4 Common Misconceptions About Software Audits

Posted by on June 08, 2016


Software audits are a fact of life. Even companies with their software licensing well in hand will likely undergo an audit at some point. It’s a stressful-and often anxiety-inducing aspect of doing business. After all, licensing terms change, new versions of software are released, technology platforms evolve; and let’s not forget the proliferation of mobile devices used in the business environment. Which of these factors play into the potential for a software audit? In revisiting a software audit industry report published in 2014, we want to highlight some common misconceptions companies have about the probability of being audited and which vendors are doing the auditing. From what we’ve seen in the last couple of years, we have little reason to believe our findings have changed much, if at all. The results may surprise you.

Tweet this:Software audits are bound to happen. 4 common misconceptions about audits & how to prepare. #ITAM

Misconception 1: Only the Really Big Companies Are Audited

It’s easy to see why so many believe smaller companies are immune to an audit. It seems logical – big companies have more licenses to keep track of, and the revenue potential for ISVs is greater. There's no question that companies with 25,000 or more employees are being targeted at a much higher rate than companies of a smaller size (46 percent). But the truth is, it’s not just the big companies that are fiercely targeted. Among companies that had been audited within the prior year, those with between 5000 and 10,000 employees were a close second (42 percent), and those with 500 to 1000 employees a not-to-distant third (36 percent).

Misconception 2: My Company Will Probably Only Get Audited by Microsoft

While many companies say they have been audited by Microsoft more than any other ISV, the audit risk of one particular company is significantly underestimated: Autodesk. According to the study, of the companies that were audited, nearly 30 percent were audited by Autodesk, yet only three percent of companies that hadn’t been audited believed Autodesk represented a risk. And another vendor, The Attachmate Group, which reportedly audited seven percent of respondents, wasn’t even on the radar.

On the flip side, in this same study, respondents largely over-estimated the probability of being audited by VMware. Only five percent of companies experienced an audit from the company within the last two years, while 18 percent of those surveyed expect that VMware would audit them.

Misconception 3: Understanding License Agreements Means it’s Easy to Maintain Compliance

The software audit report indicates that an overwhelming number of respondents rate their own understanding of their organizations’ license agreements as “decent” or “very strong.” However, survey participants stated the most significant challenge related to maintaining compliance is understanding license agreements. In considering this, it’s clear that IT professionals aren’t burying their head in the sand; they know compliance is challenging, and make a valiant effort to get their arms around the nuances and complexities of software licensing. But simply understanding license agreements isn’t enough.

The biggest barriers to compliance are the complexity of IT environments and difficulty reconciling what’s installed with what’s used. While IT environments aren’t likely to become less complex, it would seem that if companies could close the gap between what’s installed and what’s being used, the compliance puzzle would be significantly easier to solve.

Additionally, the data suggests those who work at companies that haven’t been audited identify company-issued mobile devices, employee-owned mobile devices, and a mixed desktop environment make license compliance challenging. Yet those who work at companies that have been audited don’t rank those nearly as high on the “challenging” scale, suggesting that ISVs may not (yet) place a significant emphasis on these factors when performing audits.

Tweet this: What are the biggest misconceptions when considering software audits? 4 pitfalls to avoid here

Misconception 4: It’s Just a Matter of Time Before Our Company is Audited

Respondents at companies that have not been audited overwhelmingly believe that an audit is inevitable. While anecdotal data from ISVs suggests this may be true, data from the survey suggests that things can be done to minimize one’s risk. While the reasons for being targeted for an audit are, in some cases, anyone’s guess, the top reason respondents believe they were audited was because their license contracts were outdated. This would suggest that if companies remain diligent about evaluating and updating their license agreements with their top vendors on an annual basis, it would stand to reason that their audit risk would diminish somewhat.

Secondly, companies that had implemented software asset management tools were 32 percent less likely to be audited. While it would be foolish to assume there’s a cause-effect relationship between the presence of a tool and the likelihood of an audit, it stands to reason that 1) if your vendor is aware you’re making a good-faith effort to be compliant, they’re less likely to audit you, and 2) if you can produce a report showing a favorable license position upon receipt of an initial audit letter or inquiry, you may be able to stave off a full-blown audit. Remember: software vendors audit customers for one reason: to generate revenue. If they suspect you’re not likely to have a significant license shortfall, they may very well focus their efforts elsewhere.

Watch our on-demand ITAM webinar series to learn more about software audit preparation, managing hardware and software inventory, reducing software license costs, and streamlining IT asset reporting.

Watch Recording

Learn More About Our Updates to the Cherwell Knowledge Articles