Software vendors are becoming more proactive in auditing their customers’ use of their products. Software audits can take several forms, but primarily, a software vendor will request a customer to self-audit and report on its software usage, which is known as a self-audit or a trust-review. If the customer refuses to conduct the self-audit, the software vendor will likely require that the customer avail themselves for a complete and extensive audit of the software usage. However, this could attract commercial risks and may lead to massive cost and financial implications for the customer if the software audit finds that the usage exceeds its software licence.

In this article, we propose the best approach to avoid a costly audit process and licencing penalties is to adopt a proactive and continuous self-audit review. Through a proactive approach, customers can ensure that they have taken steps to ensure that their software usage is in accordance with their software licence and that they are not surprised by a costly audit penalty.

If a software audit finds that a company has breached the scope of its software licence, the software vendor may impose a financial penalty. This penalty often requires the company to purchase licences for each unlicensed user, with these licences typically carrying a higher fee than the original licensing fee. However, as licence fees frequently increase, it could lead to a company being liable to pay a hefty penalty, especially if the company has become dependent upon the software.

The core issue is that companies are often unaware that they have breached their software licences or that they have increased the software’s use beyond what is licenced. This is especially prevalent where companies use a freeware version (where the licenced rights are extremely limited) but deploy the software internally or use the software to generate revenue.

The types of rights and authorised use of the software will vary depending on the type of a licence contract granted to the company. In order to mitigate the risk of having to pay audit fines, companies must investigate and understand the scope of their software licence to ensure that they do not contravene the software licence through overuse or non-licensed use.

Before implementing software internally, an organisation must ensure that it has a comprehensive understanding of its licensed usage. For example, a company may be permitted to use the software internally but may not necessarily be permitted to commercialise or on-sell such software. Furthermore, a company must ensure that it understands the user restrictions, such as how many machines/instances it is permitted to install the software on or how many users may be granted access. At this point, licensing rights violations typically come to light as a company acquires software for its internal use but tends to extend its usage far beyond the scope permitted by the software licence. In this situation, a company will likely face an audit request from the software vendor, which may result in cost implications depending on how integral the software is to the company operations. In addition to hefty penalties, if a software audit finding of non-compliance is publicised, it can adversely impact the public’s perception of the company and may tarnish its reputation.

Our recommendation is a proactive and continuous self-audit review process, which will allow companies to save costs and possibly reduce hefty penalties through following activities: