KPMG Survey: Is Unlicensed Software Usage Hurting Your Bottom Line

INFORMATION, COMMUNICATIONS & ENTERTAINMENT

Is UnlicensedSoftware UsageHurting YourBottom Line? Leading Practices toReduce Revenue Loss

September 2007

KPMG LLP

With the spotlight on contractual compliance, KPMG sought to understand the issues

faced by most software companies today. How do major software vendors deal with

customers that are not complying with contractual agreements? What steps are soft-

ware companies taking to understand and control the nature and extent of revenue and

intellectual property leakage caused by this issue? Do compliance reviews performed

by software companies jeopardize their relationships in the marketplace? How are cus-

tomers selected for compliance reviews? Who actually performs the compliance reviews?

If license compliance breaches are found, what approaches are software vendors taking

to resolve them? What percentage of revenue is represented by recovered license-

compliance revenue? And, are these recovery practices worth the effort for software

publishers?

KPMG’s Software License Compliance Survey 2007

To find the answers to these and other questions, KPMG surveyed software companies in

cooperation with the International Business Software Managers Association (IBSMA), a

trade group that represents enterprise-level software customers. In addition, KPMG inter-

viewed compliance executives at six prominent software companies to validate the survey

findings and identify software license compliance practices worthy of note. Our objective

was to understand the substantive issues underlying this significant industry problem by

surveying a valid cross-section of software publishers. Our approach also focused on iden-

tifying better practices in license compliance in an effort to present successful strategies

and techniques being applied by software companies today.

S O F T W A R E L I C E N S E C O M P L I A N C E 1

© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

[SIDEBAR]

This study of the software industry

was conducted in cooperation with

the International Business Software

Managers Association.

[END SIDEBAR]

Leaving Big Money on the Table: Software License Misuse CostsPublishers Billions

Research conducted by International Data Corporation (IDC) in2005 concluded that the world’s software companies were losingUSD34 billion1 in revenue to unlicensed installations. This is morethan the gross domestic product (GDP) of 42 countries.2 Saidanother way, a USD34 billion software company would be almoston par with Microsoft’s annual revenue as the second largest software company in the world. It would be nearly twice as largeas IBM’s software business, which racks up USD18 billion insoftware revenue annually.3 Any way you look at it, this is a verysignificant problem for the industry, one that is due in part to soft-ware license agreement violations.

1 Cumulative of revenue leakage due to software piracy (including unlicensed personal use) as well as contractual noncompliance. 2 Source: International Monetary Fund Report, 20063 Software industry revenue ranking source: Standard & Poor’s Industry Surveys, Computers: Software, April 27, 2007

Our respondents included those responsible for, or with a strong working knowledge of,

license compliance in software publishing companies. The companies surveyed collectively

represented almost 50 percent of total industry revenue.

Demographics

Twenty-eight percent of those who responded are with companies earning USD5 billion

or more in software revenue. In addition, 62 percent are with companies earning more

than USD250 million. Responses from individuals who, based on their stated titles,

had no direct responsibility for license compliance activities have been excluded from

the results.

Of all respondents, nearly 40 percent sell PC software, a like percentage sell middleware

/database software, and 74 percent sell enterprise business applications. Also, 96 percent

of respondents work for companies that sell to enterprises having more than 2,500

employees. Eighty-nine percent of the companies surveyed publish software for the

Microsoft Windows® platform, 78 percent for workstations, 78 percent for UNIX servers,

and 35 percent for mainframes. Only 13 percent said their software is used on other

platforms.

According to the survey results, respondents’ companies sell largely to the financial ser-

vices, telecom, healthcare, and federal or local government industry segments. At least

half of all respondents sell to the manufacturing, information, retail, and entertainment

industry segments.

This survey population proved relevant to uncovering important nuances related to soft-

ware license compliance, and their collective experience provides valuable insights into

both the rewards and the risks associated with licensing matters.

Key Findings

Some important findings and conclusions drawn from this survey include:

• Unlicensed software use has significant and widespread impact on the industry.

• Almost all survey respondents said their companies lose significant amounts of rev-enue due to unlicensed use of their products. For example, 34 percent of those polledsaid losses amount to more than 10 percent of revenue, and 21 percent of respon-dents said their companies lose over 20 percent of overall revenue.

• A systematic approach to managing software license compliance efforts is a low-risk,high-reward endeavor.

• A substantial percentage of respondents indicated that compliance-related recoveriesprovide more than 5 percent of their annual software revenue streams.

• Most said license compliance activities have a positive or neutral impact on their rela-tionships with end-user customers and channel partners.

• Use of fairness in the resolution of noncompliance issues with customers is of para-mount importance in maintaining a positive customer experience and enhancing theoverall relationship.

• Assistance from objective third-party service providers in performing compliancereviews benefits both the software publishers and their respective customers.

Additional analysis and conclusions can be found in the Executive Summary and the

Survey Highlights sections of this report.

© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

2 S O F T W A R E L I C E N S E C O M P L I A N C E

Executive SummaryA Low-Risk, High-Reward Endeavor

Overall, KPMG found that a systematic approach to software license compliance efforts

produces good financial results and causes few, if any, negative ramifications. A large

majority of those polled said that the impact of software license compliance activity was

neutral, positive, or very positive at the end of the compliance review process.

Executives responding to follow-up interviews felt that customers ultimately view the

process in a positive light, although initially a software compliance review may be per-

ceived negatively. Christina Crowley, Vice President of License Management Services

at Oracle, explained, “When first contacting a customer regarding a license compliance

review, the perception may be viewed as negative or intrusive. People are nervous about

what it means or how the review will be conducted. However, by providing information

on the process and expectations, we can reduce overall concerns regarding what is

expected during a license review.” Another executive asserted that even if some cus-

tomers consistently viewed compliance reviews negatively there was no visible impact

on subsequent “repeat” sales to those customers.

More than 94 percent of survey participants said that their companies rarely lost a cus-

tomer due to software license compliance activities. Ninety percent said that escalation

to litigation was rare as well.

