The following is an excerpt from the new book, "What Top CIOs Know: How to succeed in a world of digital transformation, cyber challenges, exponential change, and intelligent devices by creating powerful strategies for the new 3.0."
Most CIO’s, constantly under pressure to deliver high value strategic and tactical results to the business, don’t consider licensing compliance… until it is too late. It is tedious, clerical, and goes unnoticed to leadership. Unfortunately, getting it wrong in today’s market is not only expensive but increasingly likely.
Taditional thinking posits that license audits are all about vendors catching intentional misbehavior—clients shaving a few percentage points from their operating expenses by failing to report usage. Reality is different. Some vendors today earn a substantial percentage of their revenues from penalties and sales resulting from audits. At least one ERP vendor reportedly earns 25% of their revenue directly from penalties and product sales not originally scheduled by the customer. In contrast, other vendors adopt a tolerant, “true up” client relationship where record keeping mistakes or misinterpretation of usage rules can be adjusted annually without penalties. Know your vendor’s stance.
Here’s five ways to stay in compliance and avoid painful audit surprises:
1. Understand your contracts and the penalties if you don’t comply.
You need to know:
• The formulas that relate the number of CPUs, threads, virtual machines and other computing platforms to the required number of licenses.
• The definition of billable use. For example, if you copy the software to a VM annually to test your disaster recovery capability, are you liable for additional licenses?
• Changes to standard agreements. License renewals typically happen throughout the year. Although an existing contract’s terms and conditions cannot be changed, at renewal time the now current vendor standard agreement will apply. You could be inadvertently signing up for a new, less favorable agreement.
2. Know what you are counting.
The definition of a user needs to be clear:
• Does availability of a system constitute use?
• Can licenses be recycled as, for example, when contractors come and go on a project?
• If a user is authorized on system X and points to a minor feature on Y, does that user need a license for Y?
• Are there any special terms for shared IDs? For example, factory floor employees may share an ID on a system with no financial impact (e.g., inquiry only). Is that one license or many?
• Have terminated and transferred users been accounted for and deleted if inactive?
3. Keep accurate records and hold for at least three years.
Without your own detailed records, the vendor’s version prevails. Keep records that:
• Clearly show users, dates in use, versions and environments (production, development, test, etc.) tied to licensed software.
• Indicate the correct number of users.
• Can be matched to your vendor’s usage audit trail. Do not assume that the vendor’s records are correct.
• Maintain not only proof of purchase documents but anything else that will bear on your liability for the software use.
4. Recognize that you may need a specialist; your firm’s legal staff may get blindsided by hard to interpret, highly technical language in the contract.
Software licensing is a specialty:
• Billing calculations are complex and quirky. The rules, like complex IF/AND/OR programming logic, may be stored online in a large document. They change frequently. Before signing up, know the fine details.
• Some compliance rules include, for example, the number of cores dedicated to the software in a physical server versus a virtual server. Some vary by the specific VM software used. Make sure your infrastructure team is aware of the potential licensing impact for specific configurations
• Your firm’s attorneys may not come to negotiations fully prepared unless they have access to specialist knowledge
5. Do not let your team inadvertently torpedo negotiations.
Installing, deleting and moving software seem like routine operations but if license rules are ignored, it will be costly:
• Be cautious of casual conversations. Over the years, your staff and vendors may develop a strong, informal relationship. Generally, this is positive but can be a problem in contract and audit negotiations. A software license audit is no different than any other audit—only the information asked for should be provided… nothing more.
• Centrally control any numbers, user lists or other information going out. Having multiple versions of the truth weakens your negotiating position.
• Ensure that your staff understands the licensing impact of making copies, bringing up test environments (even if only briefly) and installing software. Your records, typically in a software asset management system, need to be current.
This chapter only touches the surface of license compliance. The key take-a-way is that it’s a necessary task that can’t be avoided. Develop systems and personal expertise so that you don’t get surprised or forced to accept onerous terms as the result of a software audit.
The book, "What Top CIOs Know," is available at Amazon.com.