In a recent press release, Robert J. Scott of Scott & Scott, LLP highlighted what his organization feels to be some common mistakes that companies make when presented with an audit request from BSA, SIIA or a software vendor. He lists –
- Failure to compile and produce accurate installation information.
- Relying on internal IT staff to respond to a software audit request.
- Submitting improper documentation in an attempt to demonstrate proof of ownership.
- Failure to involve experienced counsel to interpret copyright laws and software licenses.
I concur absolutely with the first point, which would be dealt with quite simply (if anything in IT is simple) by having implemented a continous activity of software asset optimization founded on rich and accurate inventory and usage information. As Robert says “Businesses that are most prepared will have the greatest success in defending the inevitable software license audit and save money”.
But the other points raise some questions. To ask counsel to make the first response to the would-be auditing agency would seem attractive, as a way of indicating that we do not expect to get walked all over in the process, but could seem to indicate concern over having something to hide. As Robert observes, the audit is probably inevitable, so if we have a software asset optimization strategy in place, with continous monitoring of the alignment of software licenses with installed inventory and its day-to-day use, then who better than someone who knows this data intimately to quickly form a working relationship with the auditing organization. For example, to exploit drill-down reporting to demonstrate that the company knows exactly where its software is installed.
With regard to the fourth point, if software license agreements have become so complex and difficult to understand that it needs counsel to advise, then it’s a condemnation of the software industry for making life so difficult for its customers. Or at least condemnation for some vendors in particular!
Where I do believe in the role of an outside organization is in helping establish an adequate regime of license and deployment management in the first place. There are specialists to be found for that, whose services will actually help you build your self-sufficiency in the management of your software assets.
With that in place, you can look forward to any visit from the BSA (or SIAA or whoever) ending in the BSA buying the drinks in celebration of your exemplary management of your software assets.