Accurate Inventory Information Crucial to Software Audit Outcome
Obvious though it may sound, in almost every software audit the most crucial element contributing to a positive outcome is an accurate inventory of what software is deployed. Unfortunately, far too many businesses faced with an audit end up receiving grossly over-inflated compliance-purchase demands, because the inventory data received by the auditors and used to calculate a license position is faulty. Here are three top tips for taming the inventory beast:
- Don’t Wait for an Audit A publisher-requested software audit is the absolute worst time for a business to collect its first comprehensive software inventory. In many cases, the auditor will demand that its own tools and processes be used to collect the audit inventory. In those situations, absent mature and tested internal inventory processes, the audited business will have no practical way to challenge any apparent discrepancies in the auditor’s findings, and the publisher will be loath to consider different inventory information without a compelling reason to do so. In addition, without pre-existing inventory information, it is very difficult to estimate license-related exposure, making it a challenge for accounting teams to prepare for a potentially large compliance purchase. Finally, and perhaps most importantly, collecting an inventory before a compliance investigation begins allows a business to address compliance gaps before those gaps are translated into licensing penalties.
- Know Your License Metrics Especially when it comes to servers, modern software-licensing metrics run the gamut from relatively simple installation or “seat”-based licenses, to processor capacity licenses (like IBM’s processor value units or “PVUs”), to concurrent-session or floating-user licenses. One of the effects of this is that it is not enough merely to count how many times a software product is installed in a company’s computer environment. It is vital also to know the characteristics of the computers where those installations are located as well as the numbers and kinds of users connecting to that software. Without that level of detail (which many auditor-deployed inventory tools may be unable to collect), an audit outcome may include unnecessarily high monetary exposure. Businesses need to gather and monitor this information on an periodic, ongoing basis in order to minimize compliance exposure.
- Select the Right Tool Especially for large businesses, it is essentially impossible to collect a thorough software inventory without one or more tools to assist with the process. Therefore, especially in light of the need to get a handle on inventory data well before any audits are announced, businesses need to research the tools currently available to gather that data and to select the one that makes the most sense for their IT environments. Many tools offered today are truly robust in terms of their data-gathering capacities, though many also require a level of IT expertise that could make them challenging for smaller companies to deploy. Procurement teams therefore should spend some time considering the resources that they can task to internal software-asset management functions together with the price they are willing to pay for an effective tool set.