Effective Audit-Response Policies Can Be Vital in Responding to Software Audits
Businesses often have close relationships with software vendors, and that closeness usually is in direct proportion to the extent and importance of those vendors’ software products in the businesses’ network environments. However, despite their best marketing efforts, software vendors’ interests always will remain aligned primarily with their own bottom line, and that often means that information shared with them can and will be used against licensees in future transactions or, worse, in the context of an audit.
When it comes to being audited – despite any historically warm relations with account representatives or other vendor representatives and regardless of whether the vendors refer to the audits with euphemisms like “license verifications” or “software asset management engagements” – companies must understand that their legal and business interests have been threatened, and they should be prepared to respond in kind. That does not necessarily mean that a legal response is required, but legal teams absolutely must be involved in the audit-response process, and the company should be prepared to defend its interests with a comprehensive audit-response plan. Some of the basic elements of such a plan include the following:
- Communications For larger enterprises, legal team members should assume primary responsibility for all communications with vendors and auditors during the course of any vendor-initiated license verifications. There may be cases where it would be appropriate for business teams to remain on point, but, at the very least, all communications with the vendor should be routed through a single point of contact in order to avoid situations where vendors or auditors receive inconsistent communications from the audited company.
- Pre-Audit Agreements Of equal importance is the necessity of confirming the scope and process for the audit in a written, pre-audit agreement with the vendor and any third-party auditors engaged to conduct the audit. It is very common for the scope of an audit to evolve (and typically expand) over the course of an engagement, and such “scope creep” typically only results in higher exposure for the audited business. Pre-audit agreements often include terms addressing the following:
- Geographic and technical scope of audit investigations (to be as limited as possible)
- Litigation forbearance while audit is pending
- Confidentiality and inadmissibility of audit information
- Agreed audit-resolution and post-audit compliance steps
However, the most important thing to keep in mind during an audit is the fact that just because a vendor may have the contractual right to conduct an audit, that does not mean that all of its demands will be consistent with agreed audit terms or that there is no possibility to negotiate more favorable terms in the interest of preserving the relationship. A strong audit-response policy can greatly help a business to maximize opportunities for a more favorable outcome.