Out of compliance over half a billion USD?

compliance sam

Over Half a Billion Dollar Worth of License Compliance Failure: SOX to the rescue!

Many times in my career, the clients I was asked to serve appeared to have software license compliance issues totaling more than 500 million U.S. dollar, based on their negotiated price deals and not taking into account any penalties that might follow. Such license compliance failure entails serious financial risk, even if you would be able to settle with the software publisher concerned on favorable terms. Often, I am asked why the financial risk and audit people don’t have this on their radar. There are many reasons but last December the legislatory urge to change has come, which obliterates any excuse.

In the mid-1990s, when I started my career in software compliance, nearly noone properly managed their software licenses, let alone understood the financial risk of compliance failure. Immaterial assets – i.e. all you can’t touch – doesn’t need to be managed: back then this was the common practice. Over the last two decades, much has changed. Software Asset Management (SAM) is now flourishing as a new industry and associated ISO and ITIL standards are in place. Only one major area had yet to follow: accounting and financial risk control.

SAM and license management implementations are commonly carried out to prevent or repair compliance or copyright breaches. Not the ultimate legal consequences drive this new practice, since we rarely see companies being taken to court by software publishers or people being put in jail for that reason. It’s the money instead! Severe software compliance issues are never counted in and therefore cause nasty surprises. License compliance failure can drain IT budgets and also have proven to be a main obstacle in mergers & acquisitions, a topic on which I wrote before. Now, if there is so much at stake, you may ask, why don’t auditors check the control processes needed?

At the turn of the century, I worked for a large software publisher and together with a colleague from a competitor we posed exactly this question to the members of an accounting organization. The vast majority agreed that Software Asset Management practices should definitely be part of the annual financial review. The impact of organizations having to demonstrate every year the processes in place to manage software assets – just like any other assets – would be significant, to say the least. It would address a major financial issue for licensors and licensees, and change the conversation between software publishers and their clients from audits, penalties and fine to management and optimization.

The legislatory urge for change that I mentioned, came on December 15 of last year, when a proposed Sarbanes-Oxley (SOX) extension turned into rule of law, requiring technology to be included in the guidelines for internal control. This development will have major consequences as it will foster the maturization of Software Asset Management and license management implementations.

Of course, the next question must be: “Is your organization ready . . . ?”

This article was published on 23-12-2014