AuditNet Resource List
Audit Programs
AuditNet Virtual Library
AuditNet Newsletter
Ask the Auditor
AuditNet Mailing Lists
Audit Jobs
Travel
Career Links
Partner Discounts
Search
Sign Guestbook
AuditNet Sponsors
Advertising Opportunities
About AuditNet
About Jim Kaplan
AuditNet Seminars
AuditNet Home Page

This article written exclusively for AUDITNET.ORG by: PCProfile Rob Harmer Consulting Services Pty Ltd P.O. Box 196 Modbury North Sth Australia 5092 fax +61 8 8265 1961 email robharm@pcprofile.com web site http://www.pcprofile.com

Software license compliance is an issue that doesn’t get enough focus in most organizations or in the press. The press tends to focus on the guilty party flaunting the announcements of court fines and penalties when in fact the issue needs a wider focus!

 

Software vendors have become fed up with the piracy of software by organizations and individuals and have started to aggressively seek out those who steal their software. If you have been reading the press recently you will have seen many cases of organizations being fined 5 to 6 figure sums as court costs which is conservatively around 1/4^th to 1/5^th of the total costs involved!

To protect yourself and your organization what is needed to START with is, a robust software compliance policy coupled with a management strategy to get the message to the desktop. Organizations can significantly reduce their exposure to software piracy liability if they have a robust and proven software compliance policy which is adopted and enforced throughout the organization!

Despite the growing attention to corporate governance and ethics, many organizations pay little attention to software compliance and consider it to be an inconvenience. That is, until the software police come knocking on the door with a court order in their hand to seek out illegal software. Think it won't happen to you? Check these articles out for more details Anton Pillar raid details and Check Your Post Box and "One in 3" - Software Management Issues.

A key issue that organizations face is that software compliance is not a core business activity. Software Compliance is often seen as more of a burden that consumes money and wastes time that is better spent on other core business activities.

For management, there are some key issues regarding software compliance phrased in the following questions:

• What can software compliance policy achieve for the organization?
• Does having a software compliance policy really make a difference?
• Will a software compliance policy provide protection if the organization is caught with illegal software by anti-piracy organizations?

All organizations need a robust software compliance policy that allows them the freedom to operate legally and responsibly under corporate governance rules. This policy, which should have senior management champion and mandate, should ensure that employees share the penalties the organization may suffer if they are caught by one of the many anti-piracy organizations. Sound harsh? Not really.

Organizations must commit themselves to enforcing their software compliance policy. It is no good if it is a "paper tiger"! The software compliance policy should have rules of conduct for installing and using software outlined for both existing and new employees. It should also detail the penalties that will apply if employees are caught using illegal or unauthorized software. "Unauthorized software" covers freeware, shareware, abandonware, demoware, games and other file downloads that are NOT a part of your core business activity! Illegal software covers software that is NOT covered by authorized purchase order for which there is a valid certificate of authenticity AND proof of purchase records that are verifiable and traceable through your accounting system.

Employment agreements, contracts, and letters should include a clause detailing the organization’s software compliance rules and how they will be enforced. Without a clear and enforced software compliance policy, employees may think they can install whatever software they like on their PCs. If you are lax in your approach to this then you deserve to feel the brunt of the impact that can follow. See Busted - Anti_Piracy news you need to hear! and Getting caught with illegal software will cost you!

While other IT tasks may have a higher priority, software compliance will jump to the forefront if the organization is caught with illegal software. Should that happen, organizations have no option but to defend themselves from a piracy investigation. Many organizations have no idea how to do this and then panic. In many instances, organizations wind up paying large sums of money due to ignorance of their rights, copyright laws and the full extent of the unauthorized software installed (e.g.; piracy as well as shareware, freeware. spyware) involved in their organization. For that reason, organization's need effective risk-mitigation strategies to minimize the cost of any investigation by police, vendors, or anti-piracy organizations.

Having a software compliance policy is an EFFECTIVE start to the risk mitigation process for your organization!

Software piracy is a people-based problem, so software compliance must combine technology with a management mandate and attention.

Management must change end-user attitudes about the use of illegal and unauthorized software and manage compliance by keeping it focused on the end-user level and holding users accountable.

Moreover, software compliance management should be done in a way that allows the organization and its employees to quickly get on with its core business activities.

Having a robust Software Compliance Policy backed by management mandate can make a difference!

Key Software Compliance Management Tips for Auditors

For effective Software Compliance Management, keep the following tips in mind:

• Make sure there is a Software Compliance Policy in view at each desktop, on the Intranet, and on the Noticeboard. Add reminders in newsletters from time to time!
• Build software compliance polices into user employment agreements
• Make local management accountable
• Make end users responsible for compliance
• Reinforce desktop compliance policies to limit and minimize software downloading.
• Stamp out the usage of unauthorized/illegal software.
• Send a clear message to desktop users about your software compliance policies and the penalties for violating them.

and finally,

WHEN (Note; not IF, BUT WHEN) you find out you have illegal software installed;

• If they have been caught using unauthorized software, ensure staff who are identified as the offenders are given appropriate warnings and/or dismissal if they are known repeat offenders

• Don’t be frightened to pass on legal costs to clearly identified culprits if the anti-piracy police lay charges and are successful. Share the costs across all offenders!

Ways to detect illegal software copies can be identified at; http://www.pcprofile.com/software_piracy.htm

http://www.pcprofile.com/frequently_asked_questions.htm

and Software Copyright & You

16 Steps to Software Compliance

The bottom line answer is a resounding NO or more accurately, only partly, but it will still cost you significant amounts of fines unless you take additional steps!

COMING NEXT MONTH Key Software Compliance AUDIT Tips for Auditors

This article written exclusively for AUDITNET.ORG by: PCProfile and published in December 2002 by Rob Harmer Consulting Services Pty Ltd P.O. Box 196 Modbury North Sth Australia 5092 fax +61 8 8265 1961

PC Profile is Australia's ONLY anti-piracy (self-help / non-policing) advisory service and solutions provider based in Adelaide, Sth Australia email: robharm@pcprofile.com http://www.pcprofile.com

This article and contents is Copyright © 2002-2003 Rob Harmer Consulting Services Pty Ltd