Employees or former employees who can’t tolerate outright thievery of software or are disgruntled, seeking revenge, have reported many companies. There are rewards for doing so. Review SIIA Offers Whistleblowing Cash Rewards. The SIIA and BSA, etc. are just a phone call or a few clicks away. They all have hotlines and online reporting forms.
Your software suppliers keep records of your software purchases and know about how many computers your company owns. The number of computers within most companies is approximately equal to the number of employees these days. The number of employees is a matter of public record. Or perhaps your company does business with one supplier that has records of your hardware and software purchases.
A company can be "caught" by asking an enforcement agency for help it become compliant. The enforcement agency obliges by sending a helpful person to audit the computers to see what software licenses need to be purchased to become compliant. This helpful person then reports the findings to the enforcement agency who then fines the company. This is a self-induced enforcement event.
Competitors have been known to report their competition.
Temp workers have been known to report companies where they've carried out assignments. This isn't to say that all temp workers would do so. This is one reason I'm against outsourcing IT Asset Management duties. Now that rewards are given for reporting companies, it's quite a temptation.
Remember, there is no such thing as an all-the-time 100% software compliant company. If you haven’t negotiated the "right to audit" clause out of your software agreements, don’t be surprised when software companies come knocking on your door. No one needs to report your company for these software companies to exercise the "right to audit". They can just make the rounds of their customers to collect extra revenue in the form of fines and charging much more for the software licenses that need to be reconciled.
If a company receives a demand letter, it can get themselves into deeper hot water by not reading the demand letter VERY closely. What applications are said to be out of compliance? Audit and find purchase documentation, etc., for only those applications mentioned in the demand letter. If you’re out of compliance, you’re caught. Do not respond to a demand letter by turning over an audit that shows more than is requested in the demand letter.
And, get a written explanation from each software company as to what documentation is required to show proof of purchase. It can be different for different software companies…no standards here either. See What Software Documents Should Be Kept?
So what's the solution? Develop a comprehensive IT Asset Management program. In so doing, a baracade is build around your company against attack while saving more money than it costs to develop this program. There are a few training courses available. Get trained to get saving!
