SellAdSpace.com
    
RELATED LINKS
Home
 
Related Sites:
Website Hosts
Ebooks Directory
Link Directory
elearning
Sites of Interest:
Song lyrics
Classic films
Marvel Nemesis Cheats
Tour Americas Parks
Training employees
Ebooks Directory
Jokes
Link Directory
Mars mission
Terrorist information
Maps
Kazaa
Decorative Painting
Game Codes
Google

UNLICENSED SOFTWARE USAGE poses a significant risk to organizations in terms of potential fines, audit and legal fees, additional software licenses and maintenance fees, business disruption, and reputational damage. The risk of being audited by a software vendor has risen greatly in recent years, and the consequences can be substantial. Losses to software companies due to piracy amounted to just under six billion dollars worldwide in 2001, according to the Business Software Alliance (BSA), a software trade group.

Although software management can be complex, resource consuming, and frustrating, the software purchaser is responsible for complying with the software license agreement. Internal auditors can help reduce the risk of adverse software audits by ensuring that an asset-management process has been implemented and that the company is prepared for a possible audit. As part of the software asset-management plan, the organization should review all software license agreements, perform a self-audit, and correct identified licensing deficiencies.

REVIEWING LICENSE AGREEMENTS

The first step of the software asset-management plan should be to assign someone to review all software license agreements for key clauses, including:

* Audit clauses. If there is an audit clause, determine exactly what rights the software vendor has in performing an audit. Typically, the audit clause gives the vendor -- or assigned third-party -- the right to perform one software audit annually. The audit clause may also give the software vendor the right to charge audit fees, penalties, and frill retail prices for licenses deemed required if the company is found not to be in compliance. Depending on the type of audit software, audit fees can range from a few thousand to several hundred thousand dollars.

* License scheme. The type of contract will determine the audit procedures the software vendor auditors use. Many companies think they have one license type -- for example, a concurrent users license -- when they actually have a different type -- such as a named or per--seat license. Many times, this misinterpretation leads to the audited company owing hundreds of thousands of dollars for additional licenses.

* Affiliate use. If the software contract does not specifically grant the company the right for its affiliates -- sister companies and subsidiaries -- to use the software, the company may be out of compliance if it is allowing such usage.

* Third-party access rights. Vendors, customers, business partners, or other nonemployees can only use a company's software if it is allowable under the license agreement. Third-party access rights may arise when a company gives access, for example, to a population of unlicensed users via an Internet storefront or "bolt-on" application.

* Software modules purchased versus modules installed. Some software vendors distribute software on CDs or DVDs that contain their entire suite of offerings, regardless of what modules the customer actually purchased. If the customer is using modules not previously purchased, he or she may not be in compliance with the agreement.

* User license types. Determine exactly what type of user license was purchased. For example, if "inquiry-only" licenses were purchased, users shouldn't be performing sales-order transactions in a financial application or enterprise resource planning software module. In this example, a user performing transactions would typically require a more expensive full-use license such as a "concurrent" or "named" license.

* Global versus domestic use. Some software license agreements stipulate that the software may only be used in the country where the contract is signed (i.e., domestic use only). If a company has international offices using the software, or even just connecting to the domestically located server, the company may be out of compliance.

PERFORMING A SELF-AUDIT

The second step of the software asset-management process is to perform a self-audit to determine if the company is complying with its software license. Some software packages may have built-in license-use monitoring and reporting features to help with the self-audit. The BSA and the Software and Information Industry Association offer free self-audit kits on their Web sites, although mainly for shrink-wrapped software.

If no built-in feature exists, the internal auditor will have to develop a means to monitor software usage. It's helpful to create an asset register beforehand to track all software, contract provisions, and associated licensing. The register is also a good mechanism for tracking and documenting self-audit tests and other compliance procedures. This documentation could be invaluable in proving intent to remain compliant if legal action is taken as a result of a software vendor audit.

CORRECTING LICENSE VIOLATIONS

The final step is to immediately correct any licensing deficiencies that are found. Generally, this means uninstalling software that doesn't have a corresponding license and removing users who have never used the software or who no longer need access from the profile table. If more licenses are needed, they should be purchased in a timely manner to avoid the risk of an audit. It's also helpful to document all compliance procedures for internal control purposes and to defend against potential legal actions.

COOPERATION IS KEY

In the event of an audit by the software vendor, organizations should cooperate with the vendor's auditors. Software vendor auditors make a distinction between fraud that could lead to civil or criminal action versus simply finding an organization out of compliance. Most software auditors will recognize red flags such as delay tactics, giving erroneous information, not responding to requests for information, or attempting to circumvent built-in license monitoring features.

If the audit results require the organization to purchase additional licensing, the company must reach an agreement with the software vendor to satisfy the audit on a timely basis. The software vendor usually wants to keep the company as a customer and consequently will allow some negotiation of fines, penalties, audit fees, licenses, and maintenance fees.

If a settlement can't be reached, legal action is typically the next step for software vendors. It's rarely beneficial to refuse negotiating a settlement in favor of legal action, where the odds generally favor the software vendor.

RELATED ARTICLE: Rules and Regulations

There are two legal mechanisms for controlling software usage: the software license agreement (SLA) and copyright laws. SLAs typically have provisions for audit fees, penalties, and a mandate for purchasing required licenses at full retail prices. If compliance issues can't be resolved via the SLA, the software vendor or a trade industry policing group can pursue legal action under copyright laws. In the United States, software piracy comes with significant fines, including civil penalties up to $150,000 for each program copied and criminal penalties of up to $250,000 and possible imprisonment of up to five years. The Copyright Act, Title 17 of the U.S. Code, defines rights granted to owners of copyrights. Internationally, the Berne Convention for the Protection of Literary and Artistic Works and the World Intellectual Property Organization Copyright Treaty establish copyright standards.

The Software Police

The Business Software Alliance (BSA) and the Software and Information Industry Association, both software trade groups with international affiliations, have stepped up efforts to combat software piracy. These software policing organizations are very effective in using copyright laws to enforce compliance.

The Canadian Alliance Against Software Theft works with the BSA to combat piracy on behalf of sponsoring software vendors, as does the Business Software Association of Australia. Based in the United Kingdom, The Federation Against Software Theft (FAST), is probably the oldest of the policing organizations and has the distinction of working both sides of the fence: it represents both software publishers and end users.

To help end-user companies with software asset management, all of the policing organizations offer some combination of free products and services, which typically includes seminars, software license manager certification programs, self-audit software kits (asset-management tools), anti-piracy guides and publications, and sample corporate policies. Many third-party companies offer similar services and enhanced functionality compliance audit software products for a fee.

Individual software vendors, including Microsoft, SAP, J.D. Edwards, and Network Associates, also have their own internal compliance auditors and enforcers who pursue licensing issues with customers and software pirates.

MARK BIGLER CPA, CISA, CFE, is the senior IT audit manager at J.D. Edwards in Denver.

 1 -  2 -  Next 
 
Copyright ©  All Rights Reserved.
  
Related sites: