Software auditing is not a dirty word

commentary Software licensing and auditing continues to be a thorny issue for companies. But the results of staying compliant is worth the effort, says Deloitte & Touche's Jimmy Wu.
Written by Jimmy Wu, Contributor
For a variety of factors, many companies inadvertently use unlicensed or unauthorised software. This can be a result of negligent software procurement practices, employees misusing company software for personal entertainment or gain, or users simply not understanding how licensing agreements work.
Ethical issues aside, it is important, as an IT manager, to realise that using unlicensed software or improper licensing has ramifications beyond paying less. This is especially true today, as governments take a harder stance on inadequate licensing and software piracy.
To ensure you don’t get caught in the crossfire, it is important to understand some basics, like who owns your software. While you may think, “Since I paid for it, I own it”, that is actually not the case. Unlike other things purchased, software applications and fonts do not belong to the buyer. Instead, they are a licensed user—companies and individuals purchase the rights to use the software on a designated number of computers, but can’t put copies on other machines or pass that software along to colleagues.
While companies don’t normally set out to infringe copyright laws, unlawful software usage could spin out of control without proper management policies and procedures in place.
This is why it is imperative that companies perform regular software audits on all personal computers within their organisations. Software asset management should be a standard element of any organisation's asset tracking process and is especially necessary considering the Internet has made it easier for software to be easily accessed and downloaded.
In Singapore, there is now further motivation for businesses to ensure they are doing their utmost to eliminate improper licensing and the use of unauthorised software. Early last year, Singapore and the US signed a landmark trade agreement, known as the United States Singapore Free Trade Agreement (USSFTA). In it are provisions that call for stronger anti-piracy laws and intellectual property rights protection.
Along with the USSFTA’s goal to strengthen Singapore’s position as a regional IP hub and further enhance the attractive intellectual property environment for businesses to grow and locate here, harsher intellectual property enforcement will be put into place from early next year. This means that companies need to seriously consider their policies and procedures to address and mitigate the risks of infringement and penalties.
While the Intellectual Property Right Regulation (IPRR) sets the legal framework for software licenses, that framework tends to be very general. Various software license agreements detail the comprehensive rules in relation to software grants, with some license agreements mirroring the IPRR; for example the number of copies of a particular software programme that are allowed. However, what happens more often is that the license agreements will grant additional rights to the user, i.e. additional copies will be allowed under certain preset conditions.
It is therefore important for a company’s management to have an overview of the new legal framework, what its software obligations will be, what might be lurking in their network without their knowledge and how they can find out if they are compliant and prevent their company from paying a penalty.
Software audits are not only about protecting a company from paying penalties for copyright infringement, they also provide companies with additional information to help them better manage software costs and employee productivity. Software audits make it easier to spot out of date licenses and standardize all computers to have the most recent versions. They also make it easier for companies to consider purchasing volume-licensing programs and simultaneously lower costs and improve employee productivity if they discover a new type of software that has become more popular throughout their organization.
Consolidating software purchasing and record keeping also help IT managers get good prices for their volume orders. Consolidated software purchases also make it easier to track the status of software spending against budget allocation, in turn helping companies better plan their expenses.
Legal impact
I feel that the biggest reason to why companies should perform software audits is the assurance of knowing they are protecting their company from the legal fees, financial penalties, and bad press that tend to accompany piracy infractions.
The good news is that software audits can be relatively easy and hassle free to undertake. While several organizations offer this service, the process is usually the same – auditors work with an organization to review information on IT assets and purchases, reconcile the results and make recommendations moving forward. By identifying software-licensing discrepancies and mapping out a clear path ahead for efficient software asset management, companies are able to maintain compliance with minimal hassle.
“Audit” is often viewed as a dirty word. But it doesn’t have to be, especially when it means ensuring your IT infrastructure is efficient, cost-effective and compliant.
Jimmy Wu is the senior manager, enterprise risk services, Deloitte & Touche.
Editorial standards