The importance of conducting software audits to avoid costly penalties
Software vendors are becoming more proactive in auditing their customers' use of their products. Software audits can take several forms, but primarily, a software vendor will request a customer to self-audit and report on its software usage, which is known as a self-audit or a trust-review. If the customer refuses to conduct the self-audit, the software vendor will likely require that the customer avail themselves for a complete and extensive audit of the software usage. However, this could attract commercial risks and may lead to massive cost and financial implications for the customer if the software audit finds that the usage exceeds its software licence.
In this article, we propose the best approach to avoid a costly audit process and licencing penalties is to adopt a proactive and continuous self-audit review. Through a proactive approach, customers can ensure that they have taken steps to ensure that their software usage is in accordance with their software licence and that they are not surprised by a costly audit penalty.
If a software audit finds that a company has breached the scope of its software licence, the software vendor may impose a financial penalty. This penalty often requires the company to purchase licences for each unlicensed user, with these licences typically carrying a higher fee than the original licensing fee. However, as licence fees frequently increase, it could lead to a company being liable to pay a hefty penalty, especially if the company has become dependent upon the software.
The core issue is that companies are often unaware that they have breached their software licences or that they have increased the software's use beyond what is licenced. This is especially prevalent where companies use a freeware version (where the licenced rights are extremely limited) but deploy the software internally or use the software to generate revenue.
The types of rights and authorised use of the software will vary depending on the type of a licence contract granted to the company. In order to mitigate the risk of having to pay audit fines, companies must investigate and understand the scope of their software licence to ensure that they do not contravene the software licence through overuse or non-licensed use.
Before implementing software internally, an organisation must ensure that it has a comprehensive understanding of its licensed usage. For example, a company may be permitted to use the software internally but may not necessarily be permitted to commercialise or on-sell such software. Furthermore, a company must ensure that it understands the user restrictions, such as how many machines/instances it is permitted to install the software on or how many users may be granted access. At this point, licensing rights violations typically come to light as a company acquires software for its internal use but tends to extend its usage far beyond the scope permitted by the software licence. In this situation, a company will likely face an audit request from the software vendor, which may result in cost implications depending on how integral the software is to the company operations. In addition to hefty penalties, if a software audit finding of non-compliance is publicised, it can adversely impact the public's perception of the company and may tarnish its reputation.
Our recommendation is a proactive and continuous self-audit review process, which will allow companies to save costs and possibly reduce hefty penalties through following activities:
- Legal teams should review software licence terms to understand precisely the limitations of licence types;
- Determine the extent of authorised users and for what applications the software may be used for;
- Review and understand the legal meaning of definitions in licence agreements;
- Compare the licenced use against the company's actual use of the software;
- Implement a licence management software;
- Establish a licence/vendor management office that deals with software assets and retains records of software use;
- Establish internal policies for software procurement;
- Deactivate inactive user accounts and cancel software subscriptions for unused software; and
- Implement periodic internal audits and maintain a self-audit record on the software's use.
Therefore, a company must review and understand its software licence limitations to reduce the risk of excessive software usage or non-licensed use, which could incur unnecessary financial penalties.
Lastly, a company should consider the potential cost implications of the software before its procurement. A company should consider the costs of switching between software vendors as part of this forecasting. High switching costs may mean that a company becomes locked into using a specific software vendor's product due to exorbitant migration costs associated with switching to a different software vendor.
ENS' Technology, Media and Telecommunications (“TMT”) team are able to assist companies in reviewing their software licensing agreements to determine the limits of permissible use and can further assist with any disputes arising from adverse software audit findings. The team is able to provide a checklist to the company to assist with conducting a self-audit on software usage. For more information, please contact our TMT experts below:
Executive | Technology, Media and Telecommunications
Candidate Legal Practitioner | Technology, Media and Telecommunications