Software Audits for the Tiny Business

In the dot com boom, I headed up a technical team. One of my responsibilities was the hardware and software needed by our team and other teams in the company. Back then, software was typically boxed and came with packs of licenses. I had an internal software audit routine to check that all of our computers were correctly licensed.

Article Continues Below

In my own business, I’m part of a two-person team. Many of our software licenses are purchased far less formally and are for one user only. We also rely on a huge amount of Software as a Service, where there is no box or permanent license to use the service. As owner-managers, we sometimes buy something using a personal email address or bank card, despite it being for company use. Also, we contract third parties to do work for us, and they purchase software or create accounts on our behalf. With no physical boxes, or volume licenses to keep track of, small companies now develop websites and software in a far more informal way.

It’s a common pattern we see at Perch: the company contacting us has had a website developed, and sometime later the person who developed the site and bought the software license leaves the company. The company has no idea how to access the license information, and password reset attempts go to a now-dead email address. Sometimes the account is linked to a personal email address, or was even bought by a third party who had been contracted to build the site.

With accounts spread around between owners, employees, and contractors, businesses can easily leave themselves exposed. Services get canceled because no one saw the reminder that a credit card had expired. Domains fail to auto-renew, leaving the company in danger of losing them. Software purchased via an employee or contractor becomes inaccessible due to that person leaving. Therefore, I propose that every business needs a software and services audit. Collate all of this information, then make sure it is accessible to you and other trusted team members.

What should we audit?#section2

What should you take a look at? To get you started, I’ve listed a few key areas that most web agencies and software businesses will recognize. Once you start this process, you will no doubt think of more. (If you think of something other business owners might forget, add it to the comments.)

Domains and DNS#section3

Does the company own all of the domains you use, or are any linked to personal accounts?

Can you move all of the domains and DNS management to one location? Services such as DNSimple offer domain hosting and DNS management, and can be a better choice than having domains registered alongside your webhosting.

Do you have a solid way to track expiration dates? Are domains set to auto-renew with up-to-date payment details? Do all of the domains have correct contact details?


How many email accounts are being used in your business? Are you, or your employees, using personal addresses for company business?

Is important and valuable information stored in your email, or in the email of employees? For example, if you work with clients by email, who has the history of the conversations?

Is email securely backed up?

Software used on your websites#section5

Many websites rely on paid software-whether that is a full CMS like Perch, or paid add-ons to WordPress. Who owns those licenses?

Which email address is linked to these licenses? The developer might use it to let you know of important security updates to the software.

Do you have access details for any account on the third-party website?

Do you know where and how to get support for any of the components of your website that haven’t been developed in-house?

If you develop websites for clients, you may be able to help them to manage this better by providing a handover pack on payment that includes all of the key details and clarifies their significance.

Recurring payments#section6

Go through your bank and card statements. What does your business pay for, monthly or yearly? Cancel anything you don’t use.

For services you do use, check if you can save money and bookkeeping by switching to an annual plan.

Check that the plan you are on is up to date and still the right one for you. SaaS companies often introduce new levels of service—you might save money or get new functionality by switching.

Keep a list or spreadsheet of services and the date on which you last checked them. You can repeat this process every six months, to make sure you don’t pay for things that you are not using.

Start with one small thing#section7

Auditing everything you use in your business is likely to save you time and stress in the long run, but with our limited time it’s an area we can find easy to avoid. You don’t need to do this all at once. Next time you have a couple of spare hours, pick off one area and start there.

In a couple of hours you could list all of your domains, check when they expire and make sure that you can access the registration for each. You may need to add another to do to your list to consolidate them at one provider, or to update contact details. However, you have moved forward just by knowing what the status of your domains is. You are already less likely to have the nasty surprise of waking up to find a website offline due to the domain expiring.

Let me know in the comments if this is an area you struggle with; or if you have found good ways to store, maintain, and share this kind of information.

7 Reader Comments

  1. SSL certificates. Similar to domain registrations, you need to track when they expire and which CA issued them, so you can renew.

  2. Don’t forget to track when the credit card that’s used to pay for things is due to expire – could be loads of sites/vendors need the updated details

  3. For clients I normally create development email account that we use to register to various services. We give access to the email account at the beginning of the project/collaboration and the person responsible for the current project can link the email account to her/his business email or use it as a separate account.

    When we need a service following steps are followed:
    – we explain what the service is, why we need it and what it costs
    – if there are alternatives then we explain those
    – after short discussion we create new account to the service using development email account
    – we open correct page or send link to the person (who has the financial access) to fill the credit card information
    – we store password to the service in a secure place that has been decided with the customer

    During the project we create infrastructure diagram that tells what kind virtual machines are running, what kind of domains and services.
    Price tracking is done by the customer.

  4. I’ve often wondered about how others keep track of all this information. Working in IT for years taught me a lot about the importance of asset tracking and inventory systems. I used Spiceworks and Active Directory to keep track of computers, license keys, installed software, etc. This was updated monthly, printed, and saved as a file too.

    For the web though, I haven’t found a good way to keep track of all of this. I’ve used spreadsheets, which work for now, but seem like an archaic way of handling this. There has to be a better way to keep track of DNS, SSL, site information, passwords, etc for easy auditing purposes.

    I’d love to hear what others are doing in regards to collecting and maintaining this information.

  5. Nice information. Websites are core to any business as it speaks about the offering in-front of a global audience. This makes it important to check the entire website infrastructure on daily basis. If an enterprise content management solution is used, it will have updates for themes, modules and plugins on timely basis which contribute to the website security. Have a proper schedule to check for this updates. While all content management systems provides tools that check for updates automatically and give notifications, this will be a good way to keep track of everything on a website. For accounts department it is necessary to review the licensing of this software and also consider the expiry of domain as they are essential factors as well for the website to work flawlessly.

Got something to say?

We have turned off comments, but you can see what folks had to say before we did so.

More from ALA