Ten Tips for Managing a Software Audit
Aug 12, 2015 Top Ten Download PDF
Software audits have become a normal way for software owners to verify their customers' software usage, to identify gaps between usage and contracted rights, and to charge fees for additional licenses needed to close the gaps. Today software audits and the resulting charges represent a multi-billion-dollar business and a vital source of revenue for software owners. Here are ten tips for attorneys to consider when helping their licensee clients respond to a software audit.
1. Get Involved Early.
It pays to treat a software audit as a serious financial risk. A software audit can take many forms – a formal audit, a true-up, a request for self-verification and disclosure of results, a pre-renewal or pre-purchase assessment of existing deployment, or a compliance visit by employees of the software owner. Software owners are known to submit audit requests directly to the licensee's IT personnel or procurement managers. Some of these audit requests, when received, may seem inconsequential, but the cost of a licensee's non-compliance can be very high. Before responding to a software audit, the licensee should review its license position, identify compliance issues that may exist, and consider upcoming procurement involving the same software owner. While a self-assessment supported by an attorney and/or a consultant can take time, a delay of a month or more in responding to an audit rarely has a negative impact on the audit. As an example of the cost of haste, in one case, a licensee's IT personnel did not know that a software owner (which proved to be a troll) had increased its pricing by 100x since the time the licensee first acquired licenses 15 years before. The licensee made the mistake of reporting deployment not based on actual use but based on a "wish list" of additional devices that personnel would have liked to use in the future. The troll responded with an initial demand for $3.2 million. As a practice pointer, when an audit is commenced, consider asking the software owner to provide copies of all contracts and purchase orders in place with the licensee before the licensee begins to respond.
2. Beware of the Troll.
A "troll" generally refers to a non-operating intellectual property owner that takes a plaintiff-style approach to uncovering non-compliance and demanding payment. "Trolls" that assert patent claims are well known, but trolls also exist in the software world, and they often surface first through software audits. In the software world, trolls are often the owners of older lines of software products that are rarely licensed anew but are still needed by legacy users. In some cases, software licensed for under $50,000 10 or 15 years ago may now be priced by the software owner at multiples of 10x or more of the original licensee fees if gaps are found, and there is no other way to fill the gaps than by buying new licenses from the owner. An experienced software attorney can often ferret out the trolls so the licensee can assert vigorous defenses and controls early in the process.
As a practice pointer, because trolls pursue their claims in litigation more often than other software companies, consider checking the litigation docket to look for audit-related litigation brought against other licensees.
3. Trust but Verify.
In software audits generally, software owners have financial, competitive and strategic objectives designed to earn money, to exploit licensees' needs and dependencies, and to extend those needs and dependencies as long as possible. Research has shown that software owners generally believe they are underpaid for the true value of their software and that it is fair to charge more when possible. First and foremost, the licensor's goal in a software audit is to mine revenue from existing licensees. While the software owner should be a reliable business partner rather than an adversary, it pays to know the software owner's method of operation for licensing, including general licensing practices, the negotiability of terms, and pricing flexibility. Experience shows that software companies and even their independent auditors make mistakes and take doubtful positions too frequently. Just as a software owner seeks to verify a licensee's deployment, the licensee should verify the software company's licensing assumptions and counting methods.
4. Watch Out for Recent or Pending Rule Changes.
Software owners generally are not afraid to change the rules governing the use of licensed software, even with existing licenses, and they sometimes do not make the changes clear to licensees. Each licensee facing a software audit should research changes in the license rules and interpretations that the software company may have adopted, so the impact of those changes can be evaluated. An experienced software attorney or licensing expert will often be sufficiently familiar with the contract practices of major software owners in order to explain market-wide changes made by the software owners.
5. Who is on Your Team and Who is Not.
Before a licensee responds to an audit, the licensee's team (IT, procurement, legal, finance) should be aligned and agree on a process for handling this particular audit, or software audits generally. Many corporate users assign responsibility for license compliance to specific managers (sometimes called internal "owners") chosen within their organizations. The "owner" appointed by the licensee to monitor use and compliance is therefore critical to the team. It is equally important to know who the decision makers are for the software owner. A software owner inevitably has "gatekeepers" in an audit, with different roles for its sales representatives, its audit or compliance managers, perhaps an outside auditor, and any "relationship keepers" who the software owner makes responsible for resolving conflicts and maintaining a healthy business relationship with the licensee. If the software owner engages an "independent auditor," the auditor should be considered the software owner's agent rather than a constructive mediator and neutral fact-finder. It is a safe bet that the role of the auditor is primarily to enforce the position of the software owner and move the process quickly. Some auditors are not even auditors at all but attorneys or enforcement agents.
