The Software Audit ExperiencePresented by Robert J. ScottManaging Partner Scott & Scott, LLP www.ScottandScottllp.com
The Software Audit Experience
Types of Software Audits
ο Independent & Third-Party Auditsο Software Publisher Conducted Auditsο Publisher-Initiated Audits Conducted by Big
Four Firmsο Self-Audits
ο Audits Initiated by the Business Software Alliance (BSA)
ο Audits Initiated by the Software & Industry Information Association (SIIA)
The Software Audit Experience
Publisher & Third-Party Audits
ο Publisher initiates audit by exercising its contractual right to enter and audit
ο The most active third parties are KPMG (BEA) and Deloitte (IBM, Adobe)
ο Third parties allegedly operate independentlyο Third parties usually have publisher-developed
discovery tools and scripts ο Audits may be narrow in scope but are still
invasive and disruptive
The Software Audit Experience
Initiation of BSA Audits
ο Aggressive marketing and PR campaigns drive reports from disgruntled employees
ο Tipsters stand to recover up to $1,000,000 in reward money
ο Audit letters are generated by both internal enforcement agents and an international network of law firms
The Software Audit Experience
The Software Audit Experience
SIIA Audits
ο Audits are initiated by tips from both disgruntled employees and tips from member firms
ο Tipsters stand to gain up to $1,000,000 in reward money
ο Lawyers are often compensated on a contingency fee basis
ο SIIA is in competition with BSA due to overlap in members
The Software Audit Experience
Legal Issues Arising in Software Audits
ο Breach of Contract Liabilityο Copyright Infringement Liabilityο Successor Liability Resulting from Mergers or
Acquisitionsο Individual Liability for Officers and Directors
The Software Audit Experience
Common Mistakes Made in Software Audits
ο Failure to Negotiate Audit Proceduresο Reliance on IT Staff to Deploy Discovery Toolsο Failure to Understand and Gather Proper Proof of
Purchase Documentationο Failure to Produce Audit Results as of the
Effective Dateο Scrambling to Buy Software Products in Response
to an Audit Letter
The Software Audit Experience
Organizational Impact Matrix
SeniorManagement
Legal
IT
Finance
Procurement
3 months 6 months 9 months 12 months 18 months
NegativeMorale
RetainingNew
Counsel
RedirectingResources
AllocatingEmergency
Budget
RealigningPriorities
ManagingUnexpected
Project
Assisting WithProduction of Deliverables
InteractingWith Outside
Counsel
ThreatOf
Litigation
NegotiatingOut of CourtSettlement
Au
dit
Eff
ecti
ve D
ate
Set
tlem
ent
Dat
e
The Software Audit Experience
Financial Impact Matrix
Attorney’sFees
LicensingFees
SettlementFees
IT ResourceDiversion
NegativePublicity
3 months 6 months 9 months 12 months 18 months
Engagement Software Discovery
Proof of Purchase Analysis
Gap Analysis Achieve Compliance
Produce Deliverables
Negotiation Settlement Post-Audit Deliverables
Au
dit
Eff
ecti
ve D
ate
Set
tlem
ent
Dat
e
FinanceResourceDiversion
The Software Audit Experience
The Audit Defense Process
Produce ResultsSettlement
Software Discovery Proof of Purchase
AnalysisReconciliation &
Gap Analysis
Negotiation
The Software Audit Experience
Software Discovery
ο Automated Process Designed to Identify all Software Products Installed on Corporate Computersο Discovery Tool Selection is Critical to Successο Discovery of All Assets is Challengingο Reporting is Unreliableο Validation is Difficultο Make Sure all Data is Protected by Attorney Work-Product Privilegeο Attorneys Experienced With Software Licensing Should Analyze the Data
The Software Audit Experience
Proof of Purchase Analysis
ο Process of Gathering and Documenting Proof of Ownership of Software Licensesο License Agreements, Manuals, Media, Purchase Orders, and Checks are Not Sufficient Proofο Dated Proofs of Purchase are Requiredο Valid Proof Must Show Product Name and Version ο The Entity Listed in the Invoice or Other Proof of Purchase Must Match the Entity Being Auditedο Clients Should Leverage Vendors to Help Compile Entitlement Data
The Software Audit Experience
Gap Analysis
ο Process of Analyzing Gross Installation Information against Gross Invoices for each Specific Productο License Types, Use Characterizations, and Downgrade Rights must be Considered ο Must Include Products not Included in Software Discovery Reports Such as Client Access Licenses, and Remote User Licenses Including Terminal Server, VPN and Citrix Users ο Calculate the Potential Fine Exposure for the Client Prior to Producing the Audit Results
The Software Audit Experience
Producing Audit Materials
ο Schedules and Supporting Documentation Representing all Relevant Software Products Installed on the Client’s Network as of the Effective Date
ο Secure a Federal Rule of Evidence 408 Agreementο A Summary with Columns for Product Name, Number of Installations, Number of Proofs of Purchase, and Excess/Deficiency is Requiredο Organize the Supporting Material by Product with Supporting Proof of Purchase for Each Product ο Obtain Management Approval before Producing Final Results
The Software Audit Experience
Negotiating Resolution
ο Discussions Occurring after Production and
Continuing through Settlement
ο Carefully Scrutinize the Auditor’s Analysisο Explain the Basis for Any Challenges to the Proposed Deficiency Counts Prior to Engaging in a Monetary Negotiationο Understand Both Monetary and Non-monetary Considerations Before Negotiatingο Challenge the Legal Basis for Arguments Advanced in Settlement Correspondence
The Software Audit Experience
Settlement Agreements
ο Make sure that executive management understands that Audit Results are Being Certified as Accurate as of the Effective Date
ο Understand that the Release is Predicated on the Accuracy of Certifications and in Many Instances Future Performance
ο Never Allow an Agency to Conduct Future Inspections
ο Non-monetary Provisions Have “Costs” as Wellο Confidentiality is Sometimes Negotiable
Contact Information
Robert J. Scott, Esq.Managing PartnerScott & Scott, LLP.2200 Ross Avenue, Suite 5000Dallas, Texas 75201
Phone: (800) 596-6176Fax: (800) 529-3292
E-Mail: [email protected]
The Software Audit Experience
Top Related