Companies that use unlicensed software may sustain huge penalties from the publishers that choose to act on their audit rights. In the event of an audit requested from a software publisher, using a third-party to conduct the audit is the best choice. 

Why my company should not conduct the audit:

There are two good reasons that the audited company should not conduct the audit. First, a law firm should be involved to ensure that the work product doctrine and attorney-client privilege can be invoked or the audit results. Otherwise, the publisher may be able to use the company’s findings in a legal action against the company. Second, the company’s IT department should not be involved anymore than necessary because the IT department may be the root cause of any problems that are discovered.

How my law firm should be involved:

A law firm should be hired to direct the audit and ensure that the proper legal steps are followed to protect the audited company’s interests. However, a law firm should hire a trusted outside vendor to conduct technical portions of the audit. To begin, a law firm that uses its own IT personal for an audit may be using a person who is in charge of general IT tasks and not necessarily a specialist in scanning networks. Second, fees could be inflated for non-traditional law firm services that may be handled more efficiently outside of the firm. Third, there could be a question as to the independence of the audit if the law firm directly employs the IT staff rather than using a truly independent resource. If a law firm is using its own IT staff or its own network scanning software, then the client should be asking themselves how a law firm creating non-legal services as an additional profit center is the best use of the client’s legal budget.

However, a law firm should be directly engaged in the interpretation of the license agreements and proof of entitlement to each specific software installation. Deciding to handle an audit in-house without the use of external counsel can be a costly mistake.