Top 5 Software Compliance Issues


November 08, 2019
Audit IT

Interested in learning more about NPI’s services?

Contact Us

This content was updated January 12, 2021.

Most enterprise software compliance issues occur unintentionally. By and large, companies try to walk the line through rigorous software asset management and transparency with software vendors. Despite those efforts, however, most software license audits uncover noncompliance – and the penalties associated with these compliance failures can be crippling. Audit penalties in the 7- to 8-figure range are not uncommon.

Are you wondering if your business is unintentionally out of compliance? Below, we explore the five most common software compliance issues and discuss how to put parameters in place to avoid audit failure.

Top 5 Software Compliance Issues

#1. Inadvertent Misuse

Inadvertent misuse is a top offender in software compliance issues. For example, certain license types can only be used in non-production environments like development, testing or failover (these are examples of “limited-use licenses”). Companies often purchase these license types to save costs and align with then-current usage requirements, then later discover they are somehow being used in production environments for things like internal data processing operations.

To avoid the risk of license misuse, have a clear understanding of use rights and verify all licenses are being used for their intended scope.

#2. Misinterpreting Licensing-Related Definitions

Licensing programs and definitions constantly evolve as new ones enter the mix. Do you know what constitutes a qualified user or device with Microsoft? Or IBM’s concurrent versus floating user? How about Oracle’s application full use license versus an embedded software license?

This complex and confusing licensing “flexibility” offered by the vendors, combined with your own evolving usage needs conspire to make it easy to violate licensing terms, and make you a target for software compliance audits. You can prevent unintentional software compliance issues by requesting clarification on any licensing-related definitions and allocating software licenses in accordance.

#3. Changing Product Use Rights that Leave Your Software Unlicensed

Another top software compliance issue occurs when a vendor changes their product use rights without your knowledge. As a result, you now have unlicensed software, and (if left untreated) a crippling noncompliance charge on the way.

Product use rights can change at any time. Unless you proactively look for changes, most of which are buried online, you can easily miss the details. We’ve seen this with Microsoft, Oracle, and particularly SAP as they try to establish more “customer-friendly” indirect use policies.

To avoid noncompliance on major software estates, establish a cadence for regular inspection of product use rights and online services terms.

#4. Upgrading or Downgrading Software Without Understanding Product Use Rights Implications

Which product use rights apply in an upgrade/downgrade scenario: the rights included with your original purchase, or the rights that came with the upgrade/downgrade? Depending on the vendor, it varies.

Before upgrading or downgrading software licenses, determine any product use rights implications to prevent software compliance issues.

#5. Unsuspecting Compliance Implications of Virtualization

Virtualized environments are hotbeds for noncompliance. Vendors have different (and very specific) rules for how hosts and software are both coupled and managed. For example, Microsoft and Oracle licensing don’t always play nice with VMware, and both vendors have been rumored to target joint VMware customers for compliance inspection.

Therefore, be sure to validate compliance implications of virtualization to avoid costly noncompliance charges.

Avoid Software Compliance Issues with a License Position Assessment

Most enterprise customers will be audited by at least one large software vendor this year. The best defense is proactively conducting an internal self-audit – a License Position Assessment – on your largest software estates.

Consider this as preventative maintenance. Rather than waiting until a vendor initiates an audit, you can proactively spot potential risk and fix it. The ideal time to do a license position assessment is well before your next renewal or true-up, allowing plenty of runway for remediation decision-making and implementation.

Engage Software License Audit Services

It’s important to understand what deployment tools vendors use to detect noncompliance, and to have the deep licensing expertise to know how the vendor will interpret noncompliance. These are just some of the reasons why companies turn to NPI’s software license audit services.

We collect your actual software deployment data and compare it against your entitlements to identify usage gaps (over- or under-utilization) and provide remediation recommendations. We use vendor-side and independent data collection tools to validate findings and are keenly aware of where specific vendors frequently misinterpret findings.

Remember, vendors partner with outside audit consultants (Deloitte, KPMG, etc.) that are financially motivated to find noncompliance, which they most often do. Enterprises should take all precautions to avoid or minimize noncompliance risk. Performing a preventive internal self–audit using the very same level of scrutiny that the vendor’s team would use – as well as similar tools and processes – is the most effective tactic.

If you aren’t sure of your compliance position on a large software estate, or have a renewal on the horizon, you’re likely a good target for an audit. Don’t get caught off guard. NPI’s license position assessment and software license audit services have helped enterprises minimize noncompliance exposure and avoid or minimize multi-million-dollar penalties