Craig Stoeber, Worldwide Software Compliance Executive at IBM, said, “We really

haven’t seen any negative impacts. In some cases relationships have improved because

we’ve accessed customers at higher levels in these organizations. There have been some

issues with mid-level IT managers who are responsible for managing the software and

who become identified as doing a less-than-perfect job, but even those haven’t had a

long-term negative impact.”

Microsoft’s Rod Ross, Software Asset Management Director, agreed, “Overall, it’s very,

very positive. We’ve approached these situations in different ways over time. It’s always

potentially explosive, but approaching situations within the context of business process

is very positive. We end up with neutral or positive perceptions 96 percent of the time.”

Michelle Brooks, Worldwide Director of Software Compliance at Attachmate, added,

“I think overall the impact is positive, although not always immediately.”

Jeff Gustafson, a Worldwide Software Licensing & Compliance executive at EMC, views

compliance primarily as providing value-added information to the overall relationship:

“Software asset management is difficult even under the best of circumstances, with cus-

tomers taking a risk-based approach to resource allocation in managing vendor contracts.

Uncertainty, complexity, and risk in software licensing (e.g., the ‘perpetual license/on-site

deployment’ model) can create perverse asymmetries in the business relationship, result-

ing in decisions based on imperfect information on both sides. In broad terms, compliance

programs are responding by moving toward a relationship management engagement

model in an effort to drive value-added information back into that relationship.”


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

Mostly Nonpunitive Measures

Based on various actions most companies take with noncompliant customers, we found

customers are not being overtly penalized for noncompliance. Rather, many publishers use

the results of compliance reviews as a basis for true-up only, or structuring of go-forward

deals.4 Yet despite that, 30 percent of those surveyed said recovered revenue amounted to

between 5 percent and 10 percent of gross annual software revenue, and 7 percent of

those polled said recovered fees had added 10 percent or more to the top line.

Handle Customers with Care

Follow-up interviews shed light on how these potentially sensitive activities are handled.

“At Attachmate we understand that this can be intimidating, so we try to be very trans-

parent about what customers can expect from us and any third-party partner we may

be working with,” said Brooks. IBM’s Stoeber concurred with that practice and added,

“We typically have face-to-face meetings with large customers, and we have well-

defined processes and approaches that we follow on each one. We strive for consistency

and we take customers through the processes and explain why we do what we do.”

EMC’s Gustafson emphasized the customer benefits: “More than simply mitigating legal

and financial risk between the parties, compliance programs provide customers and ven-

dors with other benefits. On one hand, customers can gain information to help optimize

and leverage existing as well as future investments. On the other, vendors can gain a

better understanding of their customers’ usage, thus facilitating a better alignment to

value.”

Oracle’s Crowley added, “Our goal is to manage compliance risk and in doing so educate

customers on their license inventory, deployment, and usage. In many cases, we are pro-

viding customers with information they may not have and/or are not managing. We report

back to them in a customer-value-added way.”

Rod Ross from Microsoft acknowledged that things can turn contentious, and indicated

that keeping the conversation focused on business issues is a key for success in dealing

with customers. “We reset the conversation by saying ‘let’s make sure you understand

our goal and what we are proposing to do here.’ We explain that we want to identify their

baseline and see what’s needed.”

Top-Down Support Works Best

A key characteristic common to successful compliance programs is senior executive

support. The prospect of compliance reviews can be intimidating not only to customers

but also to stakeholders in the publisher’s own sales function. When a C-level executive

endorses compliance practices, internal dissension is reduced. Including stakeholders

from the sales function also helps to make the compliance function more successful.

Interestingly enough, when a publisher review receives the proper executive support at

the customer level (i.e., when an executive such as the CIO is involved in a compliance

review), the whole process is often smoother.

“At the highest levels within IBM,” said Stoeber, “support is very, very good. At the mid-

level, we find people who are not supportive for certain reasons. They require counsel on

why they need to be supportive.”


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

4 Note: The approach taken by trade organizations, such as the Business Software Alliance, that act on behalf of publishers dif-fers from the practices of the publishers themselves. BSA seeks a “penalty,” or a payment above the true-up cost from usersthat overdeploy.

“At Attachmate, our primary support comes from the CEO, CFO, and general manager,”

Brooks said. “By extension, our six-person executive committee has made compliance a

corporate priority and an important part of the charter for the committee.”

“While strategic support with executives is a key factor, I would not overlook the impor-

tance of tactical alignment with the grass roots,” says EMC’s Gustafson. “I have not met

an account executive or key internal business stakeholder who wasn’t interested in

enabling his or her business relationship, rather than burning it.”

BEA’s Christian Pruitt, Senior Director of Worldwide Compliance, also enjoys top-down sup-

port. “To a degree, the higher up, the more supportive [our executives] are,” he explained.

“The EVP of sales genuinely wants to do more, but is concerned that his team may already

be overextended. At the country manager level, they’re supportive—when compliance

activities are not unduly painful to them, they’ll make a good business decision.”

Fair Settlement Policies

Again, the common denominator in settlement policies is the word “fair.” However, that

said, software companies rightly expect to be fairly compensated for the products that

customers install and/or use. Some believe that the “letter of their contracts” is paramount

and require full look-back measures (such as interest on payments) for overdeployed soft-

ware. Other companies are content reducing discounts commensurately, rather than

charging for interest. The net result may be the same, but the perception of punitive actions

may be different. Still, many publishers extend regular discounts and no look-back charges.

Microsoft’s Ross indicated that conditional aspects of the company’s settlement approach

are important to his customers. “There is naturally a very careful approach to such situa-

tions. When customers are willing to be reasonable and cooperative, settlement resolution

is a very collaborative and cooperative process.”

According to Stoeber, IBM sees itself as being in the middle of the spectrum on settle-

ment policies. “We do not have penalties or interest. We believe customers do not want

to be out of compliance; some customers are simply not good at managing their soft-

ware assets. We ask only that customers pay a fair price for an IBM software solution.

We assume that our enterprise customers truly expect to pay fairly for what they use,

and for related support. On that basis we ask customers, for example, to show us how

long they have been using our products, to ensure they are in compliance with our main-

tenance policies.”

