Software Audits - When it gets Uncomfortable in the C-Suite, That's When Things Start to get Done

By Christof Beaupoil President Aspera Technologies Inc.

Introducing…

…the President of Aspera Technologies Inc.

Christof Beaupoil

Co-founded Aspera in 2000 Over 12 years experience in software asset and license management

Master in Mechanical Engineering and Information Technology Certified ITIL Foundation and Licensing Specialist

Why This Webinar Topic?

Organizations don’t realize how serious their audit risk is until it’s too late and the CIO or CFO is signing off on a major (unplanned) expense. …Only then does license management get the attention it deserves from top management.

Agenda

If you talk about the risks of an audit now, then you’ll be in a better position later.

To do this you need:

Convincing information your IT Director and CIO will listen to.

Testimonies from real people who have gone through a major vendor audit before.

Counter arguments to the most common reasons executive management doesn’t want to buy into software license management.

The Truth of the Matter

Selling commercial software is a business… …The most common risk associated with commercial software is non-compliance… …On this basis vendors often audit their customers to ensure compliance.

What Publishers Say…

…Vendors initiate audits to generate revenue.

Quantifying the Risk

Just a few examples of software audit disputes getting public attention:

Rent-A-Center and SAP – US$ 9 million

Hospital Corp. of America and Informatica – US$ 6.3 million

PCS-CTS and the BSA – US$ 500,000

BMP America and Infor – US$ 150,000

It’s hard to ignore the audit risk and importance license management when that much exposure and money is on the table.

Agenda

Convincing information your IT Director and CIO will listen to.

Testimonies from real people who have gone through a major vendor audit before.

Counter arguments to the most common reasons executive management doesn’t want to buy into software license management.

Exposure and Compliance

Audits are time consuming…

Testimonial #1: In a blog by Clarence Villanueva of Forrester, one person commented: “Although the audit was confined to DB2 usage, it took an elapsed time of about eight months from start to end to complete the audit.”3

Exposure and Compliance

Audits are expensive, not only in terms of potential fines but in staff costs.

Testimonial #2: Will McManus, CIO of Dynamic Systems Inc. (approx. 2000 employees), was hit with an audit by Autodesk, “...I have a department of six people and it absorbed an enormous amount of resources.” Lack of visibility on who was using AutoCAD stressed the situation, “When the audit was done, the company was out nearly $100,000,” just in legal fees.4

Exposure and Compliance

Without your own method to create internal reports, you have no grounds to dispute (or disprove) auditor results!

Testimonial #3: One person shared with Aspera that he “spent 2 years defending an IBM audit, which took up 20% of his time in addition to two FTEs.” Afterwards, he ended up creating a funded project for license management.

How much will an audit cost you?

Show your manager the potential costs. Exmaple:

If your company has 80 software vendors

And only 10% of vendors initate audit request

20 days to respond to each request (without own tool)

8 vendor audit requests x 20 days = 160 days or 0.6 FTE / year

Average SAM FTE yearly salary = $75,0005

0.6 FTE x $75,000 = $45,000 / year

How much will an audit cost you?

Exmaple continues:

If 25% of audits requests turn into full-blown audits

Average audit takes 3 FTEs (without own tool) and minimum of 3 months, more realistic 6-12 months

Average fines, purchasing after the fact = $500,000

3 FTEs for 6 months = (3 x $6250) x6 = $112,500

$112,500 + 500,000 = $612,500 / audit x 2 audits / year = $1,225,000

$45,000 + 1,225,000 = $1,270,000 / year

Exposure and Compliance

Cannot quantify these consequences of a being caught non-compliant:

Having to purchase licenses and/or maintenance post-audit at higher prices,

Unfavorable negotiation position in later contracts,

Consume loads of effort from multiple resources,

Strained vendor relationships,

Damaged company reputation, and

Higher chances of more frequent audits in the future.

How Do Publishers Choose Who to Audit?

