Are you familiar with the terms and conditions in your company’s IT and software license agreements? How many licensed software programs does your company use? Are you expected to “monitor” your use? Are you required to permit an audit of your “use” whenever the software publisher asks? What does “use” mean? Is usage determined per user, per device, or by some other metric? Are additional or different licenses needed when your company utilizes virtual desktops and mobile devices?
The answers to these and other similar questions are likely to determine whether your company is prepared for the ever-increasing risk of a software audit. Businesses that run licensed software should invest some time early to evaluate the potential risks lurking in the shadows of their IT departments. The risks can be quite varied and significant. And some of them may come as a surprise. These risks include the time dealing with an audit which causes distraction from your core business. You may also receive a termination notice or demand for a significant payment from the software publisher to remedy an alleged discrepancy between software licensed and software installed, deployed or used. If software is important to your core business operations, a software publisher’s audit could be used to garner significant leverage against an unprepared licensee. IT and software licensing is an unregulated industry, so once the audit process starts, hold on to your hat and get ready for what may be a wild ride.
Before you start hyperventilating and decide to scrap all computers to revert back to your trusty pen and paper, be assured that you can take steps to manage the risk and reduce the potential harm from a software audit. The first step is to acknowledge that the risk of an audit permeates all phases and aspects of IT asset management (ITAM) and software asset management (SAM). You may wish to explore whether automated tools can help track your software licenses and your company’s use of the corresponding software. Many companies also designate a compliance officer to monitor and control software use on the company’s system.
Before licensing new software, consider the potential effects of an audit on your company. Don’t just sign the agreement, or click through, hoping that the software publisher will be reasonable later - it may not be and you will likely have significantly more leverage before you pay for the licenses. Whenever possible, try to negotiate terms of the software audit to minimize the negative impact on your business. For example, can you negotiate the publisher’s right to audit out of the agreement or include limitations on audit rights? If there is a question whether the intended use is consistent with a reasonable interpretation of the license, it may be worthwhile to seek clarification from the publisher or vendor. These considerations may be particularly important when licensing software from a publisher that generates more of its revenue from audits than from attracting new licensees to its valuable cutting edge solutions based on a commitment to excellent customer service and satisfaction.
Don’t forget to be social. Talk with others in your industry and monitor trends to determine whether certain software publishers are more likely to request an audit and to make a significant demand rather than negotiate a reasonable compromise. Certain publishers are more likely to audit their customers than others. The companies that tend to be viewed within the industry as the most aggressive auditors are Microsoft, Adobe, Oracle, HP, SAP, IBM, Attachmate, Autodesk, Google, McAfee, VMWare, and Symantec. Although you may not be able to avoid using the software offered by these companies, you may be able to maximize your readiness for an audit with some planning.
Just as it is prudent to periodically evaluate whether the software licensed by your company is providing the most robust and cost effective solution available, it is also prudent to assess compliance on a routine basis. Identify the licensed software and corresponding licenses to assess whether the software is being used in accordance with a reasonable interpretation of the license grant. If there are possible discrepancies, work to understand the nature of any discrepancies and try to clarify or resolve differences as quickly as possible. If your current system does not monitor software use, consider all options for tracking software installation, deployment and use. Understanding the scope of the license and the ways in which the corresponding software is used will arm you with the information necessary to confidently comply with an audit request.
Finally, if you are the target of an audit, immediately create your audit response team. Even better, assemble your audit response team before an audit request comes in the door. This team should include, as appropriate, internal IT department employees, in-house counsel, and outside counsel. Including outside counsel on the audit response team prior to auditing your software use is important to maintaining the ability to assert privilege over how the software use is investigated and reported. Attorneys who are experienced handling software related legal issues will be able to quickly assess the operative facts and create an effective strategy for dealing with audit related issues.
You can be the master of your own software audit destiny. Being proactive and making strategic choices protects the health of your IT Department and company.