Jim Kaplan's
audnet.gif (4937 bytes)

AuditNet Resource List
Audit Programs
 AuditNet Virtual Library
AuditNet Newsletter
Ask the Auditor
AuditNet Mailing Lists
Audit Jobs
Travel
Career Links
Partner Discounts
Search
Sign Guestbook
AuditNet Sponsors
Advertising Opportunities
About AuditNet
About Jim Kaplan
AuditNet Seminars

Software Compliance Auditing 

This article written exclusively for AUDITNET.ORG by: PCProfile Rob Harmer Consulting Services Pty Ltd P.O. Box 196 Modbury North Sth Australia 5092 fax +61 8 8265 1961
email robharm@pcprofile.com web site http://www.pcprofile.com

Software Compliance Auditing for many businesses and organizations is often so low down the priority chain (despite the knowledge of the impact of the Anti-Piracy Police agencies [BSA,SIIA,CAST, FAST, BSAA etc]  that the software audit and compliance is continually put off,  thus increasing the risk to senior management and stakeholders. As an auditor you should have concerns about corporate governance issues when you read the following;

Consider the following scenario..............

Holiday time is well past, staff are back from leave, and its time to do a few of the odd-jobs that never get done during the course of a busy year. Buried deep in your in-tray somewhere, is some details on conducting software compliance audits, but you’ll "get around to that later" as there’s a pile of other things to do like evaluate Windows XP/Windows 2000, Linux etc, fix the fileserver which is going slower and slower and clear up some virus infected PC’s that have been bothering you all year, as well as tidy-up all the configuration problems that have occurred as people have installed software on their own systems that has wrecked some of your set-up files! You've just been hit with the BugBear virus and are still trying to recover. What a task! 

Suddenly your phone rings, and it is the company secretary (or manager) and the conversation goes something like this; "Bill (or Mary), we have the software solicitors at the front door with an Anton Piller order which says that they have the right to search our premises NOW and to seize any details on illegal software that they claim is installed and being used by us." "What do you know about this court order, and more importantly didn’t we agree some time ago that regular software audits and compliance were to be company policy?". "Please come down immediately to my office, to see if you can get them off our premises so that we can check out our systems first!"

---------------oooo00000oooo---------------

Nice try, Mr Company Secretary, (or Manager) the notion that you can get rid of these guys at the front desk,  doesn’t work that way in real life!

Using Illegal Software is a BIG RISK - you know this already,

BUT DID YOU KNOW THAT ....................?

If a software vendor eg; Microsoft, Autocad, Oracle, Novell etc has reasonable grounds for believing that illegal software, (which also can include sounds, films, videos, games, images, fonts) being used on your systems and that evidence may be destroyed if notice is given, then the software vendor may apply to a Court of Law for an Anton Pillar Order.

In simple terms, an Anton Pillar Order is a legally binding order issued by Court which requires persons in charge of the premises (irrespective of whether they are a government agency, company or private residence) to allow the Vendor and it's representatives to enter the organization's property for the purpose of searching for and seizing illegal copies of software, (including sounds, films, videos, games, images, fonts) PLUS manuals, disks, media, computers, CD/DVD burners, hard disks, backup tapes, floppy disks etc which indicate that software (or other intellectual property) theft has occurred. 

In the case of sites where resellers are involved this may also include databases of sales, e-mail and Internet downloads, where the reseller or premises owner knowingly (or un-knowingly) sold illegal software to third parties. This reseller "practice" is often described as "backup versions" to try and shift the issue or responsibility to the buyer rather than the seller.  If you have purchased software from these resellers then you are on the TARGET list of contacts to chase up with a raid at some stage to investigate your systems as both parties can be investigated for illegal software, one for selling and one for buying or obtaining.

For obvious reasons NO NOTICE is given in advance regarding when the Vendor' representatives and solicitors will arrive at the premises for the purposes of carrying out the search and seizure.

All material seized on the search is used as evidence in the proceedings for the infringement of copyright.

What is an ANTON PILLAR ORDER?

As a general guidance; 

An Anton Pillar Order is an order allowing for an applicant (without notice to a respondent) to enter the respondent's premises and inspect or seize documents or other items.

The issuance of an Anton Pillar Order has been deemed necessary by a Court of Law to demonstrate through substantial evidence that this legally binding order is both vital and necessary to preserve evidence. 

