Two-thirds of all UK companies were the target for a software audit in 2016, so you could very easily be next in line, if it hasn’t already happened. Are you ready? If you aren’t holding all the right licences for your use of software, you may have to pay a fine for non-compliance.
What is a software licence audit?
A software licence audit is an investigation by a software vendor into your use, and potentially your sub-licensing, of their software. The primary aim of this type of audit is to ascertain whether you, the licensee, or your sub-licensees, are using the software in a way that complies with the terms of your software licence agreement with them and that they are properly paid (and you have the appropriate licences) for the use you are making of their software.
The significant majority of audits result in the software provider finding that their customer is under-licensed, resulting in a penalty payment being required to cover any shortfall in licence fees.
Whilst no legitimate business would intentionally use unlicensed software, genuine mistakes (albeit generally preventable ones), are common, either as a result of inadequate staff training or poor asset management.
Protecting yourself through contract
One of the best ways to prepare for an audit and to limit the potential for disputes is by using a properly drafted audit clause in your own agreement with the software provider. Most large vendors will already have a helpful clause for you to work against, but as a minimum you will want it to provide for:
- The audit procedure – which should cover the overall length of any audit, frequency between audits and allow for a sufficient advance period of notice.
- Methodology – you should ask for clarification on how the number of licences is measured and whether there will be data extrapolated from small sample sizes.
- Confidentiality – you must always ensure that there are secure confidentiality provisions that provide for all relevant persons and actions.
- Under licensing – you will want the contract to be specific as to the exact costs of under licensing and whether this can be limited depending on your actions.
- Additional licences – You should make sure that additional licences are provided for. Vendors will often include discounts on additional licences to bring your licensing up to date.
- Dispute resolution – Clear dispute resolution procedures will help you to address issues which arise, such as how to dispute a decision by the auditor. The right protection means that you have the opportunity to put your case properly to the vendor.
If there is no opportunity for you to negotiate any of the above terms, it is even more important that you read and review your software contracts properly to make sure you are aware of any potential penalties for any failure to comply.
Protection by software management
A key priority upon acquiring the software in the first place should be protecting yourself in the future from potential audits by using a software management system. This centralises management of your company’s information technology assets, enabling you to monitor and control both assets and software.
This means that you will know who is using the software and can report this reliably to your vendor during an audit, which should result in there being no unlicensed users.
What should I do during an audit?
Although there is no substitute for preparing for an audit and negotiating your licences properly with the assistance of your lawyer, you can act to ensure that the audit process is as painless as possible:
- Time-scale – audits can be very long and time-consuming. Make sure that you stick to your audit plan so nothing gets missed and the information you provide is presented clearly and accurately.
- Co-operate – the audit will not go away. Failing to co-operate and show willingness to work with the vendor from the start can result in extra charges.
- Have an audit team – assembling an audit team is essential to ensure that your audit runs smoothly and gives you the best possible outcomes. Your team should consist of your head of IT, a senior member of management to head the team and a lawyer. This will allow you to manage the audit effectively from a technical, commercial and legal perspective.
- Information – make sure you understand the rationale behind each data request. There will be leading questions. Don’t be afraid to ask ‘what do you need this information for?’ so that all the information you provide is relevant and accurate.
- Warranties – as a result of your audit, you may be asked to sign legal documents or warranties around your use of any third party or open source. You will need to ensure that all warranties are reviewed by your lawyers to make sure they are not onerous.
Although software vendors do have a genuine interest in examining whether you are making use of the correct number of licences, our clients often tell us that they feel that they are being held accountable to unnecessarily complicated licensing models and audits that do not take into consideration the nature of their own business.
By being properly prepared and ensuring that you negotiate yourself a position with your vendor, you should be able to mitigate a large proportion of your risk. We would always advise that, in the negotiating of your licences, you include your head of IT and lawyers in the discussion to ensure that you get the best deal you can.