Although number of software audits rises each year, not all organizations are audited equally…

Risk Mitigation Plan

License management helps to stop and prevent non-compliance, streamline license purchases, and eliminate inconsistencies…

An entitlement-based license management solution enables organizations to:

Track software license usage and forecast demand (streamline purchases),

Take advantage of product use rights and entitlements,

Identify and prioritize legal and financial risks (eliminate under licensing),

Quickly respond to software audits, and

Prove compliance anytime with an easy to understand, re-producible process.

Risk Mitigation Plan

Quantify the cost avoidance for your manager:

While professional license management will not completely eliminate audits, it does reduce all relevant efforts and risk – by a minimum of 50%:

Average time to respond to audit request = 10 days, more realistic 1-3 days 3 days x 8 audit requests = 24 days or 0.09 FTE = $6750 / year

Avoid = 0.51 FTE and $38,250 / year

12.5% turn into full audits, requiring 1.5 FTE, 6 months, fines negotiated down 50% 1.5 x 6 months = (1.5 x $6250) x 6 = $56,250 / year $56,250 + 250,000 = $306,250 / year x 1 audit / year = same

Avoid = 1.5 FTE and $963,750 / year

Agenda

Convincing information your IT Director and CIO will listen to.

Testimonies from real people who have gone through a major vendor audit before.

Counter arguments to the most common reasons executive management doesn’t want to buy into software license management.

We already have an asset management system that records software purchases (e.g. SAP).

Do you know what’s written in the licenses and/or contracts?

The contents play a integral role in determining compliance, audit risk, and reducing software spend.

Missing components are knowing what you’re entitled to and the license metric.

Common Excuses from Executive Management Already Have…

We already have BIG 4 Vendor. Sure, some of the data needed for license management is there, but there’s no standard technical process to identify license purchases, record Ts & Cs, and reconcile with software installations/usage. Basically, re-inventing the process for each product/audit.

Common Excuses from Executive Management Already Have…

Requires lots of time, manual work, and customization (= not future proof).

We have discovery tools e.g. SCCM, so we have license management.

Part 1

Same software licensed under different price models

Software title doesn’t tell you how licensed, under what metric or product use rights

Must understand metric to determine license demand

Cannot measure license demand or compliance.

Common Excuses - Executive Management Discovery Tools

Part 2 Must apply product use rights and entitlements to be accurate

For example: a discovery tool cannot recognize if the software you’re using is licensed for downgrade rights...

We have discovery tools e.g. SCCM, so we have license management.

Part 3

There is not one discovery tool that can gather data in all environments…

…or that can gather all the required data for license management.

Common Excuses - Executive Management Discovery Tools

Investing in a tool and project is too expensive

Part 1 – refer to cost avoidance calculations

Common Excuses - Executive Management Too Expensive

Part 2 Saving Potential with License Management6

Common Excuses - Executive Management Too Expensive

Investing in a tool and project is too expensive

Investing in a tool and project is too expensive

In Aspera’s experience, companies that: Record the license and contract models of all manufacturers, Have a tool and Master Catalog to map out the product use rights, Involve all software suppliers in the license management process, Establish connections to all asset management and discovery/inventory tools, and Manage licenses, updates, certificates, maintenance and contracts worldwide…

Are able to: Reduce their software investments by up to 30%, Ensure they can prove software compliance irrespective of vendors and manufacturers at any time, Avoid under licensing and over licensing, and Use software licenses more efficiently.

Common Excuses - Executive Management Too Expensive

You can’t do license management unless…

There are solid processes and policies in place

supported by

an entitlement-centric license management tool.

License Management

Essential elements of an entitlement-centric technology: Master Catalog Fully researched, detailed catalog of entitlements and software recognition information. Extensive information about each license and software title:

Comprehensive, configurable catalog of entitlements so that purchased licenses can be associated with the correct PUR.

Synonyms and recognition rules to allow large volumes of raw inventory data to be turned into useful software titles.

Unique identifier (such as SKU) so that discovered software can be associated with license purchases.

Incorporate contractual Ts & Cs and PUR in compliance position and calculate potential over and/or under licensing amounts.

