IT Due Diligence and Software Licensing: It Pays to Get the Full Picture

In any Merger and Acquisition (M&A) situation, each party wants to arrive at a position of financial certainty. Although inevitably there is a risk – commercial, tax changes, people retention etc. – the due diligence process is there to reduce this.

As I've often said, when it comes to M&A transactions, IT due diligence often gets glossed over or even forgotten amidst all the financial assessments. But, as we’ve also shown, a lack of thorough IT due diligence can be quite costly, even for “low-tech” acquisitions.

This blog will dig into just one aspect of due diligence where ignorance can leave you with costly blind spots:?software licensing.

Every company uses software

Practically any company today uses software in one form or another. Even your window cleaner uses Quicken to print your bill, or Excel to keep track of payments. If you were to purchase that business, and Microsoft or Intuit found out the previous owner hadn’t paid for it, they?could?press charges. In that case, you’d probably just pay for licenses, and that’d be it.

However, when you acquire a business with several employees, each using a full suite of productivity tools, you’re facing a different situation. The risk of an audit increases but also the chances are high your own company let alone the business you buying has a robust software asset management database. Those same software companies won’t be nearly so understanding about a sizable company using pirated copies of their software.

But in the enterprise, there’s far more than word processing, presentations and spreadsheets to worry about. Even companies you don’t think of as “hi-tech” have billing, accounting and customer support software. The larger the company, the more likely they are to have relational databases and more complex applications like CRM and ERP. And when you get into industries like healthcare, engineering and technology services, you’re talking about highly specialized—and expensive— software. Don't forget Open Source ... topic for another day!!!

Hand on heart... are you licensed correctly?

Ask any Software Asset Manager how many times they have been told the version installed is licensed.. to find the agreement does not entitle you to version upgrades.

Is every seat, for every piece of software, used in every department and division of your target company paid for in full and with the rights to use the latest version?

You might be tempted to assume the answer is yes, but that may not be the case. Even if a company representative answered “yes” to this question on a due diligence survey, you can’t assume that person answered truthfully. The respondents themselves may not know the true answer, or in some cases, they simply are trying to make the company look more attractive for acquisition.

Have you accounted for the technical debt?

In a previous article on?Technical Debt , I outlined the impact tech debt has on many businesses and will always exist but it's how you manage and repay the debt that is key. You only ever want to see the top of the iceberg!!! In the context of software licensing, if businesses rely on outdated systems which can no longer be supported by Publishers, they will find themselves with a huge bill to pay as maintenance and upgrade costs add up, and the gap between what infrastructure should be and what it is continues to widen.

An example case of this is with Microsoft SQL 2012 coming to the end of its long-term support in July 2022 (and both Windows 2012 and Windows 2012 R2 extended support ending in October 2023). Purchasing a business carrying such debt will result in:

• Increased ongoing risk to the business operations
• Lack of vendor support
• Increased risk of Cyber Security Attack due to unpatched software due to End of Life
• Unaccounted cost to re-platform databases and likely the application consuming the database

How do I gain clarity?

A combination of methods is needed.

1. Appoint a specialist firm in Software Asset Management (SAM)
2. Use Discovery tooling to go and find every piece of software on the estate
3. Dig out all the licensing contracts/terms from procurement officers
4. Take a top-down approach to assessment focusing on the large software houses like Microsoft; SAP; Oracle etc.
5. Understand the Licensing situation on both sides of the deal as this could mean opportunities for consolidation; modernization or brokering a deal with the software vendor

Vendor Awareness

When these vendors become aware of M&A activity at an organization, they typically investigate these specific areas:

• Has the organization purchased new licenses to account for an increased headcount?
• Are either organization’s systems being absorbed into the other or will they function as two distinct entities?
• Does either organization have license rights to share licensing?
• Does the organization have the right to use the licenses in the countries where they operate?
• What versions of the software are running?
• Has the software been installed into Virtual Desktops which incur a different license?
• Has the software been installed on Personal Devices?
• Have you accounted for software licenses that are locked into a specific number of CPU Cores?

