AuditNet® Audit-library::Auditnet-software-compliance-and-auditing
from Jim Kaplan, Certified Software Manager
The Internet and computer technology have spawned a whole new generation of audit-related issues. Before organizations began investing in computer technology, intellectual property and copyright were not significant areas of concern for auditors. But now, because of the legal liability and potential "bad press" that can result from software copyright violations, auditing for compliance with software-license agreements is a critical part of audit plans. Corporate Governance issues and aiming for compliance with ISO17799 and ISO 27001 also means that auditors need to be MORE vigilant in software compliance and licensing issues. Having unauthorized copies of software loaded on your computers is not only foolish but it is also risky business. This page is developed to provide a central resource for auditors and software managers to make sure they have information needed to control software piracy and minimize the risk of lawsuits and adverse publicity towards their organization.
Software Piracy is far more widespread than the industry "statistics" will tell you. In many cases most don't believe the numbers that regularly pop up in "industry surveys". You can ignore the issues or you can be proactive and do some simple things to ease your pain and reduce your risk. Not sure whether you are affected, then read the key feature articles at this site!
Failure to take heed of the issues surrounding software piracy can bring about a significant set of legal costs and penalties. A good example of the scale of penalty costs that can be worn if you are caught with illegal software can be located at Don't let Anton In! which deals with the issues faced with anti-piracy "police" raids at your front doorstep! This page also sets out the penalties that apply. As these keep changing (increasing) then keep an eye on your local jurisdiction for updates on the changes.
Audit Software VENDORS and consultants
PC Profile provides PC and desktop coverage for issues related to PC usage and software management. The site has links to significant amounts of pragmatic advice and practical steps to aid auditors in overcoming the issues faced. They also provide software tools, articles and much more. The audit software covers servers, desktops, notebooks and also can be used via servers, floppy disk and via e-mail. One of the key issues many overlook relates to establishing Proof Of Purchase in cases of mounting a defense see how you can establish "Proof Of Purchase" Records
NEWS >>> Microsoft has started a program recently in UK that has wide reaching implications for smaller and medium sized organizations, that auditors need to be aware of to minimize risk. More details can be seen here
- Name and Shame a list of organizations that have paid the price for not being vigilant with software audits
- PSSSST do you want some free software? This is the conversation you need to stamp out in your office!
- Vista will also present some unexpected challenges at some sites and so will the Update Now feature
Software Policy Warning Message is a simple way of getting the message to the desktop!
Frequently Asked Audit Questions some typical questions auditors wish to know about software licensing
KeyAudit is a free Software Audit Tool that determines the status of Software License Compliance. Downloads available for Windows and Mac.
Key Server License Management Web site provides software license management solutions for organizations. Site includes articles about software licensing, product information and a free software audit tool that determines the status of Software License Compliance
Articles on Anti-Piracy Software Compliance Auditing
AuditNet® Exclusives:
Using Illegal Software is a BIG RISK
- you know this already, BUT DID YOU KNOW THAT ....................?
If a software vendor eg; Microsoft, Autocad, Oracle, Novell etc has
reasonable grounds for believing that illegal software, (which also
can include sounds, films, videos, games, images, fonts) being used
on your systems and that evidence may be destroyed if notice is
given, then the software vendor may apply to a Court of Law for an
Anton Pillar Order. Click
here for the rest of the story!
If you been fighting a losing battle about having a budget for audit software tools and need to convince management, accountants and directors, then you need to read this article and make a comparison between what "could have been avoided" versus what needed to be budgeted. It might just tip the scales in your favor as you strive to achieve software compliance using software audit tools.
See No Budget for Audit Software
One of the hardest tasks to manage in the computing department for any organization is licenses for software. Understanding that the software that you have installed is ONLY covered by a "license to use" is a hard concept to grasp. This article covers licenses issues for Windows based desktop and> server based platforms. http://www.auditnet.org/articles/softwarelicenses.htm
File Sharing is a new risk that may have allowed software and files to be slipped Under Your Nose!
Have You Been Napstered? focuses on issues created by the Napster wave and still lingers on with "wannabe" startups after Napster was closed down!
License Compliance and Audit Articles from PCProfile
- Who Is Responsible? examines the key culprit in terms of why we have piracy
- Who Else Is Responsible? this article then looks at how this has spread to other sectors
- Get Your Reward Here - auditors need to be on the look out for the risks faced by this key issue.
