Software Audits are a Game of Hangman
In the course of discussing the intricacies of SAM and license audits with customers and partners, I find myself using the same metaphors, the same war stories, and explaining the same concepts time and time again.
Software auditors are lazy
I’ve been working in and around the SAM industry now since 2006, many things have changed but, equally, many things have remained the same. Here’s one that has remained the same, software auditors are lazy and they like an easy life.
Why do I say that? I’m not being rude about software auditors per-se but that they like an easy life, who doesn’t? If you make life easy for a software auditor then you are not helping yourself or your organisation. Furthermore, you could be creating a problem for yourself further down the line, remember software auditors can change employers just like you and if they have you flagged as a helpful and soft target they will keep coming back for more. Human beings are drawn to the path of least resistance and you don’t want that path to be you or your organisation.
Helpful and uninformed is a very painful place to be
You can compound this situation if you lack the SAM processes and methodologies (more on this in a later piece) enabling you to be certain of your license position. Helpful and uninformed is a very painful place to be if you’re a customer of some of the large software vendors.
I’m not saying you should be unhelpful nor confrontational, merely that you should answer the question placed before you, nothing more, nothing less.
For example, when you receive an audit letter from a software vendor should you
- Respond immediately?
- Ignore it and hope it goes away?
- Read your contract?
- Something else?
If you answered 1 or 2 then you’re in a majority of the customers we work with. If you answered 4 then add a comment below and let me know what other thing you could do before reading your contract?
Read your contract
That’s right, if your answer was 3 then give yourself a pat on the back. Read your contract is always a great first step when engaging with a software vendor and their auditors. You can help yourself hugely by understanding the salient points of the contract.
Does it tell you exactly what you (or someone in your org) signed up to from an audit perspective ? It may say that in the event of a notification of audit you have 40 days to respond. So why would you respond any sooner than that exact number of days?
- Does it say that you must respond electronically to an audit letter? Most likely not, so why not respond in writing to the registered address for the company requesting an audit?
- Does it say that any audit activities must not interfere with your right to conduct your business without undue interference ? Your business has a rhythm in the trading year and likely has times when an audit would be more inconvenient than others. Is that now?
- Does the contract have a different trading name in the customer than the one referred to in the audit letter? You could helpfully point that out in your letter that you are sending to the registered address on day 40 after the notification.
None of these activities are obstructive, merely diligent. Diligence is different from helpful, I’m sure your employer would prefer you were the former when engaging with software auditors.
Don’t build your own gallows
Let me close the loop on the Hangman reference.
In the traditional game of hangman, every time you guess a letter wrong your opponent draws a component of a gallows until the end is nigh. Software audits are similar. Auditors very rarely, if ever actually “perform” the audit actions, it is you who do the running, you who do the activities and report back to the auditor with your findings or results. Every time you do that, you are helping them build that metaphorical gallows. The longer you give yourself to ensure that the gallows never reach completion the better for you and your organisation.
Interested in discussing this topic? looking for strategies on audit defence ? anything else to do with software licensing and SAM? Get in touch…
Lastly, regarding my earlier question, what would you do if you don’t have the contract you need so you can look up the relevant clauses ? You might want to engage an independent team of expert consultants well-versed in the cut & thrust of software audits and how to defend them.
