How to survive a software licence audit
From time to time, a software licensor may conduct audits of its software licensees. The purpose of these audits is to determine whether the licensees are using the software in conformance with their software licence agreements and whether the software licence fees have been correctly paid. Most of the major software licensors conduct software audits.
This eAlert! addresses what you should do to prevent potential software audit problems and also what to do once you have been notified that you will be audited.
Prevention is better than the cure
Ensure your business has strategies in place before a licensor comes knocking.
Steps you should take to ensure your business is able to easily deal with a software audit include:
Consider audit rights when negotiating licence agreements – when negotiating your software licence agreements, make sure you have assessed and will be able to comply with the audit provisions. If the licensor wants the right to conduct software audits, ensure provisions are included to deal with the time and place of audits, the maximum number of audits that can be conducted (for example no more than once every two years), who may conduct the audits, who will pay the cost of the audits and the protection of confidential information that may be accessed during an audit.
Establish a software management system – ensure your business keeps a record of the software titles, versions and quantities in use in the business and where each version has been installed. This information will allow you to monitor your own compliance and to quickly respond to any audit. It is also prudent to put in place a policy on the management of your licensed software, covering issues such as maintaining a software inventory, reconciling software use with its licence and documented procedures for software procurement, software downloading, software installation and internal audits. It is also advisable to provide all employees with information that ensures they are aware of any limits on the use of licensed software and what software can and cannot be installed. For example, if software is licensed on a single user basis only, it should not be installed and made available to all users accessing the LAN.
Understand the licence terms – analyse and understand the rights associated with each of your software licences (for example, it is very important to understand how many copies of the software can be installed on how many computers). Understand whether the licence allows use by other companies in the corporate group or whether it only permits use by the named licensee.
Conduct internal compliance audits – check that the licensing rules, including rights and limitations of the licence, have been understood and applied correctly by your business. Ensure that licences have been collated and filed. Check the use of the software against the licence rights and make immediate changes if usage exceeds the scope permitted by the licence.
Understand non-compliance – know the consequences of non-compliance with the terms of the relevant software licence agreements.
Ensure licenses are not outstanding – purchase additional software licences if any licences are outstanding or have expired. It is better to negotiate new licences on an arm's length basis, rather than after an audit has shown that your business is not correctly licensed.
Delete inactive accounts – inactive accounts may cause you to unneccesarily breach your licensing limit.
Help, I've been notified an audit is to be conducted!
If a licensor notifies you that it will undertake a software licence audit, ensure you are prepared. Your preparation should include the following:
Determine whether there is a right to audit – review your software licence agreement and verify that the licensor has a right to conduct the software licence audit. If necessary, ask the licensor to substantiate its claim that it has a right to conduct the audit. If you have not agreed to a right to audit, the licensor cannot conduct the audit as your consent is a requirement before an audit can proceed.
Assemble all relevant documentation – gather all documentation relevant to the software being audited, including:
- relevant software licence agreements, which will reveal the scope of the licensor's audit rights and your rights to use the software
- payment evidence for original purchase of licences, upgrades and additional licences such as receipts, paid invoices or other documentary evidence
- licence certificates.
Negotiate a confidentiality arrangement – subject to the terms of the applicable software licence agreement, negotiate an appropriate confidentiality agreement with the licensor and auditor prior to the audit commencing to ensure that the confidential information which the auditor will have access to is kept confidential.
Ask for an agenda – the audit should expressly identify a start and finish date. Do not be reluctant to object to the proposed schedule if it will unreasonably disrupt your business. Similarly, once the schedule is established, make sure that the auditor complies with it.
Appoint a liaison person – appoint and train a liaison person to manage and assist with the audit process. This will ensure there is a single manager who takes control and represents the business.
Obtain the audit report and claim credit – before the audit is conducted, ask the licensor to provide you with a copy of the final audit report once prepared. Also, ensure the licensor acknowledges your intention to claim credit or future credit for any over-licensing identified during the audit.
Involve the account manager – involve the account manager for the relevant licensor in discussions with the auditor prior to and during the audit process. The account manager should have knowledge of the existing licences and will have a pre-established relationship with the licensor. The account manager has a vested interest in keeping your business happy and may be able to assist you if the proposed audit is going to unreasonably disrupt your business or if the audit approach is too pedantic.
Educate staff – ensure relevant staff are informed of the audit and briefed to cooperate as necessary.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.