6. Consult with Experts.
Often, a licensee may be proficient with the license rules attached to particular software. This is especially true if a licensee has worked with the same software owner for many years and has become familiar with the evolution in the licensing and use of the software. But license rules can be complicated, and frequently change over the years, especially when the software company offers a multitude of product and service options which are combined, replaced, upgraded and relicensed over a period of time. Lack of continuity in personnel and knowledge is the rule rather than the exception for most licensees (and even many software owners). Even the biggest licensee may benefit from looking outside its organization for expertise. In addition to legal support, it is sometimes a good idea to engage a consultant on a confidential basis to assist with the self-assessment, especially if the licensee lacks the resources to do so quickly or if an independent, objective opinion is desired. A consultant is often helpful to point out a software owner's hotspots (such as copy limitations, sublicense limitations, device limitations and so forth).
7. Legal Defenses Count.
Software audits do not have to be regarded as adversarial; most of them result in a purchase transaction. Despite the occasional horror story, most audits are settled predictably and reasonably even when a licensee takes time to challenge and negotiate demands that may seem excessive. There is nonetheless a role for an attorney, and involving an attorney does not ordinarily impede a software audit. License contracts and procurement analysis are the province of experienced lawyers. Issues that are purely legal or contractual may include dealing with missing or unsigned documents, promises or positions of the software owner given informally during the history of the contract, evaluating the validity of contract changes made unilaterally by a licensor, understanding the interrelation of annual support, licenses and upgrades under license agreements, maintaining confidentiality or privilege, and avoiding spoliation. Often, an attorney can limit his or her role to helping behind the scenes by advising the licensee about proper preparation, the process for exchanging information and positions, and researching legal or IT questions. In some cases, though, it is necessary for the attorney to participate in calls or meetings with the software owner in order to help the licensee articulate its position or objections, to hear with a lawyer's ear the software owner's responses, or to facilitate negotiation and resolution. Sometimes the best defense is a legal defense, including (i) contract history as a guide to interpretation in the event of a hole or an ambiguity in license terms, (ii) the impact of statutes of limitations on liability, (iii) damage theories, and (iv) interpretation of license restrictions. As a practice pointer, recognize that software owners often steer software audits away from licensee attorneys, and when they do it is often tactical. The software owners' auditors are trained and coached by attorneys so they operate well without an attorney at the table; the same is generally not true for a licensee's IT managers.
8. Recognize Your Own Dependencies and Limitations, but Don't Surrender to Them.
Once software has been licensed and placed in operation, most licensees do not have the option of switching out the use of that software if a licensor's pricing for new licenses becomes too aggressive. Rather, it is more often the case that the licensee is "dependent" on the software company for the same software, upgrades, and related software and services. Most licensees need to make procurement decisions involving software on the assumption that they will need more of the same software from the same company in the future. It also has to be assumed that the use of the software will likely increase as needs expand. For larger "enterprise" software owners, the software owner may have many different lines of software or services which it bundles, giving it wider leverage over a customer and creating volume purchase opportunities. These factors are called "dependencies." These dependencies are a reason why licensing software can be such a great business for a software owner. Dependencies generally lead the licensor to regard licensees as potential long-term customers and a ready market for related products or services. There is little question that these dependencies can put a licensee at a disadvantage and limit a licensee's bargaining power if a conflict arises between the software company and the licensee in an audit. The dependency is even greater if the software company is able to exercise "self-help" remedies in the event of an impasse, like suspending maintenance or other services or holding up additional licensing (both of which are encountered occasionally). As a practice pointer, even though these dependencies are a reality, a licensee that understands the audit process can push back on audit errors and negotiate within reasonable limits.
9. Act in Good Faith and Cooperate (Judiciously).
Clients facing a software audit should act in good faith, avoid frivolous defenses, and be prepared to assure the software owner that the licensee is committed to meet its contractual and legal obligations. Most software companies have contingency plans for how to deal with a software licensee that does not cooperate or provides incomplete or faulty information about software usage. On the question of whether a licensee should cooperate with an audit when a contract has no audit, verification or cooperation covenant, the law generally does not require a licensee to comply with a software audit request unless the relevant contract creates such an obligation. However, risks can arise from stonewalling a software company, especially if the software company knows of likely non-compliance. A licensor often has other recourse besides an audit for a suspected breach, including termination rights or litigation, not to mention self-help remedies like suspending services or declining to provide upgrades.
10. Learn the Lessons From the Audit and Incorporate Them in Your Procurement Cycle and IT Management.
The software audit is an outgrowth of the software license. The software audit is when a licensee really learns the importance and cost of the limitations agreed to in a license agreement. This can be a hard lesson, especially since it is not the software owner's eager salesman but a hard-nosed compliance manager who is deciding on gaps, needs and charges. If the audit shows that the license contains restrictions that are out of synch with the way the software is used by the licensee, or otherwise fails to address critical requirements, the licensee should decide whether to fix those issues as part of the audit or renegotiate at a more opportune time in the future.
Software audits have become an important part of the life cycle for the acquisition and use of software by licensees. They have a significant, sometimes unpredictable cost impact, and are fraught with legal and business risks. An attorney can add value to a licensee's handling of a software audit by, among other things, helping guide the process, facilitating a disciplined self-assessment and, where necessary, offering legal and contractual analysis and defenses.
Additional ACC Resources
ACC Resource Library - Article
ACC Resource Library - ACC Docket
This resource is sponsored by: