September 18, 2009, 6:57 PM — Oracle licensing consultant Eliot Arlo Colon still remembers the enormous global publishing company that was "so darn confident" it would breeze through an upcoming software license audit unscathed.
But once the company actually dusted off its E-Business Suite contract, it got an ugly surprise.
Contrary to long-standing internal belief, the publisher's custom licensing agreement only authorized North American use of the ERP (enterprise resource planning) package, not worldwide, according to Colon, president of Miro Consulting in Woodbridge, New Jersey. The company was on the hook for "tens of millions of dollars" in licensing fees, although the issue was ultimately settled for less than that amount, Colon said.
There's little hard evidence that vendors are conducting more audits than usual in recent months, observers and industry analysts say. But even so, given that the last thing a cash-strapped IT shop wants these days is a hefty, unexpected bill for license noncompliance, now might be a good time to prepare for one in hopes of minimizing the damage.
"Proactive is better than reactive when it comes to software audits," said Robert J. Scott, a Dallas attorney who specializes in software audits. Companies should strive to be in "an audit-ready mode," he added.
"You need a systematic process for evaluating what's on your computers and what you've purchased," performed on a quarterly basis if possible, Scott said. Also, "you've got to do so with an analytical rigor sufficient to certify the results as true and accurate in a legal context. If you can't get to that point, you've got a big problem."
Of course, sometimes audits can have good results, turning up the fact that a company is over-licensed, giving an opportunity to get rid of shelfware or transfer licenses to more useful applications.
While he gets "a steady stream of requests" for help from clients who have been found to be noncompliant, over-licensing is a "much bigger" problem than under-licensing these days, said Forrester Research analyst Duncan Jones.
There are many ways to get at the truth, some more expensive than others. Vendors such as Acresso sell SAM (software asset management) applications for monitoring compliance, and outfits like Miro Consulting can conduct "friendly" audits and compliance reviews.
But in many cases, customers should start with basic housekeeping, taking steps like storing all their software contracts in a single place, said Ray Wang, a partner with the analyst firm Altimeter Group. "Most companies have them in file cabinets that span multiple locations."
Another crucial preemptive step customers can take is to limit their use of virtualization until they fully understand the licensing implications, according to Jones.