Surviving Software Audits

If you've made no attempt to be legal, auditors will react accordingly.

This may be difficult to believe, but being in full compliance with your software license agreements does not make a software audit any easier. In fact, your level of compliance has virtually no bearing on how easy or difficult the audit is. I know. I went through two software audits in the past 12 months. One was performed for a single software publisher by one of the Big Four accounting firms; the other was a self-audit requested by a software industry trade group for one of my remote offices.

The process sounds simple: Compare what youve purchased to what you actually have installed; the difference indicates how much youre over- or underlicensed.

That should be as easy as defining the word "is," right?

Well, figuring out what youve purchased can be tricky. Most likely, youve got many invoices spread over a few years, from different resellers for different quantities of different products —some for Version 1.0, some for Version 2.0, some for the Pro and some for the Plus versions. Some you bought with maintenance agreements—with different time periods —and some you bought without maintenance. Some are for upgrades in every possible upgrade path permutation.

Of course, do not think that the physical inventory is much easier. First, youre likely to discover workstations with multiple versions of the same product. That could be because no one ever deleted the old version after the new one was installed, or maybe users need the older version because the new one isnt 100 percent backward-compatible. Then you may have some users with multiple workstations, each of which could have multiple versions of the package. Maybe a developer also has a laptop for when he travels and a PC he uses at home for work. How many licenses would you need for this user?

So, how do you make an audit easy on yourself? Keep good records and simplify your administration. Standardize on a single software reseller—that can be enormously helpful when you need to pull purchasing records. Decide for each product if youre going to buy maintenance—and stick with that for every purchase of that product. When its time to buy an upgrade, try to buy it for all your copies at once. Centralize all IT purchases—the last thing you need is departments and users buying things you dont know about. If you buy for multiple sites, consider separate purchase orders for each. If one site is audited, theres no need to call attention to your other sites.

Auditors do know how complex it can be. In my experience, if they see youve made a good-faith effort to comply, theyll be forgiving. However, if its obvious youve made no attempt to be legal or that youre defensive and difficult to work with, theyll react accordingly.

Brian D. Jaffe is an IT director in New York and co-author of the "IT Managers Handbook: Getting Your New Job Done." He can be contacted at