While there are prescribed standards for conducting several types of audits, external software license audits remain unregulated and ripe for legislative intervention. Until then, companies must fend for themselves.

From our experience, a software publisher's motivation to conduct an audit falls into at least one of the following buckets:

  • Compliance - to verify compliance in the ordinary course of business and calculate a true-up if usage exceeds the terms of the operative license agreement
  • Renewal/Sales – to gain leverage in negotiating a renewal and/or to sell additional products
  • Profit – to extract additional money through the threat of or actual initiation of litigation for copyright infringement and/or breach of contract

So, what can a company do to protect itself?

From a legal perspective, the first line of defense is to negotiate a license agreement that contains clear definitions, such as, what constitutes "use" of a license, who qualifies as a "user," the environment where the software can be deployed and, if applicable, how the software can be incorporated, marketed, sold or distributed. Once the parameters are established, the company should adopt internal processes to ensure compliance.

In the absence of federal or state regulation, the parties to a licensing agreement can also agree in advance how a software audit is to be conducted, allowing the company to negotiate terms that offer some protection from unreasonable demands or spurious results. For example, the audit provision in the license agreement can address:

  • how frequently a software audit can be conducted
  • the process for conducting the audit, e.g., what is the form and amount of advance notice required? will the audit be conducted by an independent third party? will a formal audit report be generated? is there a process for the company to contest the findings? who pays for the audit?
  • what happens in the event that the audit establishes that the company is not in compliance with the terms of the license agreement

Lastly, what should a company do if the software publisher demands an audit?

Remember that the best defense is (sometimes) a good offense. The company should not automatically capitulate to an audit request without first seeking legal counsel to evaluate the applicable audit provision and guide the company through the process to minimize exposure and reduce the risk of subsequent litigation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.