The Hindu Business Line : Impact of SAM on the auditor

Software has become an integral part of corporate world and a key component of running a business. Thus software is seen as an important asset for any organisation. Software Asset Management (SAM) helps organisations protect and manage their software, in turn enhancing the rightful and legitimate use of copyrighted material (in this case software).

The same cause is also supported by regulatory authorities by having various copyright compliance requirements.

This article looks at infringement of the Copyright Act in relation to IT software used by an organisation and the how it might affect the internal/statutory audit.

With tremendous innovations in information technology, almost all business organisations — large or small — are increasingly investing in software.

Software asset management has therefore been assuming growing importance in recent times. Consequently, this subject has also become important for both internal and statutory auditors.

The emphasis on good corporate governance these days for listed as well as non-listed entities in India has accelerated this process. Clause 49 of the Listing Agreement as well as auditing standards re-enforce the requirement of following ethical business practices. In response to this, the auditors of a company should include in the audit programme, an examination of software asset management with special reference to compliance with the relevant laws.

The auditors should particularly look into unauthorised/illegal use of software by a client company to establish that no copyright or related violations have taken place in the organisation and that there is no potential liability in this regard.

SAM and copyright infringement

Organisations today depend heavily on software for all functions. Hence, software becomes a valuable asset to an organisation.

SAM is a process which helps in effective management and protection of software within an organisation.

In addition, it also ensures that the organisation complies with relevant legislation.

One of the key elements of SAM is legally licensed software. The most widespread illegal practices for software include illegal copies, hard disk loading, unauthorised downloading from the Internet and forgeries.

Some key facts to highlight the extent of this irregularity in India are given below:

Seventy-eight per cent of end-users do not keep account of licenses purchased (KPMG survey); and

More than two-thirds of software vendors said that they have changed their pricing and/or licensing polices during the past two years (BSA, 2005).

The unauthorised copying, sale or use of a computer program in any manner other than that which is permitted by the End User License Agreement or by the copyright law for the time being in force, amounts to software piracy. In other words, software piracy is the unauthorised copying, reproduction, use, or manufacture of software products.

Computer software is protected against unauthorised copying by copyright law and international copyright treaties, as well as other intellectual property laws and treaties.

These laws and treaties protect the rights of a software owner by granting the owner a number of exclusive rights, including the right to reproduce or “copy” the software. Illegal use of software would be a fraud by the company and would have to be reported in the auditor’s report.

Computer software is protected in India under the Copyright Act, 1957. Copyright is infringed under Section 51 of the Act, if any of the exclusive rights enumerated in Section 14 are exercised by a person without the permission or licence of the owner of copyright. Copyright is also infringed under Section 51 of the Act, if any person sells or offers for sale or displays for sale, any infringing copies of the work.

The Act also separately recognises an offence in respect of the knowing use of an infringing copy of a computer program.

The knowing use of an infringing copy, is in fact a cognisable and non-bailable offence as well.

A peculiarity of software, as opposed to other products that are the subject to copyright protection, is that software is normally licensed and not sold.

Thus, the terms of licensing become crucial for the determination of infringement of copyright.

The licence agreement, which is also referred to as the End-User License Agreement (EULA), always accompanies the sale of genuine software. The EULA is either a paper licence, which is enclosed in the product packaging or is available online.

Impact on the auditor

In the above context, it becomes imperative for both — the internal auditor and the statutory auditor — to include software asset management within the purview of their audit. The following regulatory/legal requirements are particularly relevant where there is illegal use of software in an organisation:

CARO — Statement on the Companies (Auditor’s Report) Order, 2003: As per Companies Act, the statutory auditor’s report has to contain a statement on the following:

“Whether any fraud on or by the company has been noticed or reported during the year. If yes, the nature and amount involved are to be indicated.”

Illegal use of software would be a fraud by the company and would have to be reported in the auditor’s report.

“Is there an adequate internal control procedure commensurate with the size of the company and the nature of its business, for the purchase of inventory and fixed assets and for the sale of goods and services? Whether there is a continuing failure to correct major weaknesses in internal control?”

Software is a fixed asset. If it is being illegally used without payment and the internal control system is not highlighting this point, it would have to be reported in the auditor’s report wherever the item is material.

AS29 – Provisions, Contingent Liabilities and Contingent Assets: This standard mandates and obligates every company to disclose all its possible obligations, which it defines to be contingent liability.

It further states that such obligations also arise for meeting with statutory requirements. Accordingly, infringement of the Copyright Act would result in at least a contingent liability. The auditor should therefore consider whether it has been disclosed or not.

AAS 4 — Auditor’s Responsibility to Consider Fraud and Error in an Audit of Financial Statements: While the management is clearly and primarily responsible, but the responsibility of the auditor about misrepresentation or intentional omissions is an important obligation.

AAS 21— Consideration of Laws and Regulations in an Audit of Financial Statements: Again, while the management is responsible for compliance of the laws in India, but the auditor needs to plan for questioning whether the client is complying with laws and regulations, including those relating to copyright.

AS26 — Intangible Assets: Under this, standard computer software is a separately classifiable category of intangible assets. This needs to be recorded appropriately. If all intangible assets are not reported properly, the auditor should consider the impact on his audit report.

Under Clause 49, the CEO/CFO shall certify to the board that to the best of their knowledge and belief:

“The financial statements do not contain any materially untrue statement or omit any material fact or contain statements that might be misleading;

“There are no transactions entered into by the company during the year which are fraudulent, illegal or violative of the company’s code of conduct;

“They accept responsibility for establishing and maintaining internal controls and that they have evaluated the effectiveness of the internal control systems of the company and they have disclosed to the auditors and the Audit Committee, deficiencies in the design or operation of internal controls, if any, of which they are aware and the steps they have taken or propose to take to rectify these deficiencies.”

These issues are very similar to the ones highlighted under Sarbanes-Oxley (SOX). These assertions also have an impact on the auditor when he gives his certificate on corporate governance report.

Summing up

In summary, bad management of software licences could have the following effects:

An understatement of the number of licences used, due to non-compliance with the software copyright legislation; this should be considered when measuring contingent liabilities and the related accruals for provisions for contingencies to cover charges arising from possible penalties;

An incorrect presentation of intangible assets in the balance-sheet; and

A potential violation that could question the adequacy of internal controls and procedures. This could also be deemed as an irregularity and misrepresentation.

Auditors accordingly need to be more cautious in their approach and cover compliance with laws relating to software as a part of their audit procedures.

(The author is Executive Director, Advisory Services, KPMG.)

More Stories on : Accountancy | Software

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
SAARC: Pruning the negatives

Loan waiver: Cheer without fear

Impact of SAM on the auditor

Pyramid structure frowned upon

Challenges posed by Kosovo’s declaration of independence

Unfortunately, FRBM is not a fiscal transparency Act

Financial infrastructure + debt waiver = financial inclusion?

Loan waiver scheme