BEA’s Pruitt also used the word “fair” to describe the relationship his company expects

to have with its customers. “I want a fair resolution when a contract violation occurs.

That means what is fair to our customer. They only have to pay for what they use and

what they need. What is fair to BEA is being compensated, at the right price, for what a

customer used. They should not expect to ask me to let them uninstall something and

not pay for it. If they used the software, then they should pay for it. If, on the other hand,

they can demonstrate that they installed something but never used it, we are tolerant.”

It is important to point out here that fairness is closely related to each publisher’s revenue

model. Some publishers, such as cable television providers, believe the value is inherent

in the installation. Compensation is based on installation rather than use. Electric utilities,

on the other hand, charge by usage. Settlement policies would therefore be different

with respect to one publisher who charges for installation and another whose revenue

model is based on users and usage.


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

Software Executives Speak Out on Third-Party Reviews

“One large benefit of using a partner is to obtain an accurate view, and complete and accu-

rate remedy, that both Attachmate and the customer accept,” said Attachmate’s Brooks.

“Partners give us depth and breadth. Sophisticated customers will also understand that they

will learn quite a bit from the compliance review process that our partners take them through.

We know our compliance review firm is going to find everything that’s there. Both our cus-

tomers and Attachmate see the value of a partner as a mediator/moderator in the process.”

EMC’s Gustafson agreed, “The presence of a third party tasked with performing a profes-

sional, accurate, and complete software licensing assessment between the parties lends

objectivity, credibility, and confidentiality to the engagement and, ideally, to the business

relationship.”

“We’re not the compliance review experts,” added BEA’s Pruitt. “Third parties bring a much

broader skill set to the table. If I tried to hire, train, and manage the level of resources I

need, I would also need my own team of HR people. I would need to quadruple my team

and manage that broad spectrum of skills. Third parties have an infrastructure around them

that would be very difficult for me to replicate.”

“Software compliance reviews are not a core competency here, and never will be,”

chimed in IBM’s Stoeber. “An independent third party brings credibility to the process,

and allows our customers to be more open in a non-threatening environment.”

“We don’t have to sell their merits and attributes. Our customers already know that,”

said Ross of Microsoft. “The Big Four really have the market cornered on having every-

one’s respect.”

Resolution Philosophy

No matter what the actual losses due to unlicensed software installations are, everyone

agrees they are significant. Some portion is due to counterfeiting, and software license

compliance programs will typically not identify that type of risk. But a big portion of rev-

enue loss is due to noncompliance with licensing contracts. Whether a publisher takes a

look-back or look-forward approach to settlements, significant amounts of revenue could

be added to the top line.

Best practices are emerging. Compliance programs are taking in far more than they cost

to operate, and companies that already have successful programs in place are planning

to expand them. Others that have not adopted a formal approach are seriously consider-

ing doing so. Not a single respondent to KPMG’s survey said the company planned to

discontinue or downsize an existing compliance program.

A new industry standard for Software Asset Management (SAM), ISO 19770-1, was

released in May of 2006, representing growing awareness of the critical role of SAM

within organizations and of the challenges and complexities associated with governing

SAM programs. A second part to the standard, 19770-2, is currently being developed and

will include requirements for software publishers on tagging their software products to

facilitate easy and accurate discovery by customers.

By its very nature, the software business is different from dealing in physical wares. It is

often difficult to determine if an enterprise is using more than it’s paying for.

Nevertheless, based on our survey findings, publishers that do what’s necessary to

ensure they are justly compensated for their intellectual property are recovering more

revenue than they are investing in the recovery process.


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

KPMG’s Top 10 Recommendations for

Successful Compliance Reviews

Based on our experience working with numer-ous software companies and the results of oursurvey, KPMG has identified these leadingpractices:

• Make license compliance a C-level priority.Having compliance as a top-down priority signals everyone, customers included, thatcompliance merits serious attention.

• License contracts should have clearlystated auditing provisions. Without contrac-tual consent, a publisher’s right to audit issubject to legal interpretation and ambiguities.

• Every license contract should clearlydefine how the publisher verifies compli-ance. Definitions of overdeployment, compli-ance findings, and other important conceptsshould be included as well as some com-mentary on what methods may be applied to understand the entitlement-versus-deploy-ment position. Although approaches mayvary on a case-by-case basis, a broad discus-sion of how compliance findings would beresolved also may be included.

• Customers to be reviewed should beselected deterministically. Random auditingmay reveal the extent of noncompliance andprovide significant value to the publisher.However, a more targeted approach, basedon probabilistic analysis, is far more efficientin focusing on the key issues facing the pub-lisher in the marketplace from a compliancestandpoint.

Continued on next page.

Inadvertent Noncompliance Is an Easy Pitfall

Every software company deserves a return on the value (installation- or usage-based) its

software provides to its customers. Software licensing is a way to establish such com-

pensation mechanisms. However, virtually everyone agrees that millions of dollars of

value go unpaid every year. For software users, it’s not very difficult get to out of compli-

ance with publishers’ contracts.

Here are some of the common reasons for getting into an overdeployed position:

• Complex, vague, and ever-changing licensing and pricing rules. Publishers are frequentlychanging how their software products are licensed. This is typically done in responseto marketplace demands and in an attempt to provide more flexibility to customers.However, a side effect may include creating additional confusion around an already-complex matter. As a result, we have found that a key element of many complianceprograms is customer education as to current usage rights.

• Disconnects between the procurement function that purchases the licenses and the IT department that actually uses the licenses. This disconnect can cause a misunder-standing of the licensing terms and conditions per the contract and may lead toinappropriate use of the software. It is common to find that software is deployed onmachines with a higher number of CPUs than purchased, or using virtualization tech-niques that the licensing metrics either do not allow for or require additional licenses tosupport. Another example is using development licenses in a production environment.Other examples may include granting widespread access to limited-user software orhosting applications to the Internet without actually being entitled to do so.

• Changes to IT environments that modify the use of hardware resources such asservers and workstations that have licensed software installed on them. Although software vendors allow moving software from one server to another if changes in theenvironment occur, the expectation is that once software in reinstalled on a newserver, it is also uninstalled from the older machines. Software users often overlookthis expectation, and before they know it, their environment has more softwaredeployed than they are entitled to.

