What is a software license audit?

A software license audit is a formal, mandatory compliance review of a company’s use of products and services. Every software company has its own industry standards it expects all users to comply with. Having mandatory standard compliance reviews performed by auditors allows these software companies to maintain above-board practices and protect intellectual property rights. 

Auditing helps minimize corporate risk on all fronts. Software licensing companies want to avoid copyright, and companies using the software want to remain reputable and avoid fines.  

What Are Some Challenges With Software Licensing Auditing?

  • Fines can be expensive
  • License changes between versions: some companies start with one software license and later switch to another. It might not be enough to detect that a library or code fragment has been used – an auditor is looking to see every version.  
  • Derivative works: some licenses have very specific conditions for linking and creating derivative works. An auditor will have to determine if the library has been linked or derivative work has been created.  
  • Internal source code fragments: some software packages have fragments of source code. They’re provided for reference but aren’t compatible with internal policies. An auditor will look for use of those fragments.  

Why Is Software Licensing Auditing Necessary?

Standardizing best practices is always going to be helpful to a company. Most database licenses have a formal license agreement and process that allows reasonable audits of usage and compliance. Auditors aren’t out to get you – they’re out to make sure everyone is following the rules. That can be annoying of course, and potentially expensive, but it has to happen.  

What Is A Typical Audit Process? 

  • Identify software assets 
  • Verify software assets including licenses, usage, and rights 
  • Identify and close gaps that may exist between what exists on the installations, the licenses possessed, and the rights of usage 
  • Record the results in a centralized location with Proof Of Purchase records 

What Are Best Practices for Being Audited?

  • Provide the information requested – and nothing more 
  • Keep track of all correspondence and review all requests and responses carefully 
  • Know what’s going to requested
    • Items typically requested in an audit include:
      • listing of the products and licenses your organization is using 
      • the hardware platforms and configurations (CPU type/size especially) in use for those products 
      • output from various OS and/or database scripts, and running of certain processes or procedures 
  • Be aware of how to handle being out of compliance
    • Database representatives will work with you to determine additional licenses required and/or other options for resolution. 
  • Follow industry best practices to keep your licenses compliant before being audited
    • These include cleaning up named user or CPU license surplus or deficits, reconciling minimum license requirements, purchase of any additional required licenses, etc.   
  • To be safe – audit yourself before anyone else does