When an Audit is Not an Audit, Think Twice About Participating
In the software licensing world, all audits are not created equal.
On one hand are the “true,” contractual audits. Here, the applicable license agreement gives the software publisher the right, usually upon notice and sometimes limited in frequency or scope, to demand access to the systems where its products are installed or a report of data demonstrating usage of those products. In many cases, a third party, like Deloitte or KPMG, is hired to review and validate the raw data. At the end, the audited business typically is required to purchase licenses to cover any unlicensed usage discovered as a result of the exercise. Penalties may be required as well. If the publisher does not also offer a release of past liability, the audited business should demand it before paying anything.
On the other hand are the audit wannabes. These are licensing reviews with a more overt sales orientation than the compliance orientation of the average contractual audit (though the realist will understand the core purpose of all audits as being revenue generation). Publishers may present them as “opportunities” to confirm current license positions and to “explore” options for maximizing prospective licensing expenditures. Microsoft’s Software Asset Management (“SAM”) engagement is probably the most well-known example, but it certainly is not the only one.
The most important thing to remember about these “sales audits” are that they are in almost all cases entirely optional. Our standard advice to most clients is to avoid them altogether. There is usually very little – if anything – that can be gained by providing information regarding current software usage to the publisher of that software, when a review by internal staff or a hired consultant (with the company’s best interests in mind) can arrive at precisely the same result. In many cases, the sales team may have no authority to provide any release of liability arising from past discrepancies, leaving the company open to legal exposure associated with that usage. Moreover, you can trust that anything a licensee tells a licensor about its deployments can and will be used against the licensee in the future when the time comes for a real audit. Information represents leverage. The more you give to the publishers, the less you typically have to drive contract negotiations toward more optimal results in the future.
That said, there may be some risks in not playing along with optional license reviews. In theory, the less cooperation a publisher’s sales team receives from a licensee, the more the compliance team may be inclined to initiate a review. However, some of our clients have participated in and concluded sales audits only to be contacted by compliance teams not even a year later to initiate contractual reviews. In addition, in some cases a license agreement may require sales audits – for example, Microsoft’s newer form Enterprise Agreements give it the right to validate true-up orders submitted during the term of EAs. These are not really contractual audits under the Master Business and Services Agreement, though they have the potential to be even more onerous, since the form EA does not really define their scope with any detail. (We often advise our clients to demand the removal of those provisions when negotiating new EAs.)
The take-away lesson here is to carefully analyze all requests from software publishers to participate in licensing reviews. If the review was proposed orally, demand that it be communicated in writing. If that writing does not cite to the audit-rights language in an applicable license agreement, think twice before moving forward with the review.