• Mergers and acquisitions can complicate both entitlements and deployments. When onecompany acquires another, the acquiring company does not automatically inherit any soft-ware licenses that were owned by the company acquired, unless the contract expresslyallows it. Often the acquiring company has no way of knowing what software is beingused by the new entity, or where. Unless due diligence is performed in understanding thenature and extent of software assets and related contracts, the acquiring company may beopening itself to significant liabilities in license and support fees. It is strongly recom-mended that this due diligence be performed and all software assets are appropriatelyassigned before signing on the dotted line.

Survey HighlightsTo establish the authority of this survey and the resulting report, KPMG identified thesecritical criteria:

• Executives polled were from across the software publishing industry, representingenterprises of all sizes.

• These executives have direct responsibility for, or at least a working knowledge of,software license compliance.

In addition to our objective field survey, executive interviews were conducted to validate thekey survey findings. The survey was conducted online from March 27 through May 25, 2007.


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

• Compliance review decisions should bemade with stakeholder participation.Far greater success can be achieved whenconducting a compliance review if it issanctioned by internal stakeholders, suchas sales, legal, and finance, as appropriate.

• Customer discomfort should be dealtwith respectfully. Compliance audits, andmeetings leading up to them, can be diffi-cult. They should be conducted with con-cern for the sensitivities of all involved.

• Ideally, use objective third-party profes-sionals to conduct the reviews. There isnearly universal agreement that third partiesbring resources, experience, and dispas-sionate execution to an otherwise awkwardand demanding engagement.

• Reviews should be designed to leverageinformation the customer already has inplace. Instead of trying to recreate theinventory from scratch (for example, byintroducing external discovery tools) a moreefficient approach in many situations is toperform procedures (such as sample test-ing) that will allow the publisher to rely onthe completeness and accuracy of the customer’s own data. This is not only themost efficient approach but also promotesa healthy long-term relationship and trustbetween the publisher and the customer. In addition, if it turns out the customer didnot get the inventory right, this process willshow the customer where its process wentwrong so it can be corrected going forward.

• Reviews should be a learning experiencefor the customer. Reviews provide oppor-tunities for software publishers to teachcustomers how to better manage their software assets.

• Customers should expect to pay foroverdeployments. It is important to estab-lish from the outset of a compliance-relateddiscussion that overdeployment is no dif-ferent from receiving additional packagedproducts. The software company shouldmake it clear that it expects to be paid forthat overdeployment.

A Significant Impact on the Software IndustryIDC’s 2005 Software Industry Survey concluded that as much as 35 percent of software

applications currently in use are illegally installed, amounting to some USD34 billion in

lost revenue for the industry (these numbers include revenue leakage due to software

piracy as well as unlicensed personal use of software). Seventy-seven percent of those

polled by KPMG in 2007 agreed with the estimate when asked about the accuracy of

that statistic. Nine percent of respondents thought that the amount of revenue loss was

even higher, and 6 percent thought the loss was lower than projected. Interestingly,

though, nearly two thirds of respondents (62 percent) believe their companies have fared

better than the average when considering the magnitude of their losses. Regardless,

almost everyone included in our survey (87 percent) indicated their companies suffer

losses due to unlicensed software use, with 34 percent saying losses to their companies’

top line amount to more than 10 percent, and 21 percent reporting revenue losses higher

than 20 percent.

A 2005 study conducted by IDC on behalf of the Business SoftwareAlliance (BSA) reported 35 percent of software installed on PCs worldwideis unlicensed, amounting to USD34 billion in lost revenue for softwarecompanies. Taking into account the entire universe of software companiesacross the world, do you agree with this estimate?

[RT CHART 1]

Compared with the IDC/BSA survey, what would you say is the percentageof your company’s revenue loss to unlicensed users?


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

0 20 40 60 80 100

6%

77%

9%

9%

g g

I think the actual amount is lower

I think the amount is about right

I think the actual amount is higher

Other

0 20 40 60 80

62%

13%

9%

17%

Below average Average

Above average Don’t know

Does not total 100 percent due to rounding.Source: KPMG LLP, 2007


Question 1:

Question 2:

Most Agree 35% of Software Is Unlicensed

Most Believe Their Company’s Revenue Loss Is Below Average

What is the approximate percentage of your company’s revenue loss dueto unlicensed users?

KPMG’s Analysis

Most of the respondents thought the IDC/BSA survey had it right—35 percent of installed

software is unlicensed and unpaid for. However, nearly all of the respondents believed

their own losses were considerably less than that. The survey figure of USD34 billion

included both overdeployment and pirated software as well as all varieties of software.

KPMG believes the 35 percent figure is affected by significant PC software piracy.

So, while it may be representative of the industry as a whole, the losses for enterprise

software companies due to noncompliance are more in line with the lower losses the

respondents believed they sustained. Thus, the enterprise software segment of the

industry may not have lost USD34 billion, but a quick correlation of respondents’ esti-

mates and their companies’ software revenue strongly corroborates annual losses of

billions of dollars.

License Compliance and Revenue RecoveryProgramsA majority of those polled, 64 percent, said their companies have a software license

compliance program, and of those, 67 percent said executive management is a strong

proponent. According to respondents, none of the companies that now have such a

program has ever discontinued or downsized a license compliance program.

Two thirds of those polled said they apply the program in every country where they do

business. In post-survey interviews with executives at various software publishers, virtu-

ally everyone agreed that there are significant differences when applying these programs

across different regions. Differences in contract law along with different business and

social customs must be considered with regard to how compliance programs are applied.

Of the 36 percent of respondents whose companies do not have a compliance program,

almost 60 percent believe they have no license compliance issues. Almost as many exec-

utives cited resource limitations as the reason for not implementing a program. Others


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

13%

34%

19%

9%

4%

21%

y

0 20 40

34%

0

1–5%

6–10%

11–15%

16–20%

More than 20% Source: KPMG LLP, 2007

Question 3:

A Third Say Revenue Loss Is More Than 10%

are concerned about negative impact on customer relationships, and still others think

that such a program would not have sufficient return on investment to warrant it. A small

group said competitors are not doing compliance reviews, and they don’t want to be at

a competitive disadvantage.

