Prepare and Defend Against a Software Audit
A mishandled audit can result in financial consequences far more severe than a slap on the wrist.
Onsite Workshop
A failed audit can result in:
- Large unexpected punitive fines or injunctions
- Disruption to business continuity
- Follow-on audits (potentially from other vendors)
- Reduced negotiating power with vendors
A proactive approach to audits leads to:
- Reduced risk of non-compliance and avoidance of cost repercussions
- Reduced duration of audit and minimal disruption to business continuity
- Clear understanding of regulatory requirements and licensing strategy as business needs evolve
- Understanding and development of a SAM practice with accurate data for effective decision making
Module 1: Prevent an Audit
The Purpose
- Kick off the project
- Identify challenges and red flags
- Determine maturity and outline internal audit
- Clarify stakeholder responsibilities
- Build and structure audit team
Key Benefits Achieved
- Leverage value from your audit management program
- Begin your proactive audit management journey
- A documented consolidated licensing position, which ensures that you are not blindsided by a sudden audit request
Activities: | Outputs: | |
---|---|---|
1.1 | Perform a maturity assessment of the current environment |
|
1.2 | Classify licensing contracts/vendors |
|
1.3 | Conduct a software inventory |
|
1.4 | Meter application usage |
|
1.5 | Manual checks |
|
1.6 | Gather software licensing data |
|
1.7 | Reconcile licenses |
|
1.8 | Create your audit team and assign accountability |
|
Module 2: Prepare for an Audit
The Purpose
- Create a strategy for audit response
- Know the types of requests
- Scope the engagement
- Understand scheduling challenges
- Know roles and responsibilities
- Understand common audit pitfalls
- Define audit goals
Key Benefits Achieved
- Take control of the situation and prepare a measured response
- A dedicated team responsible for all audit-related activities
- A formalized audit plan containing team responsibilities and audit conduct policies
Activities: | Outputs: | |
---|---|---|
2.1 | Use Info-Tech’s readiness assessment template |
|
2.2 | Define the scope of the audit |
|
Module 3: Conduct the Audit
The Purpose
- Overview of process conducted
- Kick-off and self-assessment
- Identify documentation requirements
- Prepare required documentation
- Data validation process
- Provide resources to enable the auditor
- Tailor audit management to vendor compliance position
- Enforce best-practice audit behaviors
Key Benefits Achieved
- A successful audit with minimal impact on IT resources
- Reduced severity of audit findings
Activities: | Outputs: | |
---|---|---|
3.1 | Communicate audit commencement to staff |
|
Module 4: Manage Post-Audit Activities
The Purpose
- Clarify auditor findings and recommendations
- Access severity of audit findings
- Develop a plan for refuting unwarranted findings
- Disclose findings to management
- Analyze opportunities for remediation
- Provide remediation options and present potential solutions
Key Benefits Achieved
- Ensure your audit was productive and beneficial
- Improve your ability to manage audits
- Come to a consensus on which findings truly necessitate organizational change
Activities: | Outputs: | |
---|---|---|
4.1 | Don't accept the penalties; negotiate with vendors |
|
4.2 | Close the audit and assess the financial impact |
|