How to Respond When an M&A Sparks a Software Audit

By Jeff Seabloom

CIOs involved in merger-and-acquisition initiatives or divestitures have enough to worry about as it is. They must factor in blending disparate systems, consolidating databases and standardizing platforms. An additional concern that often fails to get their attention, however, is the increased likelihood that an M&A will trigger a software audit. 

The reason: An M&A or divestiture involves organizational disruption that dramatically changes the landscape of an enterprise’s use of hardware and software. Geographies and legal jurisdictions are redrawn, new users are absorbed or released, and new software agreements and licenses are added or shed. While some contracts contain specific language with regard to M&A activities and their repercussions, most are not very friendly or forgiving to compliance violations. And while enterprises devote significant resources to integrating people, processes and products during a merger, software licenses and compliance are often ignored.  

The havoc and confusion that accompany an M&A make an enterprise vulnerable to violating the compliance terms of their software agreements. This vulnerability, in turn, is a bright red flag for software vendors that are increasingly vigilant about identifying and pursuing organizations that run afoul of their contractual terms. Indeed, for vendors facing declining sales of new products, audits of enterprise clients are becoming a major revenue stream, sometimes generating millions in fines. A 2013 survey by Express Metrics found that 53 percent of enterprises had been audited in the previous two years, and Alsbridge, a consulting and advisory firm, has seen increased instances in audits since then.

To compound the challenge, IT asset contracts are by design exceedingly complicated and obtuse. Terms regarding who is or isn’t authorized to use a product under a given license are vague and confusing, and when unauthorized copies of software are unwittingly shared and distributed, vendors take note. Another common tactic is to offer customers the opportunity to “sandbox” new test products, without specifying licensing terms and with the expectation that the product will end up deployed by users in violation of terms.

Moreover, software providers employ legions of attorneys specializing exclusively in understanding compliance terms, conducting audits and generating fines. The in-house or retained legal counsel of customers is, by contrast, often seriously overmatched.

Despite fighting a seemingly uphill battle, however, CIOs can take a number of steps to prepare for an audit and ensure compliance. In fact, rather than an exercise in stress and intimidation, an audit can actually be a positive experience that results in more favorable terms and a better relationship with suppliers.

Proactive preparation is imperative. Software asset management, coupled with contract and license reviews, should be an integral part of a merger-and-acquisition strategy and implementation plan from the outset. Because software compliance has traditionally been a low priority from a strategic perspective, the onus is on the CIO to develop a business case regarding the importance of compliance and implications of contractual violations, specifically in the context of a merger and acquisition or divestiture. Put simply, the CIO must educate the boardroom that software compliance matters.

An asset management and compliance initiative must aim to enhance internal governance and processes around software acquisition, licensing and usage. The initiative should be led by a dedicated function–either in-house or third party–focused on instilling the requisite people, process and technology discipline. For example, educating all users on general guidelines isn’t sufficient–admin rights should be limited to select users who’ve received special training on software licensing and distribution.  This special training should instill awareness among the admin rights team of different categories of licenses as well as potential compliance traps. Procurement processes need to align with contract requirements to avoid back-channel acquisition of non-compliant software products.

Proactive preparation and effective asset management deliver a high-level understanding of the environment, as well as detailed data on assets, pricing and service levels. CIOs can leverage this knowledge to their advantage, regardless of whether they’re subjected to an audit. Robust and granular transparency into products under license and in-use, as well as insight into costs, contract terms and options, can help navigate the challenges of integration and divestiture. And, if an audit is launched, CIOs can respond with confidence to demonstrate compliance. In fact, we’ve seen instances where audits have revealed that software vendors were over-charging customers, resulting in significant refunds and better terms on renewals.

For better or worse, software audits are becoming a fact of life for business enterprises. Involvement in an M&A initiative can significantly increase the odds that a vendor will launch a compliance inquiry.  Awareness and preparation can help mitigate audit risks, improve enterprise management and enhance provider relationships.

Jeff Seabloom is a managing director with Alsbridge, a global consulting and advisory services firm.

CIO Insight Staff
CIO Insight Staff
CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need network monitoring technology and solutions to maintain regulatory compliance for their teams and organizations.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles