Software applications are usually not free and require the purchase of a license. A software license is a legal agreement defining the conditions by which the application can be used. For example, “the application may only be used by one ‘named’ person.” Licenses generally grant the software manufacturer the right to audit the customer. If a manufacturer chooses to exercise this right, they often audit the entire organization to ensure overall compliance, even if only a few licenses have been purchased. Non-compliance can lead to unexpected expenditures.
While CU Boulder is committed to software compliance, manufacturers may still audit the university. Audits can be complicated and time consuming, and the communications and exchange of information should be carefully regulated.
If you receive an audit notification, do not respond, and contact the OIT Software Asset Management (SAM) team at firstname.lastname@example.org. The SAM team is skilled to lead software audits for the Boulder campus.
Software audit response procedures
The Software Audit Response procedures were developed by the SAM team and are used to guide the audit process. The procedures are outlined below.
Phase 1: Initial Audit Response Process
Confirm the legitimacy of the audit request, execute tracking and control procedures and communication protocols.
Phase 2: Pre-Audit Activities
Organize a steering committee and audit team. Respond to the audit notice requesting the auditor to deliver relevant contracts and purchase records and complete a questionnaire documenting the timeline, scope, methodology, discovery tools, and balance calculation methods.
Phase 3: Kick-off, Planning and Scoping
Negotiate the ground rules, timeline, data collection, testing and counting methods, priorities, and change management.
Phase 4: Data Collection
Review purchase records for scope relevancy and completeness. Approve the collection method and oversee the data collection.
Phase 5: Data Analysis
The collected data is carefully reviewed to ensure it contains only relevant information and masks proprietary university information. Agree on the final license balance.
Phase 6: Negotiation
If necessary, a CU negotiation team enter negotiations with the manufacturer.
Phase 7: Audit Completion
The manufacturer delivers an audit close notice.
Phase 8: Implementation
Action items are implemented, tracked, and documented.
Phase 9: Conclusion/Post-Audit
A final report is distributed to key stakeholders.
If you have any questions related to software compliance or audits, please email email@example.com.