Navigating the Compliance Crisis: How to Prepare for Software Publisher Audits

A publisher contacts you and requests an audit. Panic sets in because you're uncertain if you're compliant. Dollar signs start to bubble up in your mind, knowing that errors can cost your organization a significant amount of money, possibly millions. Why wait for this moment? Get ahead of the curve and ensure compliance.

Let’s discuss IT asset management (ITAM), software asset management and hardware asset management, how and why they're critical to your organization, and how CDW can help ease the financial burden of unanticipated audit-related expenses.

Managing IT, software and hardware assets effectively is vital for reducing risks, ensuring compliance and controlling costs. These strategies form the backbone of operational success and resource optimization.

Overall, ITAM has some unique characteristics. The easiest way to visualize it is to think of ITAM as an umbrella. Underneath it, you'll find software asset management (SAM) and hardware asset management (HAM). This includes discovering assets, managing software licenses, tracking their locations, and overseeing maintenance and support contracts. Additionally, processing governance is an essential part of this overall framework.

ITAM involves your organization having a clear understanding of the following:

• What assets do I have?
• Where are they located?
• How old are they?
• Whose assets are they?
• What types of assets are they? For example, are they phones, laptops or something else?

ITAM enables you to identify what you have and ensure your assets are up to date. For instance, in large corporations such as CDW, it is essential to keep our phones updated with the latest version of the operating system. When it comes to ITAM, it is important to be familiar with the entire life cycle of managing each asset.

SAM is under the umbrella of ITAM because it involves managing assets and is a part of the ITAM strategy. However, software is different because you can't see, touch or feel it like you can a physical device. If you don't know what you have and where it is, then you become vulnerable to security issues and expenses, which we will explore later.

First, let's address security mitigation since it's critical for your organization. For example, maybe you have a software package that you're running in an infrastructure. There's a patch to it, but that patch has a virus in it. Then  an attack happens.

If you don't know that you have that product or use that software, know where that software is or who's using that software, it gets harder and harder to mitigate those kinds of risks.

The other challenge with SAM, which differs from HAM overall, is that we find customers continue to renew all their licenses year after year without really understanding whether they're using all of them or if they're using more than they own. There is a unique compliance issue with SAM. You must understand what you own and what you're using to be compliant with the various contracts of different publishers, including usage rights and other relevant terms.

Understanding what you have and having a tool that can help you manage it is critical in terms of reducing or managing software asset spend and then being able to track who has them and all related information.

Just like SAM, HAM requires you to monitor and track your hardware throughout its lifecycle — from tracking what you have in stock, to maintenance, and equipment disposal. You should have a well-rounded view of it all for every piece of hardware your organization owns. And, if you don’t have a plan for tracking them, it is a step you should take.

Larger enterprise-sized organizations, such as large manufacturers and healthcare organizations, typically see the greatest value from ITAM because they usually have a lot of assets to keep track of. Smaller organizations typically don’t have the budget for ITAM, and the ROI isn't usually as great as it would be for a large corporation that, for example, spends $100 million on Oracle a year and is looking to optimize.

1. Visibility: The number one challenge is general visibility of what’s out there. It’s one of the most common challenges organizations express when they come to CDW for support with asset management, as they often have a lot of technology. For example, they may have a lot of laptops in stock and, in addition, every end-user has one. That means there are numerous software applications and, often, a lack of holistic visibility between hardware and SAM. CDW brings great value in these situations because we’re well-versed in how to assess and triage these scenarios.
   
   
2. Compliance: Compliance is a significant challenge and arguably the costliest misstep you can make. It is especially common for organizations undergoing changes in leadership or engaging in numerous mergers and acquisitions (M&A) activities. M&A activity is a huge red flag for any software vendor to say, hey, we’re going to throw an audit your way.

First and foremost, organizations should not neglect asset management. Doing nothing is the worst approach. Many organizations make the mistake of trying to piece together the wrong tools to manage their assets, which is never effective.

Simply purchasing software from vendors and renewing those licenses year after year without any further action is also considered doing nothing. This approach lacks governance, oversight and an understanding of actual usage. With a do-nothing approach, there is no investigation into the budget, leading to a lack of knowledge about what is being spent and why.

Even managing assets with spreadsheets, although common in some organizations prior to an audit, is a better option than doing nothing at all. It's not unusual for organizations to operate normally until they face an audit from a software publisher. At that point, panic ensues, and leadership may be held accountable for not managing software assets as rigorously as they do physical assets, such as laptops. Companies take immediate action when physical assets are lost or stolen, but SAM often goes unnoticed and unaddressed because it often seems invisible.

On the other hand, software is one of the best ways for organizations tasked with optimizing costs to examine their systems and identify areas for improvement, such as unutilized software. Alternatively, you may find yourself in a situation where you have too many contracts and need to work with vendor management to consolidate them. In such situations, CDW can utilize its leverage and buying power to secure additional volume discounts.

