Earlier this year, the Business Software Alliance (BSA) sent shockwaves through the business community when it penalised two Scottish companies with fines of more than £140,000 for using unlicenced software. It was a warning to businesses of all sizes that the financial risk of disregarding licencing laws could be a costly one.
In the current economic climate, this trend of imposing financial penalties is expected to increase as software publishers increase the frequency and rigour of audits to preserve their revenue. To put the unlicenced software problem into perspective from the vendors’ point of view, in 2005 IDC’s research concluded that the world’s software companies were losing USD34 billion in revenue to unlicenced installations. This is more than the gross domestic product (GDP) of 42 countries.
With this backdrop, having the processes and technology in place to ensure continuous licence compliance is crucial for IT departments, but especially prior to a software publisher’s audit. Here are our suggestions for taking control of an impending audit.
1. Review the contract to understand audit terms and conditions
First, it is important to establish whether the software publisher indeed has the right to audit the business in the first place, per the terms of the licence agreement. Assuming the publisher has the right to audit, it is critical to understand the terms and conditions of non-compliance, as well. For example, it should be determined whether there are potential financial penalties.
Some vendors impose penalties and/or charge the cost of the audit to the customer if non-compliance exceeds a certain percentage of the total licence cost. The audit cost alone can be in the tens of thousands of pounds. Non-compliance is very seldom by design, but still represents a potential liability. Knowing the consequences can empower an enterprise to take immediate remedial action.
In addition, scrutinising contracts will also enable IT departments to create clear checklists of the key measurables of the audit. If the audit goal is to establish an “effective licence position”, then information on software installations must be compared to licence entitlement data for all applications in question. The data to be collected may include hardware and software inventory, users, purchase order and contract information.
Prior to any audit, it is worth asking the publisher exactly how the audit will be performed and what level of assistance will be required by the auditors. Enterprise software audits can consume many staff-months of time during which the IT department collects the requested data.
2. Make sure the software and hardware inventory is up to date
Software publishers audit businesses to make sure that the software is being used within its licence terms and is appropriately paid for. This means that IT departments must have a comprehensive view of their entire IT estate, including hardware, to ascertain how the software asset is being used and whether they are in compliance.
To make sure that software inventory is accurate and up to date, the fingerprint of every application installation, which includes file evidence, add/remove programmes and WMI (installer) data, must be analysed and a list of proper software titles generated for each machine. This is the necessary first step in the process that will enable the IT department to reconcile the list of installed applications with software purchase data, licence type and associated conditions of use.
3. Keep proofs of purchase and licencing agreements ready for inspection
Prior to an audit, IT departments should ensure that all their paperwork is in order, recorded and easily accessible including paid invoices, receipts of purchases, licencing agreements and certificates – especially soft records of purchases from resellers and publishers. This proof of licence entitlement is critical to the reconciliation process.