Business Software AuditsRoddy Bergeron
The word audit automatically brings up anxiety in almost everyone. While financial audits conducted by the IRS are common knowledge, most companies don’t realize software manufacturers also audit businesses on a regular basis. As daunting as software audits sound, it doesn’t have to be a painful experience. With a little preparation, a software audit is no problem at all.
During the 15 years EDC has been in business, we have never seen as many audits as we have seen in the last 2 years. Microsoft in particular has been very active in auditing their customers, so I will focus on their audits for the remainder of the article. However, it is worth mentioning that all software vendors preform audits. We have run into AutoCAD and QuickBooks audits as well, so this is something that cannot be ignored. Eventually, your company will get audited.
For the purposes of this post, I will assume that everyone makes an effort to legally purchase all of the software they use. Of course this isn’t the case with every business. So if the software in use is obtained through other means, step one is to get legal before you are contacted with an audit request. However, many companies that make an effort to buy their software are often penalized during their audit. The reason that this happens is due to the complexity of keeping up with your software licenses. As staff come and go from an office it is easy to accidentally have more than the allowed number of instances of a particular license in use throughout your network. The penalty can be pretty burdensome, so if you think you are legal, the best thing you can do is audit yourself and verify that you are legal.
Types of Audits
So far we have seen three different types of Microsoft audits of local businesses. They all proceed along the same lines, but can have different repercussions. First I’ll cover the easiest audit. This comes in a friendly worded email from Microsoft asking you to self-audit your software, buy what you are short on, and then report back that you have completed the process. They even provide links to tools to assist in counting all of the software you have on your network. These audits are targeted at small offices. Besides having to purchase licenses unexpectedly, these audits are the easiest to get through. Microsoft’s whole goal is to get you legal without penalty, and when compared to the other audits this is a breeze.
The Microsoft Audit
The second type of audit is also directly from Microsoft, but it is a bit more aggressive. This is geared towards larger companies. In this audit someone with a Microsoft email address contacts you and requests that you provide a list of all software you have utilized in your network. After they have the list, they compare it with what you have purchased through Microsoft Open Licensing. If you are deficient they will ask you to prove you own those license or offer sell you the missing licenses. In this case the auditor is a company contracted by Microsoft to get businesses legal. So it is in the auditor’s interest to find you deficient and have you purchase software from them. They can be pushy, and you have to stand your ground if you know you are legal. To my knowledge they do not penalize you beyond having you purchase a license. Licenses can be obtained from any Microsoft reseller.
The BSA Audit
The last type of audit we have experience with is the worst of the three. This is an audit from the Business Software Alliance (BSA). It begins with a letter from an attorney, sent via tracked carrier, demanding an audit and informing you that any licenses purchased after the receipt of the letter will not be considered. These types of audits generally originate from ads run by the BSA on websites or Facebook looking for employees to be whistle-blowers. They offer cash rewards as incentive. Unfortunately, we have also seen disgruntled former employees submit former employers with made up allegations. This is a big concern because as I mentioned earlier, it is easy to be out of compliance.
Since the BSA audit is directed by an attorney, I would recommend that you secure your own council. We have encountered three companies with experience with this type of audit. Only one company came out unscathed. The other two had several office licenses missing and one had a software package flagged, presumably installed by the disgruntled employee. The company that came out unscathed had done their own internal audit 7 months before, and was aided by some downsizing they had done in the previous months. The penalties for failing this audit are generally 3 times the MSRP of the software installed plus legal fees. Also be aware if the software in violation is a software suite such as Microsoft Office, the penalty could be the MSRP of each individual program (i.e. Word, Excel, Outlook). Your attorney should be able to negotiate down the penalties, which is why I mentioned you should involve your attorney from the beginning.
Protect Your Business Against Software Audits
From our experience with these audits we have developed some policies to minimize the risks:
First, perform your own audit annually. This will minimize any missed software licenses and make it easier to comply with the audits. Microsoft even makes their audit tool publicly available.
Second, during your own audit locate and store all receipts for software purchased in one place. The BSA is only interested in seeing your receipts. It is a lot easier to have these scanned and ready to go than to dig through accounting records going back years. It will also make future self-audits go more quickly. If you cannot find a receipt, see if a vendor will resend a copy.
Third, wipe and reinstall all computers from staff that leave your company. This will protect you from a disgruntled employee leaving illegally installed software on your computer to be found later in an audit.
Fourth, monitor all computer moves for licensing. Most companies will move older computers to staff with fewer needs. Make certain software installed on the computer matches the needs of that staff member. If unneeded/unused software remains installed on a computer, you must have a license for it.
Finally, simply be proactive. Don’t wait for a letter. If your audit comes from the BSA you don’t have any chances to fix your licensing shortfalls without a penalty. If you are far out of compliance and cannot afford a big purchase, simply buy a few licenses each month until you are caught up. Everything you do prior to an audit will save you stress and headache when you inevitably do get audited.