21 October 2008

Case Study: Compliance Problem? Address All Issues Quickly

by Mike Sisco, Senior Consultant, Cutter Consortium

Today's Cutter Edge is excerpted from Cutter IT Journal. For more information, please contact Dennis Crowley at +1 781 641 5125 or e-mail dcrowley@cutter.com

While conducting the IT due diligence to support one company acquisition, it became obvious that the company we were trying to purchase reduced expenses considerably by pirating software. In other words, the company purchased one set of software and simply copied it illegally to other employees as needed.

This company was small, but the compliance problem was significant and needed to be fixed. Resolving this software compliance problem was going to require an additional expense of more than $400,000 in my IT transition budget.

This is not what senior management wants to hear, but the risks far outweigh the cost to resolve the situation. The penalty for software piracy is quite severe. According to the Business Software Alliance (BSA), the voice of the world's commercial software industry, the penalty for software piracy can be a fine for as much as $150,000 per stolen software program plus an additional $250,000 fine, or a jail sentence for as long as five years, or both.

I don't know about you, but that gets my attention.

It's a challenge to keep your company compliant in terms of software licensing, and almost every company is potentially noncompliant in some way. The good news is that the BSA does not want to cause your company problems and will leave you alone if your intent is to comply. The bad news is that the BSA can recommend a software compliance audit be conducted, and a government agency can create a significant disturbance in your company when such an audit is performed. And as I noted above, penalties for software license noncompliance are quite stiff and can involve not only financial penalty, but also imprisonment.

If you encounter software license compliance problems in an M&A transaction, there are two ways to resolve the problem:

  1. Point out the problem to the acquisition target and have the company resolve the issue before the merger is transacted.

  2. Build an action item to resolve the issue into your IT due diligence plan and budget. In other words, take care of the problem soon after the merger transaction is completed.

Our company chose option 2 in this situation, which is probably the best approach for most companies. It's usually better to build in whatever financial contingency you need to close the deal and wrap things up financially upon signing the merger agreement than to create a situation that depends on the target company doing something.

Now to finish up the story. After the deal was done, we received a phone call from a young lady with the BSA, who had been notified of our compliance problem by a disgruntled employee from the acquired company. Being able to show her that we had identified the problem, put dollars into our budget to fix it, and included an action item in my IT transition plan was enough to prevent an audit. She asked me to send copies of our software license purchases and then left us alone when we complied with her reasonable request.

The Moral of the Story

When you detect compliance issues, be sure to get ahead of the problem by creating a proactive plan to address all issues.

I welcome your comments on this Advisor and encourage you to send your insights to msisco@cutter.com.

-- Mike Sisco, Senior Consultant, Cutter Consortium

Case Study: Compliance Problem? Address All Issues Quickly

Advice and Analysis

The Cutter Edge is a free biweekly email service that gives you information and advice that you can put to work immediately for your organization. Issues are written by Cutter Consortium's journal and Senior Consultants.

Sign Up for the Cutter Edge

Advisor Free Trial

Sign up for a free, 4-week trial to any or all of our Advisor newsletters.

Sign Up