RESEARCH@DBTA: Compliance Dance: Survey Highlights Impact of Vendor Software Audits

Software audits—in which vendors probe enterprise customer imple­mentations for overuse of licenses or unauthorized installations—are becoming a big business—and an emerging source of revenues. Whether on-premises or accessing services through the cloud, many companies report having been the subject of software audits, often resulting in tens of thousands of dollars of assessments.

That’s the word from a new survey published by Unisphere Research, a divi­sion of Information Today, Inc., the par­ent company of Database Trends and Applications, in partnership with License­Fortress, a software audit service. A total of 283 usable responses were received, of which 155, or 69% of survey respondents, reported having been audited within the past three years, and 79% reported hav­ing been subject to a software audit within past five years (“Managing The Software Audit: 2022 Survey on Enterprise Software Licensing and Audit Trends,” September 2022). The purpose of the research was to better understand the scope of software audits, as well as the costs incurred.

As applications move from on-prem­ises environments to the cloud, it seemed that many licensing issues would be resolved. However, this has not alleviated issues or concerns with software licens­ing and audits, the survey showed. Close to eight in ten enterprises report software compliance issues have either increased or remained the same after moving to the cloud. While many applications and data sets 

have moved to the cloud, respondents reported that there was no appreciable impact on their software compliance issues. Seventy-nine percent report the move to cloud has not changed their soft­ware compliance issues, or, in the case of 38% of respondents, it has increased com­pliance concerns. Only about one-fifth, 21%, say cloud has reduced their compli­ance issues.

Many vendors maintain comprehen­sive controls over licensing rights and responsibilities outlined in their contracts. They may require customers to support and run scripts that monitor usage—and may also invasively track other parts of the infrastructure. The terms may change with the purchase of additional licenses, or at contract renewal time.

In addition, there is the possibility that second-tier software vendors may get acquired by firms that seek to play hard­ball with licenses, as has been the case with so-called “patent trolls” that aggressively seek monetary compensation for what they claim is unauthorized use of software.

More than half of enterprises in the survey report being audited by one or more software vendors. About 69% of survey respondents report having been audited within the past three years, and 79% report having been subject to a soft­ware audit within the past five years.

It’s important to note that software vendors have a right to ensure they are being compensated for the systems and services they build, provide, and main­tain to their customers. The challenge to enterprises is software compliance, which can be complicated with services or capacity engaged that is unknown to IT or business users.

Examples of non-compliance may include a purchased license tied to a spe­cific application that is being used for a different application; or licenses restricted to internal-business-use-only where access has been opened to external customers. Survey respondents report that activating unlicensed features, and issues around virtualization, are the issues most likely flagged by software vendors.

What impressions do vendors leave from their audits? In most cases, the encounter was courteous—the majority, 88%, say the tone of the vendor’s represen­tatives was friendly and professional. More than one in 10, however, still encountered hostility or pushiness on the part of the vendor.

Among companies audited by ven­dors in the past three years, 64% were leveraged additional charges for non­compliance. A substantial portion, 35%, had to pay $100,000 or more to achieve compliance with the vendor, and 10% were leveraged $1 million or more in fees. Vendor charges incurred following an audit reflect company size. While more than half of the smallest companies had no charges, only 24% of the largest com­panies caught such a break. At the same time, while 20% of the largest companies were assessed amounts exceeding $1 mil­lion, these numbers were not seen among their smaller counterparts.

Along with the assessments made by vendors for non-compliance, there are hidden costs as well, even if the vendor does not levy additional charges. Most audit processes required at least three employees, and 40% of companies had their CIOs involved with the process. Given the time spent at hourly rates, this can add up quickly.

A majority of audited companies did not seek outside assistance to guide them through the process. While many depend on tools or software asset management to support their efforts, a majority fail to keep track of software changes on a con­tinuous basis.

In today’s turbulent economy, many software vendors have been looking for sources of additional revenue, and they have found it—through customer soft­ware audits. These software audits have become a big business, serviced by prom­inent accounting and consulting firms on behalf of vendors, and often incurring millions of dollars of extra charges to customers.