How to Avoid Paying Millions in Software Compliance Penalties

Software compliance is a big business. Software companies collect millions of dollars in compliance penalties every year. It's a big chunk of their income statements.

So you can be sure they're looking for clues that you're out of compliance. They even offer generous rewards to whistleblowers on the inside for tips.

What's worse is many organizations are out of compliance with their software agreements and don't even know it. And usually it's because no one knows what's in the contract.

This week, we're wrapping up our series on The Problem with Decentralized Contract Management with this video on audit risk.

Free Course: The 4 Pillars of Contract Management

Grab my free video course to learn how to build a streamlined contract management process. You'll discover the best practices we help our clients implement to reduce time spent on contract management by up to 75%.

Click here to join the course

Video Transcript

I was on my way to work when I heard an ad on the radio offering a sizable bounty to anybody that’d blow the whistle on their company for stealing software.

Now they called it stealing but what they were trying to expose was a compliance issue.

The reality is a lot of organizations are out of compliance with at least some of their software vendors.

And software compliance is big business. As far back as 2008, the business software alliance or the BSA, was offering up to a million dollars for anyone who’d blow the whistle on their company.

And they were collecting payments sometimes as high as ten million dollars in compliance audits.

An organization can get out of compliance with software pretty easily. And for different reasons.

But by far the most common reason is the employees that are deploying or using the software don’t understand the limitations in their software license agreement.

I once got a call from a software vendor telling me that our IT department had overdeployed their software to the extent that we were looking at a compliance exposure of over a million dollars.

When I asked him how he knew we were out of compliance, he said our IT guy actually called their support desk and asked for a copy of the contract.

Our guys told the supplier that they wanted to take a look at the contract to see if they could get an extra key for the license because they’d deployed so many instances of that product across our network that they were having trouble managing it.

I eventually found a copy of the contract, and saw that the supplier had to give us a 90-day notice before they can come in and conduct an audit to assess the damages.

But the cat was already out of the bag. They knew we were offside. And they knew that we knew, that they knew.

So the best we could do was negotiate a fee to make them go away, rather than risk the exposure of an actual audit.

And all of this because our guys didn’t know where the contracts were!

And it’s not just supplier audits; I’ve been grilled by internal auditors as well.

Many organizations, especially financial institutions, and publicly traded companies, will bring in a third party to conduct an internal audit.

And of the things they’re looking for is an organization’s ability to produce a contract that they say they put in place with a supplier or a customer.

And while failing a supplier audit could cost a company a lot of money, failing an internal audit could cost people their jobs.

So there you have it: the four challenges of a decentralized contract management process.

[1] There’s a lack of ownership

[2] You’re exposed to your supplier agreements

[3] There’s a lack of adherence to the actual terms and conditions you’ve negotiated

[4] And there’s a risk of audit, both internal and external.

I hope you found these videos useful. If you have any questions, please feel free to drop me a note. Or better yet, visit our website to take at how our tool — oneview — can help you with your challenges in a decentralized environment.

And remember, you can always sign up to receive our free video course the four pillars of contract management at