10. 01. 2020

IAS 37 Provisions and Contingent Liabilities for Software Licensing

Cerno today releases its guidance note, for consultation purposes, on IAS 37 Contingent Liabilities and Provisions related to Software Under-Licensing. 

You can read more on this topic by Robin Fry on MEDIUM.

Background

Licensing of business software but where the extent and usage by the customer is not fully covered (‘under-licensing’) is a widespread (but rarely publicised) issue for major corporates and public-sector bodies.

The consequent exposure to the software supplier for the shortfalls can be material but often not apparent until the supplier exercises any contractual right of audit. At that stage, and over a period of some months, a license position is obtained for each and every product line with license grant being compared to usage that, inevitably, exposes license shortfalls.

Although it might be considered that a customer’s software licensing can predictably and readily be assessed for compliance, there is complexity here, with a high degree of risk, for a number of reasons:

  1. The main software vendors have huge numbers of product lines – IBM’s software catalogue for instance has over 60,000 items – with 250 different metrics on which program usage is charged; even the largest corporates rarely have the knowledge and oversight necessary to fully understand what exactly is being used, under which applicable metrics and of which product version;
  1. The license agreements have been developed iteratively over 30-40 years but many key concepts (‘use’, ‘access’, ‘processor’, ‘running’) are still left undefined; many terms are ambiguous and dependent on the vendor’s – not the customer’s – interpretation(s);
  1. As technology has moved on with cloud usage, virtualisation and robotics, IT deployments by customers are changing constantly; the related licensing position is therefore a moving target;
  1. The vendor’s own license agreements have not kept pace with the technology they are licensing; the vendors have instead sought iteratively to bolster the reach of their licensing schemes. Users are pointed to multiple guidance notes, ‘partitioning policies’, white papers, manuals and special conditions all loaded onto their websites with many further cross-references then on to other documents deep in the vendor’s library: often there is no single license agreement and significant ambiguity as to how usage of software tracks to software licenses granted and which documents are binding on the customer;
  1. The IT, procurement, accounting and legal functions of large businesses may not together have considered the risks and lacunae around the software usage required by the organisation;
  1. All of the major software vendors declare that their licenses are personal, non-assignable, and for use only by the contracted licensee entity for their own internal business purposes: use then by other group companies is not implied and must be negotiated at time of license grant. The difference between the named licensee and the actual corporate user entity often then becomes confused or overlooked.

Does the software have to be in use?

Software license fees are generally charged on the basis of installation or running. Accordingly, software that has been shelved or servers that have been put to one side for, for instance, fail-over or archiving still need a full suite of licenses even if rarely used.

Furthermore, much software licensing is charged on the number of processors potentially available to execute the software. With many businesses, a decision to maintain high availability (where excess loads at any time can be diverted to other groups of servers, often using ‘virtualised environments’ – particularly with VMware), means that very high numbers of processors and hardware all need to be fully licensed even if rarely fully utilised.

Level of risk

Although software licenses can often be negotiated at very high discounts and with preferential contract terms, the software vendor’s rights are reserved, contractually, to enable claims to be asserted at list-price with recovery of audit costs and 2 or 3 years of back-support (generally each year at 22% of perpetual license list fees).  Technically, rights to fees for back-support at full list price can cover the complete period going back to the later of first usage or six years.

With no opportunity to negotiate, for even small infractions, the eventual legal liability, when costed, can be many times what the corporate might otherwise typically pay.  IT teams and CIOs may not be aware of this and therefore downplay or disregard shortfalls that then unexpectedly give rise to material claims.

The question, to be answered by way of formal declaration from the CIO is:

  • Are there any shortfalls of licenses in respect of the group’s usage or installation of software supplied by any of: Oracle, Microsoft, Informatica, IBM, VMware or SAP?
  • What scripts have been run, or assessments made, to know this?
  • Has there been an external verification as to the group’s level of financial exposure to that vendor if they were to carry out their own audit today?

Under-licensing is a present liability

Although the liability may generally only be exposed when a software vendor triggers their contractual rights to a software license review or software audit, nevertheless the payment shortfall is present at any time when the user has insufficient number or type of licenses required for their usage.

Although all the major software vendors have their own audit processes, it is clear that this only obtains the evidence for under-licensing rather than creates the liability: the liability is present at any time the corporate is using the software beyond the original license grant.

Is this a contingent liability?

IAS 37 declares a contingent liability as being:

  • a possible obligation depending on whether some uncertain future event occurs, or 
  • a present obligation but payment is not probable or the amount cannot be measured reliably[1].

It is submitted that any liability to a software vendor, as a counter-party to a license agreement, for under-licensing is generally an extant liability related to use; it is not dependent on future events eg whether the vendor identifies the user as under-licensed and/or initiates a software audit or other legal claim.

Furthermore, payment is probable in time by reason of the cycle of software audits carried out by the major software vendors.

Finally, the amount can generally be assessed by the conducting of an internal software license review by licensing consultants.

If a provision, how should this be measured?

The starting point will be the extent of any shortfall in licenses identified through an internal software license review or otherwise known by the organisation. This will produce a schedule of required license types and numbers to which published list prices and back-support can be applied.  This is known as an Effective License Position (ELP).

With the assistance of advisers, a best estimate can then be obtained in order to identify the likely outflow to settle the obligation in approaching the vendor[2].

Is the possibility of there being ‘an outflow of resources embodying economic benefit’ [3]too remote?

This is a matter for determination based on the identity of the software vendor, their practices around recovery of software under-licensing fees, and any remediating steps being carried out by the customer.

However, it is submitted, that, in the case of the principal software vendors – SAP, Microsoft, Oracle, Informatica, VMware and IBM, it would be imprudent to maintain that putative clams by any of them for unlicensed usage are remote – even if not immediately in view.

Conclusion

A number of high-profile cases, and the experience of IT asset managers, have confirmed that software under-licensing is a continuing issue for major corporates and public-sector bodies and that the amounts consequently available to be sought by the relevant vendors can be material.

Cerno Professional Services Limited © 2020

Note: The above represents opinion only and is made available without liability. Guidance is not to be taken or read as legal advice nor relied on without confirmation by your statutory auditors and your solicitors. Please refer to IFRS.org for latest version of standards and amendments.

Version: updated 140120 to incorporate footnote 2 referencing IAS 38 and IFRS 16


[1] Quotation © IFRS Foundation

[2] IAS 38 and IFRS 16 may both also be considered; however, IAS 38 only addresses the position of a software license as an asset and says nothing as to how the allied lease liability should be recognised.

[3] Quotation © IFRS Foundation

To get in contact with our team you can either Call us on 0207 421 7360 or email us at info@cerno-ps.com

Website Security Test