Comprehensive software reviews to make better IT decisions
Beware of Free Software Licensing Help From Software Vendors
Software audits have been on the rise as vendors attempt to recapture revenue. As licensing rules change on a regular basis (monthly in some cases), it is difficult for many organizations to keep up to date. A failed audit may result in punitive fines and, in extreme cases, injunctions that disrupt continuing operations until violations are resolved. The amount of business disruption depends on the scope of the audit and the size and complexity of the organization coupled with the audit clause in the contract. The risk of these highly visible failures can be reduced through effective software asset management practices. Being ready is critical, as it is a matter of time before there is a knock on the door.
Autodesk, IBM, Micro Focus, Microsoft, McAfee, Oracle, SAP, Symantec, and VMware are the vendors with the highest audit percentage rates. Microsoft wins the award for the vendor with the highest frequency of audits, enlisting software asset management (SAM) partners to perform licensing engagements and third-party consulting firms to perform full audits. Falling out of compliance with software vendors is easy due to frequent licensing changes, some of which are evolutionary such as processor to core shifts. Virtualization licensing rights, for instance, are a point of contention across vendors and have yet to be adequately addressed.
Microsoft, as a specific example, has its fiscal end of year coming to a close in June. There has been a steady increase in the number of organizations that have been approached since the beginning February, offering help with a license optimization or free SAM engagements as quick revenue wins. Please note: you have the right to refuse these “free” engagements and we highly recommend speaking to a Microsoft Licensing Analyst prior to engaging in any vendor-based SAM engagement.
Nothing is ever truly free, and Microsoft as well as other vendors offer these “complimentary services” to companies that they believe are out of compliance. Vendors recuperate the costs of such engagements, which are contracted out to various business partners, through the licensing shortfall payments they will receive, which can be very large. Once an out-of-compliance status is uncovered by these partners, there is only one way to resolve and move back into a compliance position: through spending. Common triggers of an audit are:
- Technical teams sharing architectural information with the vendor and inadvertently demonstrating non-compliance.
- Lack of net-new revenue spend with the vendor in light of the company growing.
- Public displays of the company launching new customer-facing solutions that may require underlying licensing that the vendor knows is not present or indirect access.
Taking preventative measures, in the form of a software asset management program and conducting annual internal audits, will allow your organization to be prepared and potentially avoid the audit altogether. Conducting your own SAM audit, or in conjunction with a third-party expert, can be worth the investment. This process includes a comprehensive look at your licensing position while providing a strategic plan moving forward. A paid engagement is especially worth the cost for organizations that are not able to internally manage their software assets on a consistent basis. Because of the complexity of licensing rules and lack of SAM tooling and processes, many organizations have unintentionally fallen out of compliance. Even though the mistakes were not malicious, they often result in a hefty bill.
- Audit defense starts long before you get audited. Maintaining a documented consolidated licensing position ensures that you are not blindsided by a sudden audit request. Be aware of key factors that can increase the risks of an audit such as company size, inconsistent purchasing, mergers and acquisitions, a previous failed audit, lack of SAM, or information passed along inadvertently. As a general rule of thumb, as complexity of licensing increases, so do penalties. If the environment is highly complex, prioritize effort by vendor likelihood of audit and spend. Conduct annual internal audits according to best practices contained in this research.
- Create a methodology to quickly and efficiently respond to audit requests.Don’t panic when you receive a notification. Take control of the situation and prepare a measured response. Ensure electronic records exist for license documentation to provide fast access for audit and information requests. Being able to respond in a timely manner either for deferral or with accurate data is critical. When deadlines are tight, and internal resources don’t exist, hire a third party – their experience will allow a faster response.
- Understand the audit process and negotiate terms of the audit such as deadlines, proof of license entitlement, and who will complete the audit. The vendor’s approach towards compliance will dictate what motivates them, how they operate, and how you should work with them. Verifying accuracy of discovered data can produce errors from vendor-supplied scripts that have been run or assumptions made. Avoid scope creep as the vendor may want to include scripts, products, or geographic locations that previously weren’t included in the agreed-upon scope of audit.
- Leave knowing what hands you lost and why. Come to a consensus on which findings truly necessitate organizational change. Beware of:
- Prior findings: Findings must be based on the facts of the current audit; do not accept findings based on a previous audit’s findings.
- Exaggerated findings: Monitor the findings for inflated volumes of occurrence; ensure that findings are getting to the root problem.
- Insignificant findings: Do not let compliance organizations penalize your company for their perception of your SAM maturity level; keep the focus on the “in-scope” products.
- Inaccurate findings: Auditors can be mistaken about technical feasibility. Be sure to clarify if the auditor made an error.
Going on a spending spree to purchase licenses, ignoring audit requests, or moving to the cloud doesn’t relieve the organization of compliance obligations. Hundreds of thousands of dollars can be saved by having a strategy, knowing the organizational licensing position, and documenting historical contracts.
Want to Know More?
So you’ve gone Agile. You do daily scrums, retrospectives, and all the “right” Agile ceremonies. But still your organization isn’t quite convinced. It is now critical to balance the drivers and goals of both Agile and traditional thinking in order to achieve organizational success.
Do you feel like your Agile teams are treading water – going through the motions but never going anywhere? It’s a risk, and practices such as daily standups, retrospectives, and demonstrations need to be used wisely or you risk losing discipline to meeting fatigue.
Stakeholders expect the speed and responsiveness of product delivery does not come at the expense of quality. QA tools offer retailers the ability to continuously ensure both business and technical quality standards are upheld, but these tools should not be viewed as a silver bullet.
No matter how good your product roadmap and backlog are, they are only as good as your audience’s ability to understand your vision and priority.
The scrum master is like the conductor of an orchestra, ensuring that every piece fits together at the right time to create something greater than the sum of the parts. You don’t have to know how to play each instrument, but you do have to understand what each part contributes to the overall masterpiece.
Tools are important to product teams, but only when they support solid people and processes.
Aha! introduces scenario planning to give product owners the ability to create and compare multiple release approaches based on team capacity and backlog priority.
If an image is worth a thousand words, a visual roadmap will save you a thousand hours.
The application portfolio management (APM) tool space can be a confusing one, as many software vendors offer their own take of what APM is. Enterprise architecture, application management and project portfolio management tools offer an APM use case, but these are often quite skewed the primary function of the tool.