How to survive a software license compliance audit Featured

8:02am EDT May 1, 2013
Heather Barnes, intellectual property attorney, Brouse McDowell Heather Barnes, intellectual property attorney, Brouse McDowell

You don’t have to be pirating software to get in trouble during a compliance audit.

“Where companies get ensnared is in the deployment phase. It’s not that they are trying to get away without paying, they get caught up in the terms of conditions found in the fine print of licensing agreements,” says Heather Barnes, an intellectual property attorney with Brouse McDowell.

Smart Business spoke with Barnes about what businesses can do to make the software audit process go smoothly.

What prompts an audit?

Software companies include the right to request audits as part of the terms and conditions of the software license agreement. The fine print contains the right for the software company to audit your computers and systems. Sometimes audits are performed because that organization received a tip from a discharged employee. There also are companies that conduct audits as a regular course of business, either itself or through a third party, such as The Software Alliance. Because of the economy, software revenues have decreased, so software owners are replacing lost revenue by ramping up enforcement with compliance audits.

Once you’re notified about an audit, what should you do?

If you are an organization with in-house counsel, contact them immediately. Smaller companies should retain outside counsel, because attorneys can make a big difference in the final outcome.

The first thing an attorney will do is assist with the parameters for the audit — how and when it will occur, as well as the scope. If there is a noncompliance issue, legal counsel can draft a settlement agreement; they may even negotiate the settlement to a more reasonable number. Even if there are no compliance issues, you still want a document drafted that acknowledges how the audit was conducted and what was found, as well as a release of any claims the software company could have brought.

What problems can occur if you proceed without legal counsel?

Much is dependent on the particular company, but the audited company wants to prevent the software owner from having free reign of its systems, and that is a role legal counsel can help control. For example, legal counsel can assist in defining the scope of the audit by determining which computers are included in the audit. Do you include every computer? Just computers in use? What about the computers that are older and sitting in a warehouse? A software company could attempt to include any computer you own, even those that are obsolete and unused.

Another potential issue is how the audit concludes. You might come to an agreement at the conclusion of the audit and think a settlement is in place. Without legal counsel involved, a company could find itself with no settlement agreement or other document detailing what occurred and the responsibilities of each side going forward.

What are typical noncompliance issues and how much do they cost to fix?

Terms and conditions of the software license agreement vary by company. Many companies allow you to use older versions of software when you obtain a license for their latest product, but some do not. However, many people think that it’s an industry standard that you can deploy older versions.

Another problem is maintenance of business records proving owned licenses for software. You need to have documentation and keep those records current and accessible. That can be complicated when the software was purchased from multiple third-party vendors and for software that is old. Companies should conduct internal audits to ensure they are in compliance with what their records reflect, which could help mitigate exposure when an audit occurs.

Normally, if you are out of compliance, you’ll be charged the licensing fee you should have paid. If it is $200, $300 or $500 per license, multiply that by the number of computers out of compliance and it can get expensive quickly.

Further, if you’re found to be noncompliant, develop internal procedures to ensure compliance in the future. If you are audited once and are found to have compliance issues, it is just a matter of time before the software owner is back to check again.

Heather Barnes is an intellectual property attorney at Brouse McDowell. Reach her at (330) 535-5711 or hmb@brouse.com. Learn more about Heather Barnes.

Insights Legal Affairs is brought to you by Brouse McDowell