When they occur, vendor audits can be very disruptive for an organisation. The letter of audit intent will almost always arrive at an inconvenient time but there are a few precautions you can put into place to ensure that the disruption is kept to a minimum.
Create a vendor audit process
This is a process that stipulates the internal steps that the organisation has to follow for each stage of the audit. Ensure all relevant parties within the organisation are aware that an audit is about to commence. This notification needs to reach beyond the IT department to include procurement, the legal department and security.
Get closer to the relevant software vendors
It might seem counter-intuitive, but when faced with an audit, it is wise to invest in building a good relationship with the vendor(s) concerned. This can also involve discussions about future business development plans as giving a vendor a greater understanding of your organisational strategy will enable them to provide practical advice about future license requirements. Will a closer relationship prevent an audit? That is unlikely, but an open dialogue will set the scene for a less aggressive, more constructive basis to the audit and could help influence timings should a delay be preferable.
Think proactively about internal software audits
Using specialised SAM tools it is possible to record exactly what is being used and how this correlates to the organisation's official entitlement. Ideally this would be completed on a regular basis for all relevant vendors of importance, in the same way, as an organisation would approach developing a disaster recovery plan. An internal audit will verify that tools, people and processes are working properly, that the organisation is compliant with its license entitlements and will of course highlight any problem areas, so that the issue can be fixed before a vendor comes calling.
- Jelle Wijndelts is a Senior SAM Consultant at Snow Software.