Author: Greg Misso
With a volatile global market currently, we are seeing increased software vendor audits. Here we discuss things to know and inherit risks associated with vendor audits.
With the ever-evolving modern workplace, we are seeing more and more organisations embrace new ways of working by introducing new technologies and shifting workloads from on-premise to the cloud, with many still opting for the more common hybrid model. This dynamic shift brings with it some inherent challenges whereby software vendor licensing models must be considered before taking that step, as the ramifications can be costly if not fully understood. Add this to more volatile global financial conditions; we are already seeing the somewhat cyclic nature of software vendors where they introduce price increases and audits ranging from a “soft/self-audit” to a “full-blown” audit. No organisation is immune, and the outcomes of these audits are generally seen as quick revenue streams for software vendors. You need to ask yourself not “if”, but “when” will we be audited.
In the second half of 2022, we have already witnessed increased vendor audit activity, and the indicators are that this trend will continue into 2023. Organisations are being stretched beyond capacity with internal restructures and budget cuts resulting in the downsizing of SAM teams or headcounts not being replaced.
Findings in the recent “Flexera State of ITAM Report (October 2022)”( https://info.flexera.com/ITAM-REPORT-State-of-IT-Asset-Management#view-report) suggest SAM teams can spend more than half of their time working on a combination of internal and publisher audits, leaving them little time to focus on driving remediation and optimisation initiatives.
Based on the “Flexera State of ITAM Report” respondent answers, it comes as no surprise that the top 3 active software vendor audits are conducted by Microsoft, IBM and Oracle with Microsoft increasing from 46% to 52% in the last year. These software vendors represent the largest installation footprints and IT capital and operational spends in most (if not all) organisations so it makes sense for organisations to focus on establishing a baseline and position of ownership.
For those that have been through a software audit, the experience can often be a stressful one. Software audits will most certainly get the attention of C-level management, which is why it is so important that there is buy-in early and support for the ITAM function at this level. Failure to establish alignment between all levels of the ITAM function can result in costly penalties due to a vendor audit. Again in the recent “Flexera State of ITAM Report”, 40% of respondents indicated that they have had to pay $1M or more in vendor audits that are often unbudgeted for. This underpins the importance of C-level engagement to drive the ITAM initiative throughout the organisation and be proactive instead of reactive.
Software vendors have increased the volume of audit activity in 2022 and there are no signs of this abating in 2023. The risks of being audited by one of Microsoft, IBM or Oracle are probable in the next 12 – 18 months, so you need to consider what you can do to prepare your organisation for this event. Some of the key items include:
- Secure C-level sponsorship for the SAM/ITAM programme
- Identify software vendors that are prone to audits and prioritise based on potential financial exposure
- Determine whether to invest in internal resources or to outsource the SAM function
- If internal, make sure adequate training is provided to understand the nuances of the different license metrics and product terms of key software vendors
- Invest in a SAM toolset to assist in determining your organisations license position for the in-scope software vendors
By undertaking these key items, your organisation will be in a better position for “if” and “when” the audit is called.
If you have been involved in a recent audit, I’d love to hear your experience and any tips that you would be prepared to share.