Governing Software and Navigating Audits
If your company has not received an audit request from a software vendor asking you to validate what aspects of their tools or service you are using in order to assess licensing fees, it is only a matter of time. While many vendors have implemented half-successful automated processes to measures usage and licensing of their software, this area of digital is still quite immature. As a result, vendors may request data, access to your systems, or confirmation of the number of users accessing licensed software.
When you lack a formal software licensing process (think standards and who has accountability for governing this aspect of digital!), you likely face higher licensing fees. Why? Because often times the response to the audit is presentation of off-the-cuff statements by busy, well-intentioned digital workers of what should be software usage patterns when in fact they are inflated or inaccurate. Coupled with complex licensing terms that usually require legal expertise to untangle, your organization could face a bill that is exponentially larger than the software usage within the organization.
How can you ensure your organization is protected and prepared should an audit occur?
- As part of your digital governance framework, decide and assign accountability for software licensing inventorying.
- Define a policy and associated standards for software inventorying, focused on digital aspects that are often forgotten (example: API interfaces to a system for data sharing).
- Create processes that map to your policy and standards that support software inventorying, on an individual basis. This is likely a combination of manual and automated processes, and since it is constantly changing as digital workers’ roles morph and the need for licensed software changes, make it a standard part of a person’s job to track the usage.
- As part of the inventorying, make sure to socialize your plan, especially if automated validation will be implemented. I recently described how an organization learned a lesson from skipping this step.
With a solid plan in place, you will reduce your company’s financial risk and make the audit process simpler for all involved.