SIIA Audit Timeline

One of the top ten questions asked by my clients is “How long does the SIIA self-audit process take from start to finish?” Of course I give the standard lawyer answer: it depends. Here are the steps to a typical SIIA audit.

Preparation of Audit Materials (3 to 6 months)

A SIIA audit is a request, under threat of litigation, to compile a listing of all SIIA member software products installed on the audited entity’s computer network as of the Audit Effective Date. The Audit Effective Date is the date on the SIIA initial letter requesting an audit. The first step in preparing this information is conducting an automated inventory of the software products installed on all computers owned or leased by the target company. Once an accurate inventory of the SIIA member software products is completed, the next step is to reconcile the software inventory information with proofs of purchase dated prior to the audit effective date. While there are various ways to prove ownership of a software license, typically an invoice is considered the best evidence of ownership in a SIIA audit. In the typical case, the inventory and reconciliation process takes three to six months.

Secure a Confidentiality and Federal Rule of Evidence 408 Agreement (1 week)

With very limited exceptions, we advise the targets of SIIA audits to cooperate with the self-audit process but to do so in a way that does not compromise their position in the event that an out of court settlement is not possible. We do not disclose any information to the SIIA until it signs an agreement regarding the confidentiality of the information disclosed and specifically limiting the SIIA’s ability to introduce the information as evidence in court. In the typical case, the SIIA will sign our standard agreement within one week.

SIIA Analyzes Self-Audit Materials and Makes a Settlement Demand (3 to 6 months)

After the self-audit materials are submitted by the target of a SIIA audit, the Software & Information Industry Association typically takes three to six months to respond. The SIIA’s response provides its interpretation of the self-audit materials and applies a formula for its initial settlement proposal. The SIIA’s formula for calculating fines is generally three times the unbundled full retail price of the software products installed on the target’s computers plus $3,500 for SIIA’s attorney’s fees. In many instances, the SIIA’s settlement proposal is substantially more than the target may have expected due to differences of opinion regarding what constitutes valid proof of ownership. In our experience, the SIIA usually takes three to six months to make substantive response following the submission of the self-audit materials.

Negotiation of Monetary and Non-Monetary Terms of Settlement (6 to 24 months)

After the SIIA makes its initial settlement demand, there are various monetary and non-monetary terms that need to be negotiated. The obvious material term in every SIIA audit negotiation is the amount of any monetary amount to be paid to the SIIA for alleged past infringement. The most significant non-monetary issue is whether the SIIA will agree to a confidentiality provision. Such provisions require the SIIA to keep the existence and details of the audit confidential and preclude the SIIA from issuing a press release. Other non-monetary provisions include future obligations such as certifications of compliance, adoption of a software code of ethics, and production of additional proofs of purchase to the SIIA for purchases made after the audit effective date. The length of the negotiation process differs from case to case but generally lasts between six months and two years.

Scott & Scott, LLP is not affiliated in any way with the SIIA.