Who will pay?

Whether it’s an office productivity suite or a cloud-based CRM, the company that developed the software has a legal right to the license fees for using it. If your acquisition target hasn’t paid for it, then you have to factor in the real costs to make its licenses compliant.

• Don't ignore to evidence
• Don't avoid due diligence in the 1st place to avoid the risk
• Don't assume ticking the box with a YES, absolves you of accountability

You want to discover this before the deal is signed. The interviewed employees should tell?you?than to tell the authorities. Stressed or upset employees are known to do such things. And you should know about potential future costs ahead of time.

It's also very common during due diligence that IT teams can be defensive and/or territorial when it comes to the M&A discovery process. Techies are built, unfortunately in such a way where it's common to hide such issues. Typically, it's naivety rather than malice.. come on how many times have you gone down to the basement where IT is and asked to have the latest software installed on your laptop as a favour. So bringing in a third party IT services firm to do IT due diligence can go a long way in getting honest, helpful answers from IT personnel that feel besieged.

Legal examination of license agreements in due diligence

All too often the responsibility for license agreement reviews falls to the legal team. The problem here is that typically they are NOT specialists in Software Asset Management and only look at the contractual wording rather than the use-cases in context.

When examining a license agreement as part of due diligence, it first has to be categorized under the types of license agreements just mentioned: First of all, it must be reviewed whether the software is in-licensed or out-licensed. If it is out-licensed, it must be clarified who is its owner, or what exactly entitles the target company to license out the software. If the company acts as owner or as a distributor, separate contractual relationships probably exist in this respect. In addition, in the case of license agreements, the scope and the consideration of the licensing are of interest. Subsequently, the license agreements should be checked for unusual or surprising provisions. When examining license agreements, particular attention should be paid to terms and periods of notice. This provides information on how long the customers or the target company are bound to the license agreements.

Depending on whether the software will be used further after the transaction or not, long terms with long periods of notice or short terms with short periods of notice are favorable. It is critical to take into account the short, medium and long term use of any software. If the purchaser wishes to integrate the target company into an already existing group, they will have to consider the question of how to proceed with the respective software, i.e. whether it is to be retained or retired. If, for example, the purchaser wishes to use a customer relationship management (CRM) system throughout the group, the customer management system previously used by the target company will become redundant and must be able to be terminated as quickly as possible. In such a case, long contract terms would delay the integration of the target company into the existing group. However, if it takes 2yrs + to migrate onto the group platform then this must be accounted for pre-deal to inform the investment costs to retain licenses and support.

License agreements should also be examined in the due diligence process to determine whether they contain so-called “change-of-control clauses”. Change-of-control clauses are agreements for the event that the ownership structure of the target company changes. If this occurs, it triggers a specific legal consequence. If such a “change-of-control clause” exists in the license agreement in question, it must be examined whether the planned transaction meets the change-of-control requirements. If not, the clause is irrelevant to the transaction. If, however, the clause is relevant, the threatened legal consequences must be examined. Typical legal consequences are termination rights for the other party, as well as certain notification obligations, if applicable.

Top Tips

1. Use a 3rd Party Advisory to uncover the truth
2. Ensure Tech Advisory firm and Legal firm work in collaboration
3. Look at your own house first
4. Look at the combined business to make risk-based decisions but also strategic decisions
5. Permit the Tech Due Diligence team ample time to conduct due diligence or accept increased risks which follow
6. Ensure the Post Merger / Separation plans account for the time it takes to consolidate / harmonization of software. Don't forget the people change impact i.e. training and process changes.

Considerations

1. Does your pending acquisition or carve output you at risk for software licensing and other hidden technology costs?
2. Do you have the right advisors at the table?
3. Are you prepared for the need to invest to fix the identified issues?
4. Have factored in the requirement to perform detailed asset audit inside the 1st 100 days?

In closing, don't assume anything when it comes to software asset management reviews. Always air on the side of caution as the potential for fines and reputational damage are simply NOT worth it.