Does your company have a program designed to ensure customer compliance with license agreements?

On a scale of 1–5 how would you rate the extent to which your company’sC-level executives support your compliance program?

1 0 S O F T W A R E L I C E N S E C O M P L I A N C E

64%

0 20 40 60 80

36%

Yes No

67%

33%

0%

0 20 40 60 80

Weak (1–2) Strong (4–5)Neutral (3)

Source: KPMG LLP, 2007


Question 4:

Question 5:

Majority Has a Program to Ensure Compliance with License Agreements

Two Thirds Say C-Level Executives Strongly Support Compliance Program Efforts

© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

In which regions do you operate your compliance program (select all that apply)?

What is the approximate percentage of your company’s total global compliance activity by region?

KPMG’s Analysis

Of the 36 percent of respondents whose companies had no compliance program, more

than half believe they have no compliance issues. This survey finding is consistent with

a minority of the population of publishing companies KPMG encounters in the market-

place. We recommend that those without a program consider running a pilot with a few

customers. The outcome would either confirm their no-problem assumptions or give

them a tangible reason to reconsider having a compliance program.

With regard to customers using software on a global scale, KPMG advises caution

when electing to conduct piecemeal reviews in individual regions. More often than not,

understanding entitlement for global customers requires considering purchases and

S O F T W A R E L I C E N S E C O M P L I A N C E 1 1

© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

In every country in which your company operates

U.S.A.

0 20 40 60 80

Europe

Canada

Other AsiaPacific countries

South America

Mexico

Japan

Africa

Other

66%

34%

24%

24%

17%

17%

17%

14%

7%

3%

55%

32%

13%

0 20 40 60

Americas Europe, Middle East, and Africa Asia Pacific

Small base size, findings are directional only.Source: KPMG LLP, 2007


Question 6:

Question 7:

Two Thirds Operate a Compliance Program in Every Country Where They Do Business

Distribution of Compliance Activity by Region

KPMG recommends that:

• Companies that do not have a

compliance program consider

running pilots with just a few

customers

• Companies use caution when

they elect to conduct piece-

meal reviews in individual

regions

deployments on a global basis. Reviews that are limited to one country only make sense

if entitlements could be determined for that one country. Generally, if license agreements

are global, reviews should be global.

The rate of success in collecting unpaid license fees varies between geographies. In North

America and Western Europe, it is generally easier to collect on findings, even on those

that are relatively insignificant. In Asia, although the magnitude of findings may be much

greater, publishers have found it difficult to collect on them.

Embedded Controls: A “Catch-22”More than half of those polled (53 percent) said that some of their products have soft-

ware that includes embedded controls that help prevent overdeployment. Of these,

68 percent use license validation “keys.” Another 40 percent use node-locking controls.

Twenty percent use third-party commercial license management tools, and 20 percent

use other methods. However, we found in our post-survey interviews that many compa-

nies—particularly those offering large enterprise business applications—thought it was

counterproductive to put controls into their software that may inhibit a customer’s ability

to operate under any circumstances. Their comments can be summed up as, “We think

it’s bad business because automated controls often limit a customer’s ability to run the

production environment effectively and efficiently.”

Does your software include embedded controls to restrict overdeployment?

[INSERT CHART 23]

If your software includes embedded controls to restrict overdeployment,which of the following do you use most frequently (select all that apply)?


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

47%

53%

0 20 40 60

Yes No

68%

40%

20%

20%

0 20 40 60 80

Online validation license key required for activation

Node locking

FlexLM

Other built-in control mechanisms*


*License key issues to an IP/MAC address or range, or similar


Question 8:

Question 9:

Half Say Software Includes Embedded Controls to Restrict Overdeployment

Controls Most Frequently Used to Restrict Overdeployment

Of those without embedded controls, only a few indicated that they had plans to imple-

ment such measures in the future.

If your software does not include embedded controls to restrict over-deployment, does your company have plans to add them?

[INSERT CHART 25]

KPMG’s Analysis

Compliance controls embedded in software can be a double-edged sword. No technolog-

ical solution that exists today would provide 100 percent coverage against overdeployment

or eliminate the need to engage in compliance activities with customers. Some companies

have embraced embedded control technology that can potentially reduce overdeploy-

ment. KPMG advises companies to consider embedded controls carefully while fully

weighing the advantages and disadvantages. For example, KPMG has encountered

publishers that used embedded controls, only to find that the technology makes the

software application more difficult for the customer to use. Some have subsequently

abandoned these embedded controls.

Purchase History and Entitlement Information: To Tell or Not to Tell?According to our survey respondents, software companies could be doing a better job of

helping their customers understand what they have purchased and what types of usage

their license agreements allow. Only 36 percent make such information easily accessible

to their customers, while 43 percent said they share such information on a case-by-case

basis. In addition, the information that is made available may not be as comprehensive

as necessary. While 45 percent said their entitlement information is comprehensive,

55 percent said the data may provide only an average or limited level of understanding.

Interestingly however, almost all respondents think that their companies accurately deter-

mine whether or not a customer calling in for support is entitled to it.

KPMG’s Analysis

We believe this problem involves more than just information clarity and access. As

previously mentioned, the disconnect between procurement and IT can lead to misun-

derstandings about agreed-upon terms and conditions of software use. An effective

practice would provide processes for communicating license terms and conditions to the

people who actually use the software. Sharing entitlement information with customers


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

29%

71%

0 20 40 60 80

Yes No Small base size, findings are directional only.Source: KPMG LLP, 2007

Question 10:

Just over One Quarter Plan to Add Embedded Controls to Restrict Overdeployment

can better enable them to understand what they have, what they need, and whether

or not they are in compliance with the contracts. Having the right baseline information

before a sales discussion with the customer is always a good idea.

Compliance Programs: Elements and Methods To understand the software license landscape, we asked survey participants about the

foundations on which their license agreements were based. In other words, how do

companies license their software and what metrics form the basis of measuring compli-

ance with license agreements? We found that publishers are using a mix of approaches

to license software to customers.