An Anton Pillar order can include the following conditions such as:-

    • a requirement that the respondent disclose the whereabouts of specified documents
    • an inventory of seized items to be prepared and that the defendant have an opportunity to check it and sign it before documents are removed
    • an order not to use documents or items seized for any purpose other than for the purpose under which the order was originally granted
    • an offer of explanation to the persons served with the order in plain language as to the meaning and effect of the order and the person's right to obtain legal advice before compliance with it.

When issued, the Anton Pillar order is often seen as an effective and very public remedy used by Software Vendors when they are attempting to stop illegal software use (termed Software Piracy) and Copyright Infringement to achieve or effect recovery of property

OK, What are your rights?

The following information lists some of the rights of an organization against whom an Anton Pillar Order has been obtained.

  • Seek Legal Advice 

The organization is usually given the right under the Terms of the Order to obtain legal advice before the vendors solicitors commence searching the premises. BUT the time-frame is LIMITED.

  • How long can you delay the execution of an Anton Pillar Order?

When served with an Anton Pillar order, you have between 1 and 2 hours to seek legal advice from your solicitors who should be present whilst the Vendor’s solicitors search your premises to "search, seize and remove illegal copies of software, discs, manuals and other documents and evidence" which indicate that software theft has occurred. 

  • Who should be present during the execution of an Anton Pillar Order?

It is always advisable for the organization's solicitors to be present while the Order is being executed in order to ensure that the terms of the Order are strictly complied with and the Vendor's solicitors do not search or seize material not permitted by the Order.

  • Can an Anton Pillar Order be discharged?

The organization has the right to apply to the Court for the Order to be discharged BUT only under specific conditions. It is extremely rare in practice for an application to be made to discharge the Order before it is executed. The very nature of an Anton Pillar order is one of "surprise and discovery".

An Anton Pillar Order can be discharged in the following circumstances

a; if there was something fundamentally wrong with the Order which has been obtained eg; the Vendor had targeted the wrong organization

b; or the Vendor had failed to disclose to the Court important information which might have affected the Court's decision whether or not to grant the Order in the first place.

Lastly,

WHY BOTHER ABOUT PROOF OF PURCHASE?

One of the most painful aspects of all is the requirement after the order is served, usually within 14 days, to provide documentary evidence to the court, which PROVES that you own the software that is the subject of the court order (and may extend to PROVING that ALL software is legally acquired), by showing software compliance registers (an inventory approach), license numbers, discs and manuals, AND originals of all invoices from the SUPPLIERS of the software that you own!

Imagine what you need to do to backtrack and reconstruct accounting records etc to PROVE and this INCLUDES copies of invoices etc that you have paid "fair market value" (ie; legally acquired licenses) for what you have installed

SOFTWARE AUDITS ARE NOT YOUR CORE BUSINESS ACTIVITY! 

Software Compliance Audits for many businesses and organizations are so low down the priority chain (despite the knowledge of the impact of the Anti-Piracy Police agencies [BSA,SIIA,CAST, FAST, BSAA etc]  that the software audit is continually put off,  thus increasing the risk to senior management and stakeholders.

The MOST significant issue (and the most common reason for the low priority activity) is that software compliance is NOT the core business activity of the entity and the money spent (as an overhead cost) on traditional auditing techniques is ALMOST TOTALLY WASTED.

This is no way to run your business entity, when the money could be far better spent on core business activities such as customer service, marketing, product development etc!

"To combat and overcome both illegal and unauthorized software in organizations you need much more than a technology based solution to what is really a PEOPLE based problem!"

TAKE SOFTWARE COMPLIANCE SERIOUSLY!

FORCE a SEA-CHANGE in end-user attitudes by managing Software Compliance by keeping the level of effort FOCUSED at the end-user level and this will lower the cost of ownership.

Having a Software Asset Control system in place enables both you and your staff can get on with your CORE business activity - which we know is NOT conducting software compliance audits!

Manage software compliance by keeping the level of effort down will lower the cost of ownership and reduces risk! TAKE CONTROL today by visiting http://www.pcprofile.com

Article written exclusively for AUDITNET.ORG by: Rob Harmer Consulting Services Pty Ltd   P.O. Box 196 Modbury North Sth Australia 5092 fax +61 8 8265 1961 email robharm@pcprofile.com http://www.pcprofile.com

Copyright © AuditNet.org.  

Copyright and Disclaimer

All rights reserved. No part of this Website may be reproduced in any form, by copying from the Internet, photostat, microfilm, xerography, or any other means, or incorporated into any information retrieval system, electronic or mechanical, without the written permission of the copyright owner.

Send comments to: editor@auditnet.org



Revised: January 14, 2008

Address of this Page is http://www.auditnet.org/