• No results found

MANAGING THE SOFTWARE PUBLISHER AUDIT PROCESS

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "MANAGING THE SOFTWARE PUBLISHER AUDIT PROCESS"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

MANAGING THE

SOFTWARE PUBLISHER

AUDIT PROCESS

(2)

THE USE OF BUSINESS SOFTWARE AND SPORTS ARE DEFINITELY

QUITE SIMILAR; IF YOU WANT TO ‘PLAY’ (USE THE SOFTWARE), YOU

HAVE TO ACCEPT THE RULES. THIS INCLUDES THE RULES SET OUT

IN THE LICENCE TERMS. IF THE RULES ARE NOT ACCEPTED AND

CORPORATE SOFTWARE IS BEING USED ILLEGALLY, A ‘REFEREE’

WILL HAVE TO IMPOSE FINES.

BUSINESS SOFTWARE ALLIANCE (BSA)

MICROSOFT WAS THE LEADING AUDITOR REPORTED

ACROSS ALL ORGANISATIONAL SIZES.

(3)

All software publishers have a ‘right to audit’ clause written into all their end user licence agreements (‘EULA’) or subsequent terms and conditions of commercial agreements.

These software audits challenge businesses to prove their licence compliance by evidencing what software licences they have procured against usage and/or consumption across their organisation. This translates to two main challenges; proving software compliance and maximising spend optimisation.

Industry Changes – How the Industry Has Evolved

Software publishers, like the majority of industry sectors, have been unable to avoid the current economic uncertainty. Recent years have seen even the large software publishers, such as Microsoft, IBM and Oracle, experiencing sudden and unexpected drops in projected business activities due to their customers reducing IT expenditure or scaling back on both upgrades and infrastructure projects.

As software purchases are either deferred or cancelled - software publishers are looking alternative options to achieve their revenue targets and satisfy shareholder demands. One option is for the publishers to invoke their contractual audit rights and target possible IP infringements. This is largely due to some organisations not effectively managing the use of software that has been procured for their business.

Software publisher audits can be one of the most disruptive and costly events that an organisation, and especially Procurement/IT departments can face. The ability for organisations to demonstrate clear competence in their licence position and software management can nullify many of the associated financial, legal and resource costs of a software publisher audit, but proactive risk management is difficult to obtain based on the size and complexity and changes to IT environments.

What’s the impact of an Audit on an Organisation?

The impact on an organisation depends on the level of SAM Maturity and their capability to manage the software audit engagement. If the organisation understands and can efficiently and accurately report on their usage and consumption data, then the impact could be reduced. If organisations can also demonstrate a maturity of management and control over their estate, then this could positively create a change in strategy of software publishers approach to auditing.

During our audit defence experiences, we have made the following general observations - these are not applicable to all publishers and may not occur every time an audit is conducted but they may:

• Make judgements with the organisation’s data and their interpretation of licence rules that may provide an alternative view to that which is settled

• Require the audit’s conclusion is reached quickly – this is normally aligned to reporting periods, but in some cases the speed of this conclusion isn’t always a factor

• Lead with a conversation over a legal charge or IP infringement.

The usage and consumption data will always retain maximum importance as well a full understanding of the nuances of the licence terms and conditions, as such an organisation’s ability to control the data quality and credibility and when this is released is of paramount importance.

Under most scenarios if you control the accuracy, release dates and other aspects of your data, then your ability to control the situation and the outcome will be improved.

Unfortunately if the organisation cannot demonstrate how their software estate is managed across the software lifecycle; therefore resulting in limited control and capability, a software audit can have a considerable impact on: • Resource – Capability, availability and volume

• Unbudgeted software spend

• Investment in unnecessary software products

(4)

Initial Contact from Software Publisher

In general, across the market, publishers rarely lead with the word ‘audit’. The most common approach would be to try and work collaboratively with the customer to review their software licences to ensure the end users are getting the most from their investment with the publisher.

The formal approach is to issue a letter to the CEO/CIO/CFO requesting a meeting to formally initiate a software licence review, however software publishers can use a number of opportunities to engage or re-engage prior to a formal letter being received.

An organisation is more susceptible to receiving an audit request if:

• The organisation has recently completed a software audit from a different software publisher

• Major IT Change Programme(s) are planned to commence or are already in-flight e.g. Hardware infrastructure migrations, operating system upgrades etc.

