Don't fear a software licensing audit

For large companies running complex IT systems, it’s only a matter of time before you go through a software licence audit by a “large multinational software provider” (from here on, LMSP). It usually starts with a rather innocuous letter, then transitions to allegations of “over-deployment” coupled with a multi-million dollar claim (together with interest and back-maintenance charges) and can end with a payment of a not insignificant sum in settlement.

It’s important to note that such audits are part of the regular business of LMSPs. And as an LMSP’s main business is to continue to sell software licences, and not to drive a licensee off its products and onto a competitor’s, if you manage the process well, LMSPs are generally willing to reach a pragmatic and commercial outcome.

Therefore, what began as a multi-million dollar claim based on allegations of over-deployment, can often result in a fraction of the original claimed amount being “paid” by the licensee (sometimes not much more than 5% of the original amount claimed). Even better, such payments are often for new software programmes that the licensee will then benefit from in the future.

How do companies get themselves into this predicament?

Many major New Zealand companies have complex IT infrastructure, containing many legacy systems interwoven with shiny new systems. Those companies have often used the LMSP’s software programs extensively over many years.

LMSPs (usually US based companies) often have particularly complex sets of licensing terms, which are very one-sided in their favour. Further, the way LMSPs allow their software to be deployed makes it easy for them to allege that a licensee has exceeded its licence entitlements.

Over time, and without careful monitoring of software deployment within a company, an allegation of over-deployment becomes easier to make. An audit run by the LMSP may well, at least on the LMSP’s view of the legal position, show a significant gap between deployed software programs and the licensee’s actual entitlement.

Often the first you will know of alleged over-deployment at your company is when an LMSP sends a letter requesting payment of an eyewatering amount – with payment due within 30 days of the date of the letter!

What if the company is underlicensed?

In some cases, companies may genuinely be underlicensed, and you will need to make that right. However, in many cases it won’t be that clear cut, and it will depend on a careful analysis of the contractual terms applicable to the software deployment, and how they are to be interpreted.

In addition, the LMSP may have made errors in conducting its audit, including incorrect assumptions of use and it may not have taken into account available migration paths of existing (but unused) licences. It may also be that the LMSP was involved in advising the licensee on what it should buy to meet its needs (and is therefore complicit in the over-deployment or underlicensing).

So what should I do?

Follow these helpful tips:

LMSPs will probably have a contractual right to audit your business (usually on around 30-45 days’ notice). But rather than accede to their request, you should seek the ability to run a self-audit first and provide the output of that audit to the LMSP. This will allow you to assess your own performance against the licence terms, and potentially resolve issues before the matter develops into a full LMSP audit.

If you do get a notice of audit:

  • Hold the LMSP to the contractually agreed process. What does the contract say about the person conducting the audit and the notice period for it? Can it be anyone or must it be an agreed independent auditor?
  • Control the communications lines into your business. Technical teams love to assist other technical teams and have been known to “agree” with positions taken by LMSPs. This “agreement” may not be right, may not reflect the underlying legal position, and may adversely impact your negotiating position. Make sure a senior commercial manager is the sole entry point into your business for the LMSP.
  • Control the LMSP’s access to your senior management. LMSPs are adept at causing fear, uncertainty and doubt within senior management ranks. The numbers being claimed are often frightening. The senior commercial manager appointed to deal with the matter should require the LMSP to communicate only with him or her and make sure senior management divert all communications on the subject to them.
  • Remember, you hold the money and the LMSP wants it. The legal position is often not as clear cut as the LMSP alleges, and the LMSP will not be keen on airing its software licensing issues in open court any more than you are. Ensure your legal position, and the risks to the LMSP as a result, are clearly articulated to the LMSP – their position is usually not as strong as they might think. And don’t pay a cent until you are comfortable that the position is fully resolved in a binding settlement agreement.
  • Make sure your leverage points are real and immediate. Look at what you can leverage today. An LMSP’s software sales arm generally won’t care about losses to the service arms of their business, so leveraging one for the other generally won’t work. Equally, sales teams don’t generally care about downstream sales (ie, one to two years in the future) – their targets are based on current financial years. That said, if you are a big buyer of software programs, it certainly won’t harm you to put the LMSP on notice that any future purchases of the LMSP’s licences are at risk, and not just with the actual licensee, but also with the licensee’s affiliates.
  • Make sure you get your usual discounts. If you look to buy a new software program (as part of any settlement), ensure that you are getting your usual discounts and not paying “rack rates”.
  • Make sure any settlement is accompanied by an agreement on your current licensing position. It’s easy to jump to a settlement and then move back to your day job, only to find that in two years’ time you are arguing the same points all over again. Make sure you establish a clear and, if appropriate, “bespoke” licensing arrangement, and that your licence count and licence use is compliant, so that any future audit starts at that agreed position.
  • Ensure a regular review of actual usage against licensed rights. Ensure your database administrators get “pop ups alerts” to check they are sufficiently licensed before downloading new programs, and run self audits from time to time to check processes are being followed.
  • Get appropriate advice. Getting the best legal advice can significantly reduce the impact that LMSP audits have on your company. If you’re unsure, consult an advisor before agreeing to any claims by an LMSP.

If you would like any assistance with a software licensing audit, please contact me.

Article originally published in the National Business Review, 10 October 2014

Who can help