As we are all aware, software audits are something that most organisations dread. Organisations can stay one step ahead of the BSA and FAST by conducting their own internal software audits.
There are a number of key reasons for completing internal software audits. The two main reasons for carrying out an internal audit are to reduce the number of inactive licenses and also to ensure that you are maximising your current license position. You could also add a third factor in there too, as an internal audit can help you reduce your under compliancy should you be in that position for certain applications. Internal software audits are also a cost saving method, as you will remove software from machines that no longer require it, thus reclaiming a license for future use.
Once you have implemented SAM within an organisation, software audits will become a process that can be scaled back. 90% of users do not need administrator rights on their machines, thus restricting their ability to download or install software. This will also reduce the number of trial or evaluation licenses that are installed on your estate. This is another reason why you should complete internal software audits as the majority of SAM tools can’t report what installations are actually trial licenses. By completing an audit you will be able to establish if anyone has downloaded a trial license, and then you can either remove the software from your estate or ask the user to provide business justification and a cost centre/budget for purchasing a license should they need it.
Document the process you use for internal software audits and promote the process to the users. It may be the case that you’ve never conducted an internal audit before, so talk to your IT staff and senior management highlighting why you want to create an internal Software Audit process. Conducting an internal software audit usually consists of 5 steps:
I could go into a lot more detail and depth for an internal audit process, but you should get the general idea. The five steps above should give you a good base to work from when conducting an internal software audit and it should also help identify the key stages of the audit.
If you are after a dynamic SAM estate, then internal auditing should be a continuous process. However, again if resources are stretched then an internal audit of Tier 1 vendors should be carried out at least once a year. Other applications should also be audited once a year, but concentrate on the Tier 1 vendors first if time and resources are limited. Carrying out an internal audit for Microsoft, Adobe or IBM would be of more use to your organisation than regularly auditing WinZip for example.
If you don’t have a ‘locked down’ environment then keeping a record of the machines and users that you have removed a license from will help you in future audits. You are then also able to present these reports to the board, highlighting licenses reclaimed and potential savings made.
Internal software audits are an important and sometimes overlooked process within SAM. With the current audit mentality and vendors looking to reclaim money on any under-licenced software, conducting internal audits are a way for you to stay compliant and be one step ahead of auditors, so should an audit letter land on your desk you will be fully prepared and compliant.