• Major organisational changes are planned to commence or are already in-flight. e.g. Divestment or acquisition; especially if announced to the Stock Exchange or similar

• Tactical decision to move away from key technologies provided by the incumbent publisher. e.g. Moving away from Microsoft to Google

• Exit / Non-renewal of existing software contracts

How to Approach a Vendor Audit

Best practices suggest a software audit can be broken down into three phases: • Phase 1 – Communications Strategy

• Phase 2 – Formal Audit Engagement • Phase 3 – Post Audit Activities

Phase 1 – Communications Strategy

It is vital that any formal or informal audit request is managed centrally and from a global perspective (if applicable), so to help your business it is important to understand some of the following:

• You remain their customer and as such it is important to the publisher that a level of customer satisfaction is retained

• Unless evidence has been obtained, the publisher cannot know for certain that you are infringing their IP or have any compliance issues

A virtual team should be created with a definitive central point of all communications. Based on the creation of the virtual team an internal review to ascertain the SAM capability will be undertaken which will naturally drive the organisations decision to either:

• Look to the external market and obtain the correct level of SAM expertise and support • Commit to managing the audit engagement in-house

Whichever approach is taken this should be shared with the publisher, any third party and the internal organisation structure.

It is also important to note that customers have a business that takes ultimate priority and publishers accept there may be delays in initiating the audit process based on a number of internal, organisational and other factors.

It is important that dialogue is maintained with the publishers to ensure mutual cooperation and a satisfactory mutually acceptable outcome is achieved.

(5)

Phase 2 – Formal Audit Engagement

In order to establish control and a positive outcome for customers once an official audit notice has been received, the following should be observed. The engagement model is split into four key components:

Planning & Preparation:

As with many engagements, Planning & Preparation is vitally important and this would be especially relevant in the software publisher audit process. Resources firstly need to be determined, allocated and aligned to areas of expertise to the part(s) of the process

Data Collection:

All areas of data required for the process must be assessed for accuracy, completeness and the impact Final Position:

An agreed final position must be agreed internally and any subsequent mitigating information prepared in advance of any sharing with the publisher

Formal Response:

The Final Position is submitted to the publisher All Party Agreement and Closure:

Commercial discussions along with the mitigating information is assessed and a mutual agreement reached between the publisher and the customer

Phase 3 – Post Audit activities

Do not underestimate the importance of this phase. If you have witnessed at first hand the stress and disruption to your organisation that comes with a software publisher audit, you will understand and want to ensure that the time and effort applied to this exercise is not wasted or duplicated if a new audit request is received.

It is important to ensure that all the applications associated with the software vendor are managed going forward.

Initiating or Developing a SAM Programme

As part of a Lessons Learnt exercise that will follow any audit engagement, one of the most recurring responses from customers is ‘….we need to plan to ensure that a repeat of this exercise is much easier to execute….”.

To this end it is strongly recommended that a SAM programme is initiated from senior management with their support. Computacenter have been assisting customers in the development, design, execution and management of SAM programmes for in excess of 15 years.

Our interpretation of the SAM landscape can be considered by addressing the following categories: • Policy & Process Overview

• Policy & Process Design or Redesign • Licence Compliance Assessment • Ongoing Management

(6)

How Computacenter Can Assist

Computacenter has developed a wide range of Software Asset Management (‘SAM’) and Licence Management (‘LM’) services by engaging with its customers for over 15 years. Our approach also aligns with the ITIL framework of People, Process and Technology ensuring that all of these aspects are covered to attain the most effective SAM maturity for our customers.

Computacenter’s Solution: C3Software

What is C3Software?

C3Software is a suite of services that are designed to help organisations cut complexity and cost from software

asset management. The services incorporate best-of-breed technology and expert skills and resources to enable organisations to address those software challenges.

The services also aim to assist customers in designing a SAM programme that will provide resolutions to business challenges and goals through efficient SAM practices. Computacenter want to ensure the SAM journey customers take is measured and adequately allows for maturity to be increased over a given timeframe. It is as ineffective not doing anything as it is to try and ascend the maturity scale over too short a timeframe based on our experience of implementation and initial investment required.

C3Software utilises the three aspects of the ITIL framework to create four main service categories:

• Licence and Software Asset Management Services • Strategic Software Vendor Optimisation Services • Policy and Procedure Consultancy

• Consultancy Advisory Services (including Audit Defence)

Specific Consulting services aimed to deliver against bespoke customer requirements. Audit Defence services are contained within this to offer help and support services to assist customers in the Software Publisher Audit process

Based on ITIL, Computacenter feel that their framework requirements are addressed as follows: People

Our consultants have a breadth and wealth of experience in many different customer types, sizes and verticals and spanning both the design and delivery of all services above

Process

Computacenter’s aim is to use industrialisation; in that the creation and delivery of processes and services are always being self-improved and developed for the benefit of all customers. Our internal governance challenge these processes and ensures effectiveness can be demonstrated prior to sale and delivery

Technology

In order to assist Computacenter’s customers in selecting the right tool to fit their requirements and optimise their licensing investment we have partnered with License Dashboard to provide C3Software via a hosted solution running

in Computacenter’s secure datacenter.

