What to Do Now to Prepare for Increased Software Audit Activity

Software license audit activity has steadily increased over the last decade. But there are troubling indicators that IT vendors will be targeting customers more heavily in the coming weeks and months. What’s behind this shift? What can companies do now to prepare?

Throughout the last few years, there have been several subtle shifts in the software vendor landscape. Some of these are byproducts of M&A activity while others have been caused by growing economic headwinds. Procurement, SAM and IT executives need to take a moment and consider the implications of these shifts and the risk to budget impact.

For the first time in a while, tech companies are finding they’re not immune to the economic volatility of the moment. A tech-stock market correction is evident and even the largest software vendors are feeling the pressure. It’s not surprising many are responding with the usual measures to increase revenue and minimize loss – price hikes, licensing changes and software license audits.

While it’s not always possible for customers to mitigate the impact of these measures on their business, there are some things customers can do to fortify cost management of their IT ecosystems. One obvious example is performing IT price benchmarking on all purchases and renewals to mitigate (or even negate) price increases. Another example? Preparing for what is becoming – and is expected to continue to be – above-average frequency in software license audits.

Changes in Software Vendor Landscape are Driving Up Audit Activity

NPI believes there are indicators of a yet-again increase in software publisher audit activity in the coming weeks and months. Examples include:

• The purchase of Citrix by Vista Equity Partners & Evergreen Coast Capital. Experience has shown that private equity takes full advantage of software compliance opportunities. Just ask customers of Quest & Micro Focus. Penalty fees for noncompliance are low-hanging fruit for revenue generation and are often disproportionately high compared to annual spend.

• Oracle customers are being targeted for Java compliance. There is growing evidence that Oracle is now formally auditing clients’ Java compliance with its Global License Advisory Services team engaged. The vendor also has announced new employee-based pricing for Java SE subscriptions, which could have a long-tail impact on compliance.

• VMware, being acquired by Broadcom, is increasing soft audit activity. VMware has apparently intensified its use of soft audits across its client base. Also concerning is Broadcom’s plan to acquire VMware. Broadcom has a long history of being difficult to do business with and prioritizing profits over customer relationships.

• Microsoft’s volatile earnings could be a bellwether. Microsoft’s earnings have demonstrated weak spots as Azure growth slows.

• Layoffs. Microsoft, Oracle and numerous other IT/telecom vendors have announced layoffs in recent months. While some layoffs have been cloaked in “organizational restructuring,” the underlying driver is clear – IT vendors are trimming the fat internally because of heavy pressure to increase profitability.

Combined, these events point to an increased focus on generating revenue through both formal and informal software license audits. Informal audits – also known as “soft” or “backdoor” audits – typically come in the form of an offer to help clients optimize their environment. In reality, however, they are an audit where software publishers leverage an internal team closely aligned with service implementation and delivery.

What You Can Do to Prepare

In the best of circumstances, software license audits are highly disruptive and punitive. They consume operations resources, increase executive anxiety, and have the potential to result in a substantial unbudgeted financial impact (typically 7-figures). With the frequency of audits on the rise, NPI recommends companies take the following actions to protect and prepare:

• Independently determine your license position with those vendors in your software stack that present the most material risk – NPI calls this a License Position Assessment (LPA). The LPA compares the inventory of licenses you own against the licenses you have deployed (tools or scripts provide a fact-based analysis of deployments) to identify potential compliance issues as well as unused licenses that are driving stranded costs. The LPA includes recommendations for remediation options and identifies areas for improvement in SAM. Typical vendors for LPAs are Oracle, IBM, Microsoft, SAP, Quest and Adobe.

• Review license reporting requirements (such as IBM’s ILMT sub-capacity snapshots and SAP’s Self Measurement). Ensure internal processes are effectively reviewed and optimized prior to data submission. If not properly managed, you could be subject to a challenging audit or receive an unnecessary, unbudgeted true-up.

• Familiarize IT and deployment teams with key license terms and requirements, especially those that are slippery slopes into noncompliance. Examples include Oracle’s stiff partitioning requirements, Options & Packs use, SQL Hybrid Benefit for Microsoft, indirect access for SAP, etc. These examples all have a few things in common: (1) it’s easy for customers to unwittingly fall out of compliance, (2) requirements and rules can be confusing to customers without deep inside licensing compliance expertise, and (3) noncompliance fees can be alarmingly high.

• Develop and confirm Rules of Engagement for vendor communication. These rules should explicitly state who can communicate with the vendor and required approvals and permissions prior to sharing environment data of any kind with anyone within the vendor’s organization.

While Procurement, SAM and IT executives may not be in a position to prevent software audits, they are in a position to anticipate and remediate potential exposure well before a notice or request is received.

NPI’s license position assessment services can help you proactively assess your compliance risk and remediate accordingly. Additionally, if your organization is already engaged in an informal or formal audit, we can validate licensing data prior to submission to eliminate unnecessary self-incrimination or data inaccuracies.