Cost optimization has been a major focus, especially over the past couple of years. In the aftermath of COVID-19, many organizations have found themselves with a surplus of laptops, technology and software to manage. With potential tariffs on the horizon, numerous organizations are taking a closer look at the renewal or refresh cycles of their laptops. They want to determine if they need to purchase new devices now before the tariffs take effect.

There’re two types of audits — internal and formal.

• Internal audits involve customers proactively conducting an internal audit because they are uncomfortable with their current situation and anticipate that a formal audit may be forthcoming.
• Formal audits mean a publisher has determined there is a problem and has engaged a third-party auditor to assess the situation. They will scan the customer's environment and report what they owe.

CDW supports customers in both scenarios.

For internal audits, we start by establishing a baseline to understand the customer's current compliance position. From there, we make recommendations akin to ghostwriting: we guide customers on how to respond to auditors and inform them about potential findings. We provide strategies on what they can say to mitigate their exposure.

For formal audits, while we do not directly negotiate on behalf of customers, we offer guidance on how they can negotiate effectively themselves. This includes advising them on what to say to publishers and auditors to navigate the process with minimal risk.

Our support is primarily behind the scenes, providing customers with the tools they need to manage the audit process successfully.

There are numerous tools available and software options to choose from.

We have partnerships with many industry-leading IT asset management, technology and software asset management companies, including Flexera, Zensam, Certero, ServiceNow and Xylo, in the Software as a Service (SaaS) management space, among others.

If your organization is looking for tools, CDW will gain a thorough understanding of what you are looking for, and have conversations about the scope and size of your organization. Armed with this information, we can make vendor-agnostic recommendations that are tailored to your organization at-large and your business objectives.

Our initial conversation lasts between 30 to 45 minutes. This allows us to discover your organization's business objectives. If you're interested in ITAM or SAM, it’s likely you’ve done some preliminary research on these topics and have an idea of your goals. There isn't much preparation needed on your end, but it's helpful to have some clarity on whether your focus is on compliance, gaining visibility or perhaps a more extensive initiative such as achieving cost savings over time.

Typically, an account manager sets up a discovery conversation to discuss what's happening with your organization and what it hopes to achieve. During this time, CDW will gather specific information such as your annual software spending, the top publishers you work with, the contract vehicles associated with publishers and when your organization was last audited. This information helps us understand the current landscape at a high level.

If the people we meet with from your organization are unable to answer these questions, it may indicate that we are not speaking with the right people or that the relevant individuals are unaware of these details. Both scenarios are possible.

It’s incredibly important for CDW to engage with the right stakeholders within your organization. Many people assume our discussions are limited to what they purchase, leading them to believe that only procurement needs to be involved. While procurement is important, we also need to communicate with IT and potentially other lines of business, depending on the objectives of the conversation.

When CDW customers implement a SAM program, they typically save up to 30% in the first year. After that, they usually see a 5% savings annually. That can be huge benefit for customers seeking cost savings initiatives.

Another advantage of SAM is improved visibility which can help decrease risk exposure related to potential audits. On average, organizations face at least one software audit each year. These audits could be from companies such as Oracle or from other software providers; for example, a customer might have too many Snagit licenses through TechSmith.

For larger publishers, the average settlement from an audit can be around $5 million.
This is a substantial amount that often goes unbudgeted. It's also important to consider the operational disruption caused by audits. When a company is audited, several team members may have to stop their regular tasks to provide information and negotiate the settlement, which can delay important projects.

CDW offers services to help organizations navigate this process. By investing in a small engagement with our services, your organization can potentially mitigate risk and reduce the settlement amount, which could be lowered to zero or a percentage of the total cost depending on the publisher's approach during the audit.

During an audit, every violation essentially incurs a cost. It’s similar to when you don’t renew your license on time; you end up paying double or facing additional fees. These penalty costs arise from not addressing issues properly.

Sometimes, you can't change the outcome of an audit if you’re not engaged from the start. This is why our services are most effective when they are embedded early enough, before an audit is triggered.

There’s significant money to be saved. Over the last five years alone, we’ve saved customers an estimated $1.5 billion, and counting, through reduced audit exposure and optimization opportunities through various tactical in-house projects.

With software, there are considerable opportunities to save significant amount of money. It’s a bit more challenging to see the savings with hardware. Either way, once an auditor has access to your data, they can really dig in, and you may end up facing a bill for your exposure, which in some cases can reach $50 million for a large corporation.

At that point, you have very little wiggle room. Consequently, your organization may end up negotiating extended contracts where you might not pay the full $50 million, but you might pull together a $25 million package of products that you may never use. These products then sit there unused for three years because you’re stuck in a penalty box. All that to say, audits can be extremely tough and unpleasant.

At CDW, we understand that effective asset management is key to optimizing costs and maximizing the value of your technology investments. When you engage with us early, we can conduct thorough assessments of your unique challenges and find the best solutions for your needs. With knowledge of licensing across 25 major software publishers — CDW brings amazing insights and capabilities to the table.

By partnering with CDW, you’ll benefit from comprehensive asset management solutions that not only streamline your operations but also drive significant savings.