Thoughts on Software Audit Preparation
By: Steffani Lomax
In keeping with the theme of software audits, let’s talk about preparation and some tips for ensuring a smoother process.
The audit process typically begins when the software publisher notifies the customer by letter. Most of the leading publishers put a “buffer” between themselves and their customer to preserve the relationship, often by hiring one of the Big Four accounting/audit firms – PricewaterhouseCoopers, Deloitte Touche Tohmatsu, Ernst & Young or KPMG- and the auditor sends the notification letter. The Big Four have certifications in audit methodology, so employing one of these firms establishes a formal process and adds credibility to the findings.
Once the notification letter is received, the first step a company needs to take is to organize internally prior to responding. Our IT asset management company recommends that organizations immediately identify and assign an Executive Sponsor as well as a Project Manager who will be the single point of contact for all matters related to the audit. The organization should also form a project team that includes all parties who will participate in audit-related activities, such as gathering and analyzing software deployment data, license entitlements, and contract terms and conditions. Another important step is to review the audit clause within your agreement, to understand the parameters prior to the commencement of the audit process.
The company being audited should acknowledge the audit request in a timely manner. As mentioned in an earlier blog, audits can be delayed. When an audit request is received, the proposed date or time frame may conflict with other critical internal initiatives and deadlines. Often times an organization can postpone an audit for months, providing more time to prepare for the event. Organizations should work with the auditor to agree on a plan that works for both parties in terms of process and timing.
Our IT asset management company recommends that the preparation process include a self-audit. This is an important and necessary step to gain an understanding of your compliance position with the software publisher in advance of the meetings with the auditor.
From the beginning, make every effort to build a positive relationship with the auditor. Do not take an adversarial approach; team with the auditor, because this will lead to a more congenial and less stressful process.
To summarize, here are the recommended preparation tips:
- Organize internally
- Assign an Executive Sponsor and a Project Manager, and form the project team
- Understand the audit clause in your software contract
- Respond to the audit letter in a timely manner
- Agree on an audit plan with the external auditor
- Perform a self-audit
- Build a positive working relationship with the auditor
If you follow these tips, you will ensure a smoother audit process.
If you have questions or would like any more information about how to prepare for a software audit, please feel free to contact one of our helpful Siwel IT asset management professionals at 212-691-9326.