Be Wary of All Factors Affecting Potential Exposure in Software Audits
Most businesses that try to plan for software audits and to estimate the potential exposure they could incur in the event of those audits know that the primary cost components of that exposure typically are the prices associated with any licenses they may have failed to acquire. For example, if a company determines it has ten installations of Adobe Acrobat Professional for which it does not own licenses, then the exposure associated with those installations may be estimated as the price of ten licenses for Adobe Acrobat Professional.
However, what price is the correct price to use in performing those calculations? Most publishers by default either will give themselves wide discretion to determine the amounts required to resolve an audit (e.g., IBM) or will specify in their agreements that the prices to be used are full retail (e.g., historically, Microsoft). However, in some newer agreements, we have seen publishers reference either marked-up negotiated prices (e.g., newer Microsoft agreements) or the actual rates at which licensees have purchased licenses. Given that level of variability, we typically use MSRP as the starting point for exposure analyses that we prepare for our clients. If the agreements specific to a particular vendor’s products indicate that a different pricing level should be used, then we can make those adjustments as needed.
In addition, some publishers do not stop at license pricing in calculating settlement demands following audits. For instance, publishers’ positions with respect to retroactive maintenance typically vary widely. Some will use it if it is consistent with the licensing framework underlying a settlement demand (e.g., Microsoft may use the Self-Hosted Applications benefit of Software Assurance in connection with deployments found to be used for commercial hosting purposes). Other publishers require maintenance to some extent if support services have been accessed during the audit period (Attachmate and Adobe are good examples). There also are publishers that may not charge retroactive maintenance, but that will require maintenance to be purchased in connection with any licenses needed to resolve an audit (such as Autodesk).
A reliable, default starting point for exposure estimates in most cases will be full retail with no additional charges at the outset, provided a company’s SAM team understands there is a possibility that additional charges could be assessed by the auditors. However, it is always a good idea to review the applicable licensing agreements and policies to determine whether there is a likelihood that back maintenance or other, additional charges (like back interest, in the case of Attachmate) will contribute your audit exposure.