This week we released the results of our inaugural Software Audit Industry Report. The purpose of the report is to benchmark the occurrence of software audits across the marketplace, as well as gauge the experiences, attitudes, and outcomes of audits on end-user organizations.
What, you may wonder, makes this research different from all the other industry reports published in recent years relating to the frequency and impact of software audits? Unfortunately, the statistics found within these reports are typically based on anecdotal evidence or surveys conducted among limited or non-representative samples, and the findings therefore can’t be reliably extrapolated across the broader marketplace. (I blogged on an example of such a statistic here.) So we set out to do it differently.
The findings from the 2013 Software Audit Industry Report are based on a November survey involving 178 information technology (IT) professionals (which represents a 95% confidence sample of 10,000 companies) at a wide range of organizations across North America. In order to participate, respondents were required to meet the following criteria: 1) work at an organization with 500 or more employees, 2) reside in the United States or Canada, and 3) be responsible for managing software license compliance (to ensure sufficient knowledge related to survey topics). Respondents were recruited via email invitation from a randomized list of IT professionals with manager- or director-level positions.
While some of the survey findings substantiated conventional thinking, other findings I suspect will surprise a lot of people that work in the IT asset management (ITAM) field. (More discussion on that in a future post.) Below are some of the top-level findings. The full report can be found here.
- 52% of respondents report that their organizations have been audited within the past two years. Of those, 72% (or 38% of overall respondents) had been audited within the last 12 months (some of whom were also likely audited in the year prior).
- The five independent software vendors (ISVs) most likely to have audited organizations within the last two years are: Microsoft, Adobe, Autodesk, Oracle, and SAP, respectively. (Among organizations with 10,000 or more employees, IBM shows up at position #4, bumping Oracle to #5 and SAP off the top five list.)
- Organizations with 5,000 or more employees report being audited at a higher rate over the past two years than those with fewer than 5,000 employees; however, it appears that organizations with between 500 and 4,999 employees and more than 25,000 employees were targeted more heavily in 2013 than they were in 2012. This may suggest that ISVs are increasing their focus on organizations of these sizes.
- Nearly half of organizations were given a month or more to prepare for the audit; 45% of the audits lasted three months or longer (from initial audit request to resolution).
- The top three organizational challenges with respect to staying compliant are: 1) license agreements/entitlements are difficult to understand/interpret 2) complexity of IT environments 3) inability to easily reconcile what software is installed with what software is being used.
- The top three attributes of respondents’ IT environments that make license compliance most challenging are: 1) diversity of the software portfolio 2) organization size 3) server virtualization.
- An overwhelming number of respondents rate their own understanding of their organizations’ license agreements as “decent” or “very strong.”
- 57% of respondents characterize their organizations’ relationships with the ISV during the audit process as “consultative/collaborative,” while 20% describe it as “contentious.” Among organizations with 10,000 employees or more, however, the percentage of those who describe the relationship as “contentious” doubles to 40%.
- 43% of participants report owing no money to their software vendor at the conclusion of the audit. Of those organizations that did owe money, the largest subset owed between $50,000 and $250,000. (Among organizations with 10,000 or more employees, the percentage of those who owed no money drops to 31%.)
- Among respondents who feel they have a 20% or less probability of being audited, most believe they will not be targeted because their vendors know they make a “good-faith effort” to be compliant.
In the weeks to come, we will devote a series of blog posts to discussing some of the individual findings from the report. In the meantime, I’d be interested in knowing whether there are any aspects of the report that you find particularly interesting. If so, please leave a comment below!