How software audits are damaging business

Businesses around the world are being bruised by unexpected software audits, as a combination of unclear licensing rules and shifting technologies leave firms open to significant financial penalties

A number of the major software vendors are now seeing that their long-established customer base, using the traditional on-premise software model, is now shrinking.

Some vendors have overcome this issue with successful moves into the cloud, but others that have been historically dominant for on-premise software have been slow on the uptake and are now facing unexpected competition from providers that never existed in the on-premise space.

An easy target

While the strategic focus of many organisations and IT providers has shifted to the cloud, for some vendors the revenue focus has urgently shifted back to an easier target: their on-premise customer base. The method deployed is to conduct a software audit to uncover problems with this customer base’s licenses.

For many such customers, issues such as security, business continuity and complex legacy operations have meant that they cannot readily shed usage of on-premise technology in favour of the cloud. In short, they have to pay year-on-year for software licensing and continuing support and maintenance; something that becomes more and more complex as their IT infrastructure evolves over time.

The costs incurred through a software audit can often be out of proportion to the value utilised by the customer, with many maintaining that the audit conclusions are simply unfair.

What makes it unfair if the software is still being used?

  • Software licenses are required not just for usage but for installation (fines can apply to software that is installed but not used);
  • Vendors insist on software licenses for servers and processors that are potentially available to run the programs – even if there is no proven use;
  • Matching Service Levels’ means that customers must pay for all programs owned, even if shelved or not deployed; customers are unable to ‘switch off’ licensing charges for part only of a suite of programs and allied options;
  • There is considerable ambiguity and opacity in out-dated license terms, with many key definitions missing and software vendors pointing customers to (and relying on) a confusing mass of guidance, white papers and policies on the vendor’s website: few customers can understand how the licensing maps to deployment.

An unwelcome increase

Against this backdrop, there has been an increase in software audits. Often innocently described as ‘software license reviews’, these are seemingly initiated to assist the customer with license compliance.

In truth, they are a determined revenue-generation mechanism delivered against customers, who, however dissatisfied with the vendor, cannot, for the time being, go elsewhere.

The audits are regularly issued by the vendors with evidence-gathering usually carried out by major accountancy firms.

In each case, the customer’s account manager is informed but is effectively side-lined whilst the process takes place. And it can often be a long process; an audit can take three to six months, occasionally more, while the auditor closely interrogates all usage or installation of the technology and applications.

At the end of the ordeal, an executable quote is issued with a 30-day demand for payment in order to make the customer’s software licenses fully compliant.

Notoriously, demands for inadvertent under-licensing – accidentally having the software installed in more places than have been licensed – can be excessive. Vendors will often require the customer to pay for new license purchases at list price (or 125% of the list price), as well as backdating costs for support and maintenance and also forcing the customer to cover the audit costs.

The total sums can be crippling and rarely match the value that the customer may have obtained from the uncovered usage. Many companies say ‘Never again’ and determine to move away from that vendor as soon as possible, irrespective of the longevity of the relationship or the utility of that vendor’s alternative cloud offerings.

So why is this practice so obscure?

These vendor claims are rarely litigated, although occasionally details of disputes surface in the High Court or in a company’s financial statements. Usually, the customer will have some anxiety about reputational damage (under-licensing is seen by some as infringement of IP rights). Furthermore, limited concessions offered by the vendor are always wrapped up in confidentiality obligations.

Corporates are therefore often in the dark about whether to fight the claims made by vendors and at what level to settle.

There are ways of confronting these audits. But it is important to note that solicitors’ letters rarely work in isolation. Only a combination of astute technical, legal and commercial arguments can destabilise the vendor’s insistent demands and reduce down claims to an appropriate level.

Customers must treat any invitation to co-operate in a ‘software license review’ as a material risk; the letter is essentially the precursor of what may be a significant damages claim. As such, high quality consultancy and negotiation expertise is needed if an organisation is to effectively protect itself – importantly, this needs to be independent of the vendor (not their platinum partner) and, whenever possible, an organisation should utilise former licensing experts from the particular vendor.

Most CIOs will recognise the jeopardy in any software audit. But this is an issue that must be recognised also by the CFO and the CEO given the risks both to business continuity and to unexpected provisions in the financial statements – the potential damages cannot, and must not, be underestimated.

About the author

Robin Fry is a director of Cerno Professional Services and a highly-experienced software IP lawyer. He is prominent in defending software audits and advising on software licensing issues.