Surviving a Software Audit2 Jun, 2015 By: Kathy Vogler, PERRY proTECH
If you receive an audit letter or email from Microsoft, you are not alone. At present, approximately 10% of my company’s clients have gone through this process this year. An estimated 60% of midsized companies are targeted for audit. During this process, Microsoft in essence, wants to take a look at what you are using, what licensing you have paid for, and to match those together. This is often a voluntary audit process called Software Asset Management, or SAM, previously known as Microsoft’s Software Audit. An involuntary audit is the Legal Contract and Compliance Audit, or LCC. This step is only administered when Microsoft believes that a serious licensing infraction has taken place and is often costly and time consuming. It may also be issued when a company ignores or refuses to undergo a SAM engagement.
According to Microsoft, audits aren’t being done just to find pirated software or non-compliance, but additionally they are finding that almost 30% of their clients are overpaying for licenses that go unused. Clients may purchase software that is never used or find that they do not have as many users as they thought. Or you may have purchased software that was also included in a bundle. However, users that have underpaid will be expected to become compliant. This is not just a Microsoft thing; all software publishers have the right and responsibility to enforce their intellectual property rights. When you purchase software, you enter into a contractual obligation to abide by their rules and agree to their right of audit. The top five vendors requesting audits at present are Microsoft, McAfee, Attachmate, VMware and Symantec. Larger companies can expect audits from software giants such as SAP and Oracle.
Voluntary Audit Questionnaire
Choosing to ignore the request to complete Microsoft’s voluntary self-audit questionnaire will set into motion a three-stage process leading up to possible prosecution by the software vendor-funded Business Software Alliance (BSA). When you receive your audit letter or email, you have two weeks to return the completed questionnaire. You’ll need to possess the appropriate license for your usage and to be able to show your audit trail. Three key areas ensure that you are properly compliant:
- Accounting of your current license entitlements (what do you own)
- Accurate reporting of usage (what is actually deployed)
- Complete assignment of your license entitlements to real deployments
If you are out of compliance, you’ll be expected to pay for additional license, sometimes at retail pricing. Non-compliant companies may also encounter fines, penalties and even criminal prosecution for the most serious cases. Audits will be increasing as we move forward and you are wise to establish an asset management process to stay on top of licensing requirements.
- Keep all updated licensing information in a central location so it’s easily accessible
- Create a software and hardware map (database, diagram or spreadsheet) that details where software is installed on computers
- Adopt a regular inventory schedule to keep track of new software or license acquisitions
- Consider investing in Microsoft’s volume licensing programs
Here are some common issues that you’ll want to understand and avoid:
- Not understanding the contractual obligations
- Not understanding User versus Device licensing. Some Microsoft products (Windows, Office, Project, Visio, etc.) are licensed by device, not by user unless you have licensed these through an online subscription
- Not understanding the difference between downgrade rights or cross edition rights. For example, Office Professional Plus includes downgrade rights to earlier versions but does not include cross-edition rights to products such as Office Standard
- Not understanding restrictions on reassignment of licenses, and this may surface as a problem with server virtualization if you are using tools that move between hosts
Microsoft offers a tool to help you understand and evaluate the best way to license CALs (Client Access License) at this link: www.microsoft.com/licensing/CalTool/. Another helpful link to the SAM resource page: www.microsoft.com/sam/en/us/resources.aspx.
Engage a Professional
An audit can be disruptive, painful, and very time consuming. Consider that you’ll need to come up with real numbers for every operating system, every Office suite, every SQL Server, every remote desktop service. If your environment includes thin clients, it’s difficult to complete a network scan to know who has access to what software. It’s best to engage a partner who can help you navigate through a highly-complex licensing scheme. The partner will help reduce the drain on your internal resources and help you negotiate with Microsoft to complete your audit and compliance. Your partner can request distribution purchases with your permission and compare to your questionnaire results to make sure you have paid for every software installation. Additionally, your partner can deploy an automated discovery tool and conduct the license reconciliation. The partner is obligated to turn over all findings to Microsoft on your behalf.
Your IT budget may take an unexpected hit to bring you up to full compliance in the event you are audited and unprepared. A proactive stance in maintaining your software inventory and asset management, and working with a Microsoft licensing professional for correct purchase and usage, will help you moving forward.
Kathy Vogler is Communications/Marketing Director for office technology solutions provider PERRY proTECH. For full company information visit http://www.perryprotech.com.