License Management

If you would like a copy of Aspera’s Audit Defense Guide please click here. An email will open up with a pre-set subject and all you have to do is hit send. Or sign up for our monthly newsletter* and automatically get a copy of the webinar slides and the Audit Defense Guide sent to you in the next issue. *You can unsubscribe from the newsletter at any time.

Additional Resources

Presentation at the Spring IAITAM ACE in April 2013

Projecting Savings from Software License Management – The realist’s ROI and Business Case

Software license and asset management bring many benefits including faster responses to IT service desk queries, more effective contract negotiations, and confidence in compliance audit situations. But when it comes to securing top management support the most clearly understood language is $$$ and savings. So what’s a realistic projected ROI you can present with poise? What can you take into consideration aside from the obvious financial savings?

Learn from practical experience gained over 130 successful projects, and takes notes as the business case for your project is outlined in:

Rebuttals to common spending misconceptions, Obvious and not so obvious financial savings, Gauging saving percentages based on level of maturity, project scope, and other factors, and Calculating the numbers.

Additional Resources

1-2) Ernst & Young LLP. (2011). Software compliance without tears - Monitoring customers? software usage in a complex world - Software asset management survey. Retrieved February 20, 2011, from www.ey.com/Publication/vwLUAssets/Software_asset_management_survey/$FILE/IT%20COMPLIANCE%20WITHOUT%20TEARS.pdf

3) Villanueva, C. (2011, August 10). Licensing With The Frenemy - Exploring An IBM Software Audit, Forrester

Blogs, Sourcing & Vendor Management Professionals. Entry posted to http://blogs.forrester.com/clarence_villanueva/11-08-10-licensing_with_the_frenemy_exploring_an_ibm_software_audit

4) Church, Z. (2008, September 2). Software audit painful and costly for the noncompliant, SearchCompliance. http://searchcompliance.techtarget.com/news/1340705/Software-audit-painful-and-costly-for-the-noncompliant

5) Thompson, M. (2011). Worldwide Salary Survey for Licensing, Compliance and SAM Roles, ITAM Review. http://www.itassetmanagement.net/2011/07/19/worldwide-salary-survey-licensing-compliance-sam-roles/

6) Translated from German: Dr. Gerick, Thomas. "Lizenzmanagement: zwischen SOX und Kostendruck." Controller Magazine. January 2009.

Sources

Thank You

Questions?

Founded in 2000, registered in Germany: Aspera GmbH and the USA: Aspera Technologies Inc.

Co-founders and management team:

Christof Beaupoil – Co-founder, President, Aspera USA Bernhard Boehler – Co-founder, Managing Director, Global Account Management Olaf Diehl – Managing Director, Business Development & Operations Keith Sauvant – Co-founder, Managing Director, Research & Development

Parent company: USU Software AG

Employees: 316 (Aspera USA: 10, Aspera Europe: 75)

Partners in: Australia, Benelux, France, Scandinavia, South Africa, and the UK

Portfolio: Tools, LaaS, Managed Services, Catalogs, Consulting, Project Management

Customers: Fortune Global 500, very large, large, and medium sized organizations, government and civil services bodies

Aspera the Company Aspera the Company

Contact

Aspera GmbH and Aspera Technologies Inc. check and update the information in this presentation on an ongoing basis. Despite this, data may have changed. Therefore, Aspera cannot be held liable for the up-to-dateness of this document. The content and

structure of this document are protected by copyright. Any reproduction of the information and data contained herein, especially the use of texts, text passages or illustrations, requires written prior consent of Aspera GmbH. Aspera, SmartTrack, FlowControl,

ICM, CMM, FM, MM, and the license management logo are registered trademarks of Aspera GmbH in Germany and/or other countries.

North America: Aspera Technologies Inc. 470 Atlantic Ave., 4th Floor Boston, MA 02210 Your personal contact: Shawn Smith Tel.: +1 508-473-6373 Email: smith@aspera.com

Europe: Aspera GmbH Dennewartstrasse 25-27 52068 Aachen, Germany Your personal contact: Olaf Diehl Tel.: +49 241-963-1220 Email: diehl@aspera.com

www.aspera.com