As C3Software is provided only on a subscription basis all infrastructure and associated information system costs are

(7)

Why Computacenter?

Computacenter are uniquely positioned as we are a combination of a Reseller and Outsourcer with an in-house SAM practice. This means our advice is supported by vendor’s sales training and resources that organisations don’t have direct access to. We have the scale and experience of an outsourcer to manage the services for our customers and by having an in-house SAM practice partnered with specialist tool capability we can provide a more in-depth knowledge than many other resellers.

By selecting Computacenter you can be confident of receiving best in class SAM resources to deliver a best practice solution that meets the your objectives throughout the software asset’s lifecycle.

By selecting Computacenter for SAM, you will benefit from:

• Collectively has over 25 years of software asset management industry knowledge to include Audit Defence engagements within the consultancy practice

• Software Audit and negotiation engagement process and tactics

• Access to industry leading licensing expertise to underpin clients technology and business strategy • Proactive Licence reconciliation to identify and mitigate immediate and sustained compliance risks

• Software Audit Management expertise across all industry sectors i.e. Financial, Industrial and Commercial/Retail for Tier 1 Software vendors.

• Delivery of quantifiable cost savings and cost avoidance

In addition, Computacenter’s position as an industry leading software supplier and software asset management organisation means our customer can benefit from a linking of the two services. By linking procurement with asset management leads to:

• Quicker decision making

• A one stop shop for all software requests

• A complete process with a single organisation ensuring there are no gaps in the overall management of software – from request, through procurement, into management and then retirement

The client can potentially benefit from commercial innovation offsetting some cost of service via the supply of software via Computacenter.

Computacenter has more than 25 years’ experience of sourcing and managing multi-vendor licences and over 80% of the FTSE 250 companies collaborate with Computacenter making us a partner of choice when it comes supporting our customers through a software audit irrespective of the stage we are engaged.

(8)

If you are thinking about, or are already involved in any of the following projects then Computacenter can help you assess the Software licensing implications and the impact to your business: • Windows 7 upgrade

• Bring your own device • Data storage and retrieval • Big Data

• Information management • Mobility and remote working

• Desktop, telepresence and collaboration • Workplace transformation or upgrades • Cloud

Before starting any projects listed above Computacenter

recommends that you consider the impact these may have on your Software licensing estate.

To learn more about how Computacenter can help, speak to one of our experts, free of charge or contact your Computacenter Account Manager today on the details below:

Email: [email protected] Tel: 0800 014 7420

Web: www.computacenter.com/software

Computacenter is a leading independent provider of IT infrastructure services and solutions. From desktop to datacenter, we help our customers minimise the cost and maximise the value of IT to their businesses. We can advise organisations on IT strategy, implement the most appropriate technology, optimise its performance, and manage elements of our customers’ infrastructure on their behalf.

Computacenter operates in the UK, Germany, France and the Benelux countries, as well as providing transnational services across the globe.

References

Download now ( PDF - 8 Page - 2.92 MB )

Related documents

DEPARTMENT OF DEFENSE SURVEY OF HEALTH RELATED BEHAVIORS AMONG ACTIVE DUTY MILITARY PERSONNEL SERVICE PROGRAM OFFERINGS

 Alcohol and Drug Abuse Prevention and Treatment Program (ADAPT) - The ADAPT program focuses on the prevention and treatment of substance abuse, offering substance abuse

Social Networks and Ethnic Niches: An Econometric Analysis of the Manufacturing Sector in South Africa

Thus an increase of one standard deviation of the mean employment of all language groups in ethnic niches increases the probability of an individual’s employment in a niche

Procure to Pay Process Audit

[r]

‘It’s Kinda Punishment’: Tandem Logics and Penultimate Power in the Penal Voluntary Sector for Canadian Youth

My novel concepts of tandem logics and penultimate power are useful for understanding penal voluntary sector practice, explaining how seemingly contradictory approaches

A PRAGMATIST S VIEW OF IT PLANNING BEYOND THE CLOUD

Instead, this white paper will focus on the all-important “how.” Corporations seeking to enjoy those benefits need to identify a pragmatic approach to determining how to select

GenRx TRAMADOL CAPSULES. NAME OF MEDICINE GenRx Tramadol (tramadol hydrochloride) immediate release 50 mg Capsules.

Convulsions have been reported in patients receiving tramadol at the recommended dose levels.. The risk may be increased when doses of tramadol exceed the recommended upper daily

THE PREMIUM AUDIT PROCESS

• Follow-up calls are made to the policyholder by the auditor to discuss the business operations, specific payroll documentation required, employee job duties, verification of

JRC PESETA III Project: Economic integration and spillover analysis

As one moves south impacts appear to be higher as a share of GDP; the previous conclusion of the North-South divide is confirmed for agriculture, labour productivity