to ones by an independent third-party auditor, since the customer has no say in who is selected, or the audit's length or scope, according to a blog post by the law firm.

And it is "never advisable" to agree to an audit conducted by a software vendor itself before looking into every possible alternative, it adds. These types of audits are "the most intrusive and least impartial of all," it states.

Customers should also be mindful of "informal audits," which are typified by letters from sales representatives that ask for information about a customer's software installations, perhaps in the hopes of uncovering some noncompliance and making an easy sale to remedy the problems.

An official audit letter should specifically cite that the customer's contract requires cooperation, according to Eliot Arlo Colon, president of Miro Consulting, a Woodbridge, New Jersey, firm that offers advice on Oracle licensing. "If you don't have that, then it's an informal audit."

Such inquiries must be dealt with carefully, according to Colon.

"What you have is this implied threat," he said. "[The sales representative is saying], 'We're trying to save you from an audit. We're being your buddy here. If you tell me what's going on, I can save you from the audit people.'"

Even if a customer takes the bait and provides the information, the salesperson isn't an official auditor and can't certify a customer is actually in compliance with Oracle, he said.

At minimum, customers who receive an informal audit request should respond to any questions with more questions, Colon said.

"If they ask you, how many users are you running, it's OK to ask them, 'Why are you asking me?' You shouldn't be providing any information unless you know what it's going to be used for."

And get it in writing. "A lot of times, reps do this verbally. Say to them, 'I'd like you to respond in this e-mail chain.' Sometimes all that will happen is you won't hear from that person again."

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Business Software Alliance, Miro, Oracle
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: auditing, licensing, software licensing
Latest Blog Posts
Whitepapers
  • The Big Six: The CIO Executive Council’s Frameworks for IT Value and Leadership
    This overview of six of the CIO Executive Council’s most important pieces of intellectual capital represents the thought leadership of literally hundreds of global CIOs spanning over half a decade. It is intended to convey the Council’s position on the current and future CIO role and the value that IT should be creating for the enterprise. We hope that it offers the IT community an intriguing and comprehensive roadmap for continued success.
    Learn more »
  • HP ePrint Enterprise mobile printing solution
    The merger of mobile devices and cloud services has become one of the most significant enablers of business productivity and innovation in the past decade. We now hold the power of communicating and computing in the palms of our hands, nearly anywhere business or life takes us. However, one key business process has eluded the mobility movement: printing. Even the most technically enabled business travelers find themselves hunting down print services while on the road and interrupting IT managers when visiting a branch office simply to print a document. But finally, a truly mobile print experience is available—helping enterprises to drive business productivity further. Read more.
    Learn more »
  • 10 Essential Steps to Email Security
    Modern business is reliant on email. All organisations using email need to answer the following questions: How do we control spam volumes without the risk of trapping a business email? How do we prevent infections from email-borne viruses? How do we stop leakage of confidential information? Can we detect and stop exploitation from phishing attacks? How do we control brand damage from occurring due to employee misuse? How do we prevent inappropriate content from being circulated?
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments