How can you ensure that your organization is protected and prepared when (not if!) an audit occurs?
If your company has not received an audit request from a software vendor asking you to validate what aspects of their tools or service you are using in order to assess licensing fees, it is only a matter of time. While many vendors have implemented half-successful automated processes to measure usage and licensing of their software, this area of digital is still quite immature. As a result, vendors may request data, access to your systems, or confirmation of the number of users accessing licensed software.
When you lack a formal software licensing process (think standards and who has accountability for governing this aspect of digital!), you likely face higher licensing fees. Why? Because oftentimes busy, well-intentioned digital workers respond to the audit by making off-the-cuff statements about software usage patterns that should be actual but are, in fact, inflated or inaccurate. Coupled with complex licensing terms that usually require legal expertise to untangle, your organization could face a bill that is exponentially larger than it would be for the true software usage within the organization.
How can you ensure your organization is protected and prepared should an audit occur?
- As part of your digital governance framework, decide and assign accountability for software licensing inventorying.
- Define a policy and associated standards for software inventorying, focused on digital aspects that are often forgotten (e.g., API interfaces to a system for data sharing).
- Create processes that map to your policy, and standards that support software inventorying, on an individual basis. This is likely a combination of manual and automated processes, and since it is constantly changing as digital workers’ roles morph and the need for licensed software changes, make it a standard part of a person’s job to track the usage.
- As part of the inventorying, make sure to communicate your plan to digital workers, especially if automated validation and management will be implemented. That way if a user’s software license is reassigned based on infrequent or periodic lack of use, the users will have context for the software not working.
- With a solid plan in place, you will reduce your company’s financial risk and make the audit process simpler for all involved.