Cherwell IT Service Management Blog
Resources, Best Practices, and Solutions for ITSM Pros

The Software Industry’s Most Notorious Auditors

Posted by

Gartner recently published the results of its 2011 report discussing “The Software Vendors That Are Auditing Now and What to Do About It,” conducted among attendees of its most recent annual “IT Financial, Procurement and Asset Management Summit,” held back in September of 2011. The report covers a number of areas including the percentage of participants having undergone a software audit within the previous 12 months, which ISVs are conducting audits most frequently, why they believe audits are increasing, and tips for managing both the audit process and the outcome.

It’s important to recognize that the participants of this survey represented a very biased group (read my recent blog post on this), given their size and their very presence at a conference that deals heavily with the subject of software audits and licensing best practices. But despite the survey’s bias, some of its findings provide good general guidance as to from which vendors you might expect to receive an audit request. Below is a breakdown of the vendors and the corresponding frequency of audits among the 65% of participants who had experienced a recent audit.

Note that if you do the math, the figures show that each respondent, on average, was audited at least twice, which came as a bit of a surprise to me. Although, once again, if you take into account the bias of the study, and you agree that some companies are more prone than others to get audited, it would stand to reason that if one vendor finds you to be an attractive target, so would others.

For me, the biggest takeaway is reinforcement of the notion that organizations are wise to prioritize their software license management efforts (especially when starting from scratch) based on a combination of their own license portfolio and the vendors known to be most active from an auditing standpoint; it’s clear there are some standouts on this list. That’s certainly not to say that the importance of these vendors might shift based on your own organization’s size, vertical focus, and risk profile (and there may be vendors you should be concerned with that don’t appear on this list) but it’s a solid reference point that can get you pointed in the right direction.