On this page you will learn about:

- The chances of being audited

- Who might contact you

- Whether you should be concerned

- What triggers an audit

Will you ever be audited?
The short answer is yes, if your organisations purchases commercial software.

The BSA audit organisations of all sizes all of the time.

Publishers tend to audit organisations of 500+ machines simply because the returns are higher.  But do not think just because your organisation is smaller than 500 machines that the publishers won't audit you.  If they hear or sense that there could be some issues, then they will ask questions and pursue them in more detail when they identify an area of weakness.

For organisations of 500 to 2000 machines then it is very likely that one of the big publishers will knock on your door sooner or later.

If your organisation is more than 2000 machines then absolutely, in fact we would be amazed if it hasn't already happened on several occasions.

And do not think that your organisation might be exempt for any of these reasons:
  • Your organisation is too important as a customer for a publisher to risk the relationship.
  • As government or public sector you are immune from investigation.

We have worked with examples of each of the above.  At the beginning the client was convinced that the publisher would back off and leave them alone for some reason.

Experience proves that if any organisation uses commercial software, then they have a contract to honour with the publisher whether they are aware of it or not.

It doesn't matter what relationship exists, contractually it is possible to investigate everyone and they will if non-compliance of any form is suspected.

Two types of audit
Basically there are two types of audit:
  1. Software publisher audit
  2. Software authority audit (e.g. BSA)

Publishers will want to cover all of their product set in use.  It will be extremely time consuming and disruptive.

Authority audits happen on two levels:
  1. General enquiry
  2. Specific reason for contact

General enquiries are speculative, for example the BSA send out a letter each year to as many end user organisations as they know about asking for a declaration of compliance.

The chances of being audited by the publishers
Whenever we talk with publishers there is a real sense that they no longer wish to outsource the problem by using the BSA or another local body (such as FAST in the UK) but deal with it themselves. 

This is why they will rarely go legal on organisations but they will apply a great deal of pressure to resolve licence shortfalls on a commercial footing.

This is why the chances of being audited by a publisher are far higher today than they used to be and if there is the slightest suspicion that your organisation does not have enough licences they will ask you questions.

- Ignorance of being non-compliant is never a defence and whilst it is unlikely that anyone will be fined and even more unlikely that Directors will be put in prison (Will you ever be prosecuted?) you will always always always have to purchase any shortfall of licences to rectify a non-compliant situation.

And if you are not prepared for the questions, an audit will waste a great deal of your time.  You will also lose all control in terms of time scales and mitigating action and wish that you had taken some simple steps (How to mitigate risk) before there was a knock on the door that you couldn't ignore.

Should you be concerned?

Whoever contacts you will not go away until certain questions have been answered.

The publishers will be looking for revenue from more licence sales.

The BSA and national bodies (e.g. FAST in the UK) will be looking to satisfy whoever has asked them to act.

What triggers an audit?
1) Certain types of contact between you and the software publisher.

NB - Never Ever ask a publisher for help in resolving a shortage of licences.  The only outcome will be that they prove that your organisation has a shortfall of licences and you will have to pay, right now.

There are ways to approach publishers that are safe and useful (see our Avoid unwanted interest section and Contact authorities for more information)

2) Phone call tip offs
The BSA and publishers welcome calls from anyone with information about end user organisations that supposedly use unlicensed software.

3) Analysis by the specific software publisher of your organisation's apparent licence position - e.g. Microsoft audits

4) Software publisher Account Managers being aware of significant change in your organisation, for example mergers and acquisitions, major upgrades, outsourcing of network management, reduced levels of licensing etc. More on this in How to handle - The compliance authorities

Software Publishers
Ultimately, any software publisher is looking to sell software licences.

If they can see that your organisation does not have a grip on its compliance position, then you are fair game.

The equation is simple, if your organisation has over 500 machines then it will probably happen sooner or later.

When the publisher knocks on the door, the time and effort you will waste is directly proportional to your ability to declare your compliance position right now.  Is your organisation prepared?

The BSA was founded on the promotion of the legal use of software.  If they find examples of non legal use they will pursue them.

And don't expect them to go away or reduce their activity...The BSA are often in the news, for example...

FAST and other national bodies
FAST are looking to sell membership (and training), both to you as an end user and to software publishers who might want to hire their legal teams.

If there is no specific reason for their approach where a single publisher's products will be discussed, then it is more than likely to be a general sales enquiry.

Do not be intimidated, but treat them with caution until they make the reasons for contacting you absolutely clear.

You should go into every meeting with the intention of saying as little as possible and answering questions with the minimum of information.

We now look at the question - Will you ever be prosecuted?