A Leading UK Authority in Software Asset Management & IT Compliance

The Domino Effect

FASTtalk July 2009

Vendor audits are up, business finances are down.

But organisations fearing a catalogue of audit notifications can still help themselves, as the FAST regional account management team explains.

Recent research by Trustmarque Solutions has shown there has been a 35% increase in activity from software vendors auditing licences, with one in four checks being triggered by finger-pointing employees. There’s little doubt that in the current climate companies are at risk.

FAST has seen the stresses such audits can cause even for companies that are household names. One organisation found unwanted software and then a need to establish its compliance position left its day-to-day operations paralysed as firstly compliance audit letters had to be verified, then company lawyers had to be informed and finally board level executives had to be briefed on the potential financial risk to the company of a hard-line audit and subsequent reconciliation mandate. Meanwhile staff were chasing around trying to confirm the company’s licence position.

One of the first problems that an organisation may find when it receives a compliance request is to understand to whom it was sent and on what terms it was issued. Initial contact may be in the form of an audit questionnaire. Whatever the tone, both the company lawyers and your FAST Account Manager should be informed.

Once one software publisher is in touch with a company about an audit, there is a reasonable prospect that others will follow - i.e. the Domino Effect. In today’s cash-strapped business landscape, software vendors need to find ways of maintaining revenues, so with fewer new sales likely, vendors may look to maximise revenue from existing customers. Acknowledge the receipt, speak to FAST and your legal team, and then look at the state of your proof of compliance.

Having informed your company lawyers, and your FAST Account Manager, initially write back to the software publisher saying you are happy to see them regarding their request while advising/asking the following:

  • We are a customer of FAST and are working towards the FAST Standard for Software Compliance (FSSC-1:2007)
  • What applications or versions (e.g. Standard or Pro) is the publisher looking for?
  • What access they will need?
  • How will the audit be conducted?
  • Will the publisher need to load an audit tool on to the network?
  • Will they conduct a manual walk round audit?
  • Who will conduct the audit? the publisher themselves or their agents?
  • What resources/amount of your time will the audit take?
  • See what the software publisher comes back with and then contact your FAST Account Manager to discuss/address any further issues.
  • Expect a culture-shift after the audit and prepare for it accordingly.
     

You should also consider the following:

  • Look at your maintenance contracts for details and proof of payment. If a publisher is accepting payment for maintenance and support on a product it would be difficult to argue you don’t have the right to use it.
  • Has your company merged or was it taken over with a subsequent name change? In such circumstances an organisation should check their licence agreements to see that they allow novation. These checks should be part of ‘due diligence’ and it may be that you can trace details of licensing/proof of entitlement from here.

Remember, as you are trying to build a picture of your proof of entitlement, the more items you have the better that picture will be.

Logistically, most organisations will look towards a paid, detailed invoice (publisher, application, and version) which provides a number of easily cross-referenced items, e.g. invoice number, payment number etc. In this situation, due to the cross-referenced items, it would be difficult for a publisher to dispute your right to use.

If you have full packaged products, you should be able to produce:

  • All physical media supplied when you bought the software, such as the CD-ROM
  • Accompanying paper documents the end-user license agreement (EULA), if supplied as a hard copy
  • The certificate of authenticity (COA) from the box
  • Your invoice, which should list the software title and full details of what was supplied, as well as the stock-keeping unit number.

For pre-installed software (OEM licences), you should be able to produce:

  • The paper documents
  • The end-user licence agreement EULA, if supplied on paper
  • The certificate of authenticity (COA) on the PC chassis, OR the manual covers, OR
  • The original CDs OR their accompanying documents, OR as separate COA documents
  • Your invoice, which should list the software title and full details of what was supplied, and the stock-keeping unit number.

For volume licences, you should be able to produce:

  • The licence agreement
  • The licence confirmation document your original invoice, with details of what software you ordered.


This article was produced by FAST Account Managers - experts in delivering IT compliance and software asset management advice and training to customers of the FAST Compliance Programme.

FAST and IRIS are trade marks. © FAST Ltd . All rights reserved. All other marks are the property of their respective owners.