Software vendors are dramatically increasing the amount of license auditing activity as they try to maximise revenue in tough economic times.
According to Forrester Research, end user organisations last year felt the effects of intensified audit measures and enforcement vigilance by their software vendors.
"Not only did companies face increased software audit activity in 2009, but they also saw more causes of disputes and noncompliance claims," writes Duncan Jones, a Forrester principal analyst in a new report, Surviving a Software License Audit.
"In addition to spotting genuine under-licensing, many vendors' audit teams seemed to want to meet their revenue targets by exploiting technicalities and loopholes."
Among the chief causes of audit compliance nightmares noted in the report: virtualisation, multiplexing ("indirect use via integrated applications still counts as use"), inactive user accounts, external use and accidental deployment.
Jones said vendors have every right to protect their intellectual property and ensure customers are complying with the terms of the license agreements.
However, "sometimes audits can be painful or even terminal, for IT sourcing and vendor management leaders," he adds.
The chief problem is that typical IT managers often don’t have the skills and experience necessary to take on specialist compliance teams sent in by vendors.
"Vendor license compliance teams are skilled at spotting revenue opportunities," Jones writes, "ranging from genuine excess usage and deployment to, in some cases, questionable interpretation of contract clauses."
Then there are the fanatical software audit teams that can wreak havoc, Jones says, like "revenue-generating cops who hide with their radar guns in bushes at the bottoms of steep hills."
In the report, he describes rogue or third-party compliance teams that "overzealously pursue their own revenue targets outside of the main account team's control, oblivious to how the audit team's behaviour may be damaging the long-term relationship with that customer."
Forrester's client stories of audit insanity, detailed in the report, offer a cautionary tale for CIOs and IT departments who don't actively manage enterprise software license agreements and user accounts, or practice adequate software asset management
Forrester suggests some simple defensive tactics:
- Don't avoid the audit letter that typically arrives before an inspection visit.
- Demonstrate to the vendor that your company will cooperate fully with a "reasonable process" but will not be bullied or held ransom.
This is all critical for IT leaders, says Jones, because "there is little he or she can do once the compliance team has smelled blood."