Fifty-seven percent of respondents based their licenses on the number of unique or

registered users, while 54 percent use the number of servers and other machines on

which their software is deployed. Another 54 percent of respondents license their soft-

ware based on the number of concurrent or simultaneous users, and 48 percent use the

per-CPU/Processor model.

Which of these metrics do you use as a basis for your product licenses(select all that apply)?

[INSERT CHART 10]

Almost all respondents (89 percent) said all or some of their contracts include audit

clauses, but only 55 percent said all of their contracts specify such clauses. When it

comes to enforcing their license agreements, publishers do not rely on any one type

of metric for determining where to conduct compliance reviews of their customers

and channel partners. Over half (52 percent) said their compliance review decisions are

triggered by data analytics. In second place, customer history is used by 45 percent of

those polled. Random selection and external information are each used by 28 percent

of respondents’ companies.


Per unique/registered user

Per server/machine

ncurrent/ simultaneous user(high watermark)

Per PC

Per CPU/Processor

umber of employees/ work-ns in the entire organization

0 20 40 60

Other

43%

30%

17%

54%

54%

48%

57%


Question 11:

Use of Metrics as a Basis for Product Licenses

Per unique/registered user

Per server/machine

Per concurrent/simultaneous user (high-water mark)

Per CPU/Processor

Per number of employees/work-stations in the entire organization

Per PC

Other

© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

How many of your license agreements typically include an audit clause that gives your company the right to audit your customers or channel partners?

[INSERT CHART 12]

What criteria do you use to select the individual customers or channelpartners that will be reviewed as part of your software license complianceprogram (select all that apply)?

[INSERT CHART 13]

More than half of those polled said they or third-party firms conducting reviews on their

behalf use proprietary software or internal product capabilities (commands or logs) for

compliance discovery. Thirty-one percent of respondents use nonproprietary (commercial)

software and 28 percent rely on the customers’ own software-asset management tools

or capabilities.


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

11%

89%

0 20 40 60 80

34%

55%

All Some None Source: KPMG LLP, 2007

Question 12:

Most Include an Audit Clause in Some Portion of Their License Agreements

Question 13:

52%

45%

28%

28%

21%

0 20 40 60

Data analytics suggesting higher risk of noncompliance

External informationKnown historical issues your company has had with the licensee/sales force experience and referrals Other

Random selection

*

*E.g., licensee reputation in the marketplace,recommendation by external party


Data Analytics Most Common Criterion for Selecting Audit Subjects

What tools (discovery methods) do you use in your software license compliance program (select all that apply)?

[T CHART 14]

Fifty-four percent of respondents use an independent third-party to perform software

license compliance reviews. This group uses the services of Big Four firms most often.

KPMG’s Analysis

Clearly there are differences in how software companies license their software. It would

probably be easier if there were more consistency, but that is unlikely to happen. There-

fore, it is critical that contracts clearly define how the software company computes

installation and/or usage and how it verifies the chosen approach.

There is disparity in the inclusion of an audit clause in contracts. We strongly urge every

software company to include an audit clause in every enterprise software contract. Even

if the company is unlikely to audit, the clause may encourage compliance. Without that

clause, compliance verification options are somewhat limited.

There is no consensus with regard to the question of compliance-related tools. Today, a

majority of software companies use proprietary tools and capabilities. There is clearly an

opportunity for commercial tools to serve this market, either data analytic tools or some

of the customers’ own software asset–management tools. At first glance, the latter would

appear to be more appealing to customers. Tools may help make the compliance review

process more efficient and save costs for both sides, and they may provide ongoing

capabilities to customers.

As we’ve seen, more than half of respondents use third-party help in conducting compli-

ance reviews.


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

0 20 40 60

52%

31%

28%

17%

p y p g

Question 14:

Half Use Proprietary Tools in Software License Compliance Program

Proprietary tools

Nonproprietary/commercial tools

No tools, we work with whatever SAM capabilities the customer may have in place

OtherSmall base size, findings are directional only.Source: KPMG LLP, 2007

Industry Associations and Standards to the Rescue?We wanted to know if publishers were turning to industry associations or using industry

standards in their attempts to thwart license compliance problems.

Interestingly, a majority of companies represented in our survey indicated that they

do not leverage industry associations for compliance enforcement activities. We tested

for affiliation with the Business Software Alliance and the Software and Information

Industry Association as well as other trade groups with respect to compliance and

enforcement activities.

The SAM standard ISO 19770-1 has been formulated to provide an internationally recog-

nized standard against which organizations can measure the maturity of their software

license compliance programs. It also assists in providing effective support to help IT

departments maintain compliance with legal and contractual requirements and to

demonstrate good corporate governance.

Our survey found that this standard is not well known by software publishers (55 per-

cent of respondents are unfamiliar with it). Of those who are familiar with the standard,

81 percent feel it would benefit the industry. However, 71 percent said a customer’s

19770-1 certification would not influence how compliance program activities are applied

to that customer.

Are you familiar with the ISO SAM Standard 19770-1?

Do you believe the ISO SAM Standard 19770-1 benefits the industry overall?


55%

45%

0 20 40 60

Yes No Source: KPMG LLP, 2007

Question 15:

Slight Majority Not Familiar with ISO SAM Standard 19770-1

19%

81%

0 20 40 60 80 100

Yes NoSmall base size, findings are directional only.Source: KPMG LLP, 2007

Question 16:

8 in 10 of Those Familiar with the Standard Believe It Is Beneficial to the Industry©

200

7 K

PM

G L

LP, a

U.S

. lim

ited

liabi

lity

part

ners

hip

and

a m

embe

r fir

m o

f th

e K

PM

G n

etw

ork

of in

depe

nden

t m

embe

r fir

ms

affil

iate

d w

ith K

PM

G In

tern

atio

nal,

a Sw

iss

coop

erat

ive.

