How to Ace Vendor Audits

 
 
By Dennis McCafferty  |  Posted 10-19-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    How to Ace Vendor Audits
    Next

    How to Ace Vendor Audits

    Few organizations purposely misuse assets, but many are caught out of compliance due to the increasing complexity of license usage policies.
  • Previous
    Highly Scrutinized
    Next

    Highly Scrutinized

    61% of survey respondents said their company has received a vendor audit request in the last 18 months—and 17% said their organization was audited three or more times during that period.
  • Previous
    Well Prepared but …
    Next

    Well Prepared but …

    85% said their organization has an IT asset management (ITAM) practice.
  • Previous
    … Under Equipped
    Next

    … Under Equipped

    Only 17% said they have ITAM tools in place to manage compliance in light of the audits.
  • Previous
    Bases Covered
    Next

    Bases Covered

    Nearly all companies with an ITAM practice use this data for service management, and 74% do so for vendor management.
  • Previous
    Above and Beyond
    Next

    Above and Beyond

    58% of organizations with an ITAM practice in place use this data for needs that go beyond standard ITAM functions, addressing functions such as security and architecture.
  • Previous
    Outdated Approach
    Next

    Outdated Approach

    57% of survey respondents said their company still "normalizes" its ITAM data manually.
  • Previous
    Best Practices for Navigating a Vendor Audit: Embrace Transparency
    Next

    Best Practices for Navigating a Vendor Audit: Embrace Transparency

    The best way to "get back to business as usual" is to be open about processes. Make the improvement of audit management issues part of your continuous improvement plan.
  • Previous
    Best Practices for Navigating a Vendor Audit: Ensure Security and Confidentiality of Data
    Next

    Best Practices for Navigating a Vendor Audit: Ensure Security and Confidentiality of Data

    While you may primarily focus on controlling audit activity and proving compliance, you shouldn't overlook the need to control and manage the data being shared.
  • Previous
    Best Practices for Navigating a Vendor Audit: Beware of Phony Audit Requests
    Next

    Best Practices for Navigating a Vendor Audit: Beware of Phony Audit Requests

    Not all are legit. There are ill-intended vendors—often from foreign nations where your organization has an office—that will send bogus but authentic-looking requests when they're actually just trying to sell something.
 

A majority of companies have received software and hardware audit requests from vendors over the last 18 months—and many have undergone these audits several times during this time frame, according to a recent survey from BDNA. The resulting findings summary, titled the "BDNA State of the Enterprise Report: Breaking Away from the Vicious Vendor Audit Cycle," indicates that most companies run an IT asset management (ITAM) practice, but few have the right tools in place to prove that they're compliant during audits. If they fail, they end up paying hefty fines, as vendors now view license audits as a robust source of steady revenue. To avoid this, CIOs and their IT teams must take a proactive, holistic approach to software product management—as opposed to taking action only after an audit request is issued. "Companies have adopted the habit of reacting to audit notices by scrambling to compile the relevant data—an incredibly time-intensive process," according to the report. "And then, when they are ultimately found to be out of compliance (as most companies are, given the convoluted nature of license agreements), most organizations have no choice but to capitulate and pay up. The fact is that few enterprises purposely misuse assets, but are instead caught out of compliance due to the increasing complexity of license usage policies … By changing a few aspects of how IT technology data is managed, businesses can become proactive in managing their software and hardware assets, literally ending the vicious vendor audit cycle or avoiding it altogether." Representatives of more than 160 global companies took part in the research.

 
 
 
 
 
Dennis McCafferty is a freelance writer for Baseline Magazine.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login Register