There are different kinds of software license audits, some that may be disguised as inventory optimization exercises, according to one Gartner analyst. But there is one universal truth for all of them: Be prepared.
"Just because somebody wanders in and says, 'Oh, we can help you improve the value you get from your licenses doesn't necessarily mean to say that's what they're there to do," said Victoria Barber, an analyst with Stamford, Conn.-based research firm Gartner Inc., and co-author of the report Surviving a Software Audit.
"Regardless of what type of audit it is, you should always have a carefully managed, rigorous process," Barber said.
More audits are taking place, a trend that began with the recent economic recession, according to Barber.
"People were spending less money on software. The vendors needed to make it up elsewhere," she said. "I think they now realize how much money is out there and available for them to collect. They're therefore increasing their activity proportionately."
Just because SAP audits may be easy doesn't mean others are
The audits that SAP customers have to endure are fairly routine, according to Barber, but that doesn't mean customers should take them lightly.
"SAP customers are used to the fact that they have to do their annual reporting. So, compared to the other vendors, they don't necessarily feel as pressured or aggrieved as they can in other situations," Barber said. "They've got clear documentation as to how to produce that [data]."
Despite the predictable nature of SAP software license audits, companies should resist the temptation to only go through the motions, according to Barber.
"If it's not a big deal, you can be more relaxed about it. And that's not a good idea," she said. "[Companies] should be using a rigorous process to verify the data, keeping an eye out for ways in which the licenses may be underutilized," she said. Any discrepancies should be noted and fed into the company's software asset management (SAM) software or plan, she said.
Four kinds of audits
There are four kinds of audits, according to Barber.
The formal contractual audit is included in the majority of software contracts and stipulates how, and how often, the audit is to occur, among other factors. "It's a fairly formal communication, and the audit itself will [likely be] very formal in structure," Barber said. The contract will also cover who will be doing the audit -- the vendor itself, or a third party.
The second and often the most frustrating type of audit is one that occurs under the guise of the vendor conducting a license- and asset-management optimization exercise.
"[They'll] say, 'Let us help you improve the value you get from your software; let us help you improve your asset management.' Then they'll come back and say, 'These are the licenses you're short of' [and charge the company for those missing licenses]."
Quite often the exercise results in bad feelings from the client who didn't realize it was an audit. Typically, the vendor never gets around to providing advice on how to improve software asset management, Barber said.
In self-audits, the customer runs a report and provides it to the vendor, as in SAP's case. The fourth type of audit is conducted by an organization like the Business Software Alliance (BSA), which has the vendor's approval to conduct an audit [on behalf of the vendor].
Sometimes it pays to get outside help
The audit and compliance clauses in software contracts and license agreements can cost companies a lot of money in compliance payments when they're poorly negotiated or thought out.
"Some vendors have more room for negotiation than others. But there are things that can be done to improve the audit clause, even down to the basic stuff, making sure you get a decent notice period," Barber said. "These audit clauses are important. There's a lot of potential value in getting that clause right."
For more on SAP software licensing:
Read why some users give SAP's licensing a thumbs-down
Learn how to recycle SAP licenses
Ever tried bargaining for better deals on SAP software licenses?
Companies should manage the audit cautiously and thoroughly, and be careful about the data they share with the vendor, which sees the audit as a revenue-generating exercise.
"If it looks too good to be true, it probably is," Barber said. "You should look at these with a healthy degree of suspicion."
Companies might also consider looking to a third-party vendor for help. Whether it's an inventory optimization project or an actual audit, it involves people taking time out of their day to run reports or chase down pieces of information. Having outside help can limit that, she said.
Organizations tend to have a shortage of asset-management skills, she said.
"If they're in a situation where there's a lot of effort going into this, they may want to make sure they have a certain amount of expertise on their side. They won't necessarily have [that kind of person] in-house," Barber said.