All

right

s re

serv

ed. 0

7032

2

In your opinion, will your company’s future software license complianceactivities be influenced by whether or not a customer is certified under the standard?[INSERT CHART 18]

KPMG’s Analysis

Though ISO SAM Standard 19770-1 can help the companies that implement it with

improving their software license compliance profiles, publishers are reluctant to rely on

the standard in lieu of compliance activities for a number of reasons. First, independent

certification against the standard is not currently available, so publishers would need to

rely on customers’ self-assessments. Second, even if independent certification was avail-

able, it could not address compliance with specific software license agreements, which

is what publishers are really after. Furthermore, other ISO certifications have tended to

focus more on whether you “say what you do” rather than on whether you actually “do

what you say.” Third, as it is written, the standard does not provide adequate guidance

as to how its recommendations should be implemented. Alternatively, KPMG’s Software

Asset Management (SAM) methodology provides enterprises with guidance to help

them move efficiently up the SAM maturity curve, thereby improving their software

compliance profiles as a by-product.

Organizational FootprintOf those polled, 80 percent said that their compliance programs report to either the

sales or finance function. Of these, 47 percent said finance and 33 percent said sales.

The remaining 20 percent said compliance reported to other functional areas, including

legal and internal audit.


29%

71%

0 20 40 60 80

Yes No Small base size, findings are directional only.Source: KPMG LLP, 2007

Question 17:

7 in 10 of Those Familiar with the Standard Say Compliance Activities Will Not Be Influenced by Customer Certification Status

© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

To which functional area does your compliance program report?

INSERT CHART 19]

When it comes to where credit is given for revenue generated for license compliance,

nearly half of those polled (47 percent) said “sales representatives” receive commissions

for compliance revenue. About 17 percent of respondents said both the compliance and

sales organizations share in commissions on compliance revenue, while 13 percent said

that compliance recovery commissions went exclusively to the compliance organization.

Who receives commissions for compliance revenue?

I

NSERT CHART 21]

KPMG’s Analysis

There is no clear trend emerging for where to put a compliance group. Today, about

half report to sales and half to finance. It would be interesting, in a follow-up survey,

to compare the results for those reporting to sales and those reporting to finance.

Advantages in having the compliance program report to finance may include manage-

ment’s existing mindset of compliance and audits as well as objectivity and separation

from the sales force.


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

0 20 40 60

47%

33%

7%

3%

10%

Other

Internal Audit

Sales or Sales Operations

Legal

Finance

47%

13%

7%

0 20 40 60

64%

17%

17%

Sales representatives Compliance professionals

Both sales and compliance Other

Neither



Question 18:

Question 19:

Sales Generally Receives Largest Portion of Compliance Revenue Commissions

Compliance Programs Generally Report to Finance or Sales/Sales Operations

Effects of Compliance Programs on Customer RelationsMost respondents say license compliance activities have a positive or neutral impact on

partner and customer relationships, as demonstrated in the chart below.

In your opinion, on a scale of 1–5, what is the impact of your company’slicense compliance activities on your relationships with channel partnersand direct customers?INSERT CHART 8]

When asked if compliance activities resulted in negative outcomes, 94 percent indicated

that customer loss is very rare or never occurs. Ten percent indicated that litigation

occurs a few times per year as a result of compliance activities. Sixty percent indicated

that the most troubling outcome of compliance activity was that not all revenue due was

collected from the customer.


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

0 20 40 60

43%

40%

17%

Negative (1–2) Neutral (3) Positive (4–5) Source: KPMG LLP, 2007

Question 20:

Impact of License Compliance Activities on Relationships with Channel Partners and Customers

How often does your license compliance program result in each of the following: loss of a customer, less than optimal revenue collected, litigation, or another negative resolution?INSERT CHART 9]

KPMG’s Analysis

Even in the absence of adopted leading practices, compliance-related activities do not

appear to cause problems between software companies and their customers. Most said

the outcome is neutral or positive; very few said it leads to loss of future sales.

With the threat of relationship degradation clearly low-risk, and the prospect of recover-

ing some of the billions of dollars being left on the table, KPMG suggests all publishers

consider employing, or at least piloting, compliance programs. We believe that leading-

practice techniques are emerging and as these become standard operating procedure,

the negative risks will be lower still. Compliance programs have enabled software compa-

nies to engage C-level executives within customer organizations, which in some instances

has led to forging far better relationships than previously existed—ones based on better

transparency for both sides.


Never

Very rarely

A few times per year

More than 10 times per year

Too frequently to measure

Loss of a customer

Less than optimal revenue collected

Litigation

Other negative resolution

0 20 40 60

37%40%

17%27%

57%50%

23%33%

40%13%

10%3%

17%13%

0%

0%

0%

13%

3%

3%

Loss of a customer: 6%

Less than optimal revenue collected: 10%

Litigation: 60%

Other: 39%


Question 21:

License Compliance Program Negatively Impacts Revenue for 60% of Respondents

Never

Very rarely

A few times per year

More than 10 times per year

Too frequently to measure

Loss of a customer

Less than optimal revenue collected

Litigation

Other negative resolution

© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

Measuring Compliance Program SuccessWhile revenue from compliance activities is a strong indicator of the success of software

license compliance programs, many software publishers also consider other metrics.

Thirty-seven percent of respondents said that their compliance programs deliver 5 percent

or more of their ongoing software revenue streams. Included in that group, 7 percent

said that compliance recoveries account for more than 10 percent of top-line revenue.

However, a majority of those polled (57 percent) believe that their compliance programs

contribute 2 percent or less to overall software revenue.

What percentage of your company’s total annual software revenue (both licenses and maintenance) does your software license complianceprogram contribute?INSERT CHART 20]

Exactly half of those surveyed said customer satisfaction is one measure used to gauge

compliance program success. Almost as many (46 percent) use internal control/gover-

nance value to measure effectiveness. Another 39 percent use a return-on-investment

metric, and 29 percent use other key performance indicators.

What financial or other metrics do you use to measure the success of yourcompliance program (select all that apply)?