- Grand Theft Software USA "ups the ante" on rewards and brings business to account
- Risky Business provides access to an Excel template for a small fee that will calculate the scale of costs you can be up for and need to AVOID if caught with illegal software!
- Ways to detect illegal copies can be identified here.
- Frequently Asked Questions About Software Compliance
- It's time to RAZE The Jolly Roger ....and declare war on software pirates!
- A New OUTLOOK on PC Software Compliance Auditing
- Check Your Post Box
- Busted - Anti_Piracy news you need to hear!
- Your PC Isn't a Patch on what it used to be!
- Getting caught with illegal software will cost you!
- Will your PC survive the Year 2000 bug if you have illegal software?
- Microsoft Aust offers $AUD 5,000 reward for "dob-in-a-pirate"!
- Software Copyright & You
- 16 Steps to Software Compliance
- Accountants
- No Frills No Fuss Software Compliance Policy
- CD Writer increases risk of illegal software
THE PENALTIES THAT APPLY ARE:
In USA from http://www.bsa.org/usa/
Piracy and the Law
Many businesses, both large and small, face serious legal risks because of software piracy. Under the law, a company can be held liable for its employees' actions. If an employee is installing unauthorized software copies on company computers or acquiring illegal software through the Internet, the company can be sued for copyright infringement. This is true even if the company's management was unaware of the employee's actions.
If the copyright owner brings a civil action against you, the owner can seek to stop you from using its software immediately and can also request monetary damages. The copyright owner may then choose between actual damages, which includes the amount it has lost because of your infringement as well as any profits attributable to the infringement, and statutory damages, which can be as much as $US150,000 for each program copied. In addition, the government can criminally prosecute you for copyright infringement.
If convicted, you can be fined up to $US 250,000, or sentenced to jail for up to five years, or both.
In Canada from here.
What Are the Penalties for
Pirating Software?
Software theft is a serious crime. If you or your company is caught with
illegal software, you may be fined and prosecuted to the full extent of
the law. In fact, you may be liable under both civil and criminal law.
If the copyright owner brings a civil action against you, the owner can seek to stop you from using its software immediately and can also request monetary damages and an accounting of profits derived from the copyright infringement. The copyright owner may then choose between actual damages, which includes the amount it has lost because of your infringement, and statutory damages, which can be as much as $20,000* for each individual program copied. In addition, the government can criminally prosecute you for copyright infringement. If convicted, you can be fined up to $1 million, or sentenced to jail for up to five years, or both.
In UK from here
What are the Penalties?
In criminal courts:
potentially, imprisonment for up to ten years, substantial late fees, and/or confiscation of assets.
In the civil courts:
-
injunctions to stop any further use of the software and to delete or hand over illegal copies (punishable with imprisonment if breached) ;
-
payment of damages or the profits made from illegal use or distribution to compensate the copyright holder;
-
payment of the costs of the case (which can be substantial)
Courts can grant orders to enter and search premises, and to seize illegal copies and the computers on which they are loaded.
Audit Programs, MANUALS, & gUIDES
- Software license compliance audit program
- Audit Program for Operation Unit Compliance from Stanford Internal Audit
Sample Guidelines from other audit organizations
- University of North Texas: Guidelines for software licensing compliance
Other Articles
- Whose Software Is It Anyway?
Industry Associations
- Business Software Alliance (BSA USA)
- Business Software Association of Australia (BSAA AUS)
- Software Information Industry Association (SIIA USA)
- Federation Against Software Theft (FAST UK)
- Canadian Alliance Against Software Theft (CAAST CAN)
and for Other major Countries;
- In Ireland see http://www.bsa.org/ireland/
- In South Africa see http://www.bsa.org/southafrica/
- In Hong Kong see http://www.bsa.org/hongkong/
- In Malaysia see http://www.bsa.org/malaysia/
- In Norway see http://www.bsa.org/norway/
- In Sweden see http://global.bsa.org/sweden/
- In Germany see http://global.bsa.org/germany/
- In France see http://www.bsa.org/france/
- In Italy see http://www.bsa.org/italia/
- In Spain see http://www.bsa.org/espana/
If you have an article, policy, audit program or link to add to this page contact us.
from Jim Kaplan, Certified Software Manager