Home > RSM Resources > Articles > Advantage > Information Technology > Do you have a receipt for that software?

RSM Resources

Back to RSM Resources
Information Technology
Do you have a receipt for that software?
 
Do you have a receipt for that software?

You may have heard the Business Software Alliance (BSA) radio ads offering huge cash rewards — recently boosted to a maximum of $200,000from $50,000 — to whistle-blowers who report businesses that pirate software.

If your immediate response was to think, "Well, at least that’s one thing we don’t have to worry about — we’ve got the original disks, packaging materials and registration documents all on file," you might want to rethink that assumption. What most people would consider proof doesn’t stand up to the standards of the BSA, an alliance of software companies. None of the materials listed above would constitute legal proof of ownership in a BSA software audit.

What’s more, if you think that the BSA looks only for big-time offenders, think again. During the past year, several midsized companies have agreed to settlements running into the hundreds of thousands of dollars. In fact, small and midsized businesses are often more at risk than larger ones.

"Smaller firms typically don’t have systematic processes and controls for IT deployment and management," says Alok Gupta, professor of information and decision sciences at the University of Minnesota’s Carlson School of Management. "They may fail to keep adequate records or unintentionally violate their licensing agreements by installing the software on too many machines."

According to Gupta, punitive fines can be quite severe, in some cases pushing companies to the brink of bankruptcy. Fortunately, Gupta and other experts say, you can manage your exposure to the financial risks associated with unintentional software piracy by adhering to a few easily implemented best practices. But first, you have to better understand how your company might be at risk.

Know your piracy parameters

Although some might regard the BSA as overzealous when it comes to tracking down and prosecuting software piracy, there’s a compelling reason the BSA and its supporters are so vigilant. Research studies have shown that about 21 percent of all software in use in the United States has been pirated. That amounts to more than $6 billion worth of software annually. In other countries, the problem is much worse. Worldwide, the value of pirated software is estimated at more than $34 billion annually.

The vast majority of software piracy in the United States is known as end-user piracy. That includes intentional piracy, such as using one licensed copy to install a program on multiple computers, taking advantage of upgrade offers without having a legal copy of the version to be upgraded, and swapping disks inside or outside the workplace. It also includes unintentional piracy, such as unknowingly exceeding the limits of your licensing agreements. And it encompasses something most business owners and managers would never think of as piracy at all: The BSA is busting a growing number of businesses simply because they can’t appropriately document their legal ownership.

"It’s no good to show me a software box," says Jenny Blank, BSA director of enforcement. "We need proof of ownership — and that’s a dated invoice."

In fact, according to Dallas-based attorney Robert Scott, whose firm specializes in defending companies against the BSA in what it considers to be spurious claims of software piracy, the BSA standards of proof are much stricter than that. In addition to the price and date, the invoice must include the company’s exact name in the "Sold to" spot, and it must list the product name and version number.

"The BSA will not accept any other proof," Scott says, adding that the BSA also categorically denies the validity of all eBay invoices, even from legal dealers selling excess inventory.

Eliminating the risk associated with the BSA’s proof-of-ownership requirements is easy: Make sure you receive appropriate invoices at the time of purchase, make duplicates, and file and store the originals and duplicates separately. However, that’s only the first step in effectively insulating your company from committing unintentional software piracy, Gupta says.

"Unintentional piracy is typically the result of an ineffective or nonexistent set of business processes and controls," he says. "An employee needs a software title on his or her laptop. The resident software technician installs it but neglects to make a record of it, and the next thing you know, you’re exceeding the number of workstations allowed by your site license."

By following a few simple guidelines, Gupta says,any company can establish a system of software controls and management practices that will greatly reduce the likelihood that your organization will become an unintentional software pirate.

Best practices require good processes and controls

The framework for an effective system of software controls and management practices consists of four simple steps, Gupta says:

Inventory your hardware assets. Compile a list of all workstations, laptops and handheld devices that require software.

Perform a software audit.This includes creating a catalog of your software titles, licensing agreements and requisite documentation. If you identify illegal copies of software, delete them and obtain legal copies.

Create policies and procedures. These rules should govern the purchase, installation and use of software throughout your company. It is especially important to include appropriate controls regarding administrative rights to devices. If you allow individual employees to purchase and install software on the devices they use, you’re asking for trouble.

Centralize the purchase approval and installation of all software. In smaller organizations, this often means appointing or identifying one person who has sole responsibility for approving any and all software purchases and installations, as well as answering employee questions about software policies and procedures.

To support the above controls, consider using automated software-management tools. These tools should routinely track and maintain software purchases, installations and licensing requirements,and perform periodic, system wide software audits.

"Almost all of the enterprise management systems available these days include a software-management suite," Gupta says. "Plus, there are a number of useful stand-alone products that are available for as little as $50."

In addition to being an aggressive watchdog, the BSA provides businesses with guidance on piracy issues. It has established guidelines about what constitutes piracy, created sample corporate policy documents and developed free tools for helping monitor compliance. It also has developed recommended best practices for managing software along with a number of other informational resources. These resources are available at www.bsa.org/usa/.

Effective software management — including appropriate measures to avoid any forms of software piracy — isn’t without its challenges and costs. Available software tools are neither fully automated nor foolproof. They require both monetary and human resources to acquire and maintain. The upside is, in addition to eliminating the risks associated with unintentional piracy, these tools may also boost an organization’s bottom line, Gupta says.

"In addition to protecting themselves from the financialrisk of any sort of piracy — intentional or not — many midsized companies might also realize some financial benefits by doing a more efficient job of allocating and managing their software resources," he says.

RSM McGladrey Inc. and McGladrey & Pullen LLP have an alternative practice structure. Though separate and independent legal entities, the two firms work together to serve clients’ business needs. RSM McGladrey is not a licensed CPA firm.

RSM McGladrey Inc. is a member of RSM International - an affiliation of separate and independent legal entities.

2007 RSM McGladrey Inc. All Rights Reserved. Contact us toll-free at 800.274.3978