7%

13%

7%

10%

7%

0 20 40 60

57%

0%–2%

3%–4%

5%–6%

7%–8%

9%–10%

More than 10% Does not total 100 percent due to rounding.Source: KPMG LLP, 2007

Question 22:

Majority Says Software License Compliance Programs Contribute 2% or Less to Software Revenue

39%

29%

50%

46%

0 20 40 60

Customer satisfaction/education

Internal control/governance value

Return on investment

Other

Question 23:

Customer Satisfaction and Internal Control/Governance Value Are Most Frequently Used Metrics



© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

Forty-seven percent of respondents’ companies measure compliance revenue as

reported by the compliance function, while 33 percent do not measure compliance

revenue separately from sales revenue.

KPMG’s Analysis

There is a wide variance in how software companies measure the success of their

compliance programs. There is also a wide variance in how much additional revenue

respondents believe their compliance programs contribute.

At a fundamental level, one measure of success would be return on investment. But

KPMG believes it is not a linear relationship. Compliance programs should be given

credit for any incremental sales resulting from the customer after the customer has

been notified of the compliance review, as often the customer will choose to “true-up”

once notified of the compliance review.

A Forgiving Industry?The settlement philosophies of the companies involved in the polling tend to gravitate

around a middle-ground position. There may be some look-back involved but the settle-

ments tend not to involve complete capture of all overdeployment revenue and rarely

involve recovering the time-value of money (interest). Punitive measures such as fines

are not used by the companies we surveyed. In fact, nearly half (43 percent) of those

surveyed take this middle-ground position, and only 10 percent apply full look-back

actions. One fifth of the respondents said their companies apply no look-back recovery

at all but do rectify current overdeployment. And 13 percent use their findings as a way

to structure new forward-looking deals.

Which of the following best describes your company’s settlement philosophy with respect to customer noncompliance discovered in the course of an audit?


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

43%

20%

10%

p p

13%

13%

0 20 40 60

10%

20%

43%

Rectify overdeployment, including partial look-back (back support only, no interest or audit fee recovery)

Rectify overdeployment, including full look-back (back support, interest, and audit fee recovery)

Rectify overdeployment, however no look-back

Other

Use the findings only as leverage for structuring new deals in a forward-looking sales approach


Question 24:

Customer Noncompliance Settlement Philosophies

Contact Us

For more information about this study,

or about KPMG’s Software License

Compliance practice and capabilities,

please contact the following Technology

Industry practice leaders:

Gary Matuszak

Partner, Global Chair—Information,

Communications & Entertainment

650-404-4858

[email protected]

Tom Lamoureux

Principal, Global Advisory Sector

Leader—Information, Communications

& Entertainment

650-404-5052

[email protected]

KPMG’s Analysis

Forgiveness has its virtues, but today’s compliance-related settlement philosophies err on

the side of forgiveness and create an atmosphere where customers see little downside

to playing fast and loose with compliance—just waiting for the publisher to catch them.

Even when they are caught, they will not be required to pay an amount equal to the cost

of their usage all along. Even in cases where the publisher insists on recovering the full

amount, the customer still benefits from the time-value of money.

KPMG believes there is a lot of room for stricter compliance measures—measures that

would not place compliant customers at a financial disadvantage compared with non-

compliant customers—before significantly running up the relationship risk. In addition to

the obvious higher return, such measures have a more-than-subtle impact on behavior.

There are no ethical issues at play because software companies have a right to receive

compensation for value derived—whether based on installation or usage.

“Fairness” is the right term. It is fair that customers not be penalized for capabilities they

have not used, particularly as noncompliance is mostly unintentional. It is also fair for

software companies to be paid for capabilities their customers have used. By the same

token, companies with compensation based on installation, rather than a usage formula,

rightly make no distinction between deployment and usage. In those cases, if a product

is installed, it should be paid for.

KPMG LLP Can HelpKPMG’s Advisory practice provides our software clients with a comprehensive portfolio

of Licensing Compliance Services. We use a win-win, nonadversarial methodology to

help our clients identify opportunities for revenue recovery through third-party reviews

of their channel partners’ and direct customers’ adherence to license agreements—all

with a professional approach that maintains the underlying business relationship.

We are organized globally with dedicated professionals in KPMG member firms in 148

countries, located in or near the cities where our clients’ customers are likely based.

This proximity means that KPMG’s professionals know local laws, customs, and business

practices, so they can (1) effectively provide a thorough license compliance review, (2)

help our clients’ customers better understand their specific entitlements, and (3) recom-

mend practices that can help ensure future compliance. KPMG’s global methodology

coupled with our regional knowledge and proximity are key reasons why more software

companies rely on us for licensing reviews than on any other Big Four firm.


© 2

007

KP

MG

LLP

, a U

.S. l

imite

d lia

bilit

y pa

rtne

rshi

p an

d a

mem

ber

firm

of

the

KP

MG

net

wor

k of

inde

pend

ent

mem

ber

firm

s af

filia

ted

with

KP

MG

Inte

rnat

iona

l, a

Swis

s co

oper

ativ

e. A

ll rig

hts

rese

rved

. 070

322

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be noguarantee that such information is accurate as of the date it is received or that it will continue to be accurate in thefuture. No one should act on such information without appropriate professional advice after a thorough examinationof the particular situation.

© 2007 KPMG LLP, a U.S. limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative. All rights reserved. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. Microsoft Windows is a registered trademark of Microsoft Corporation. 070322

About the AuthorsTom Lamoureux is KPMG’s Global Advisory Sector Leader—Information, Communications

& Entertainment. He assists technology clients in creating leading processes to improve risk

management and optimize business processes. Tom’s clients include many of the world’s

leading technology companies.

Ron Brill is a partner in KPMG’s Advisory practice where he focuses on helping software clients

with improving software licensing compliance and software asset management. In addition to

Contract Compliance services, Ron is also KPMG’s Global Leader for Software Asset Management

and a frequent speaker at software industry forums.

Abhi Joshi is a director with KPMG’s Advisory practice and has worked with multiple software

companies to build compliance programs. Abhi is also a leading Software Asset Management

practitioner and a speaker at various leading industry conferences on SAM and software compli-

ance. Abhi leads a team of professionals that helps software companies build and run compliance

programs and better manage software and hardware assets.

Contributors

We acknowledge the significant contributions of Vanessa Lo, Christine Wagner, and Dave Boscacci,

who assisted in the development of this report.

us.kpmg.com