When it comes to keeping records demonstrating how and when your company acquired software licenses, you can never have too much of a good thing. Businesses typically have good procedures in place to track things like invoices and license certificates, but those kinds of documents do not always tell the whole story. Even if they did, having some backup can be helpful when purchases fall through the cracks. Those cracks can be very costly in the event of an audit, when auditors will expect the company either to demonstrate what it owns or else to be prepared to purchase (or re-purchase) licenses to cover any gaps discovered as a result of the investigation.

The “gold standard” for license documentation is an invoice from an authorized license reseller or distributor that includes the date of the purchase, the name, edition and version of the product, the quantity of licenses purchased, the price paid, and, ideally, the name of the company purchasing the license. However, there are several alternatives to that gold standard to keep in mind when searching for license records:

  • License certificates. Some companies like Adobe or Symantec sometimes issue license certificates identifying the kinds and quantities of product licenses acquired for their products through resellers. These records typically are just as reliable as dated invoices (if not more so, since they come directly from the publishers), though they also are less common. Note: I include Microsoft’s Volume License Statement in this category – the MVLS is not a paper certificate, but it carries just as much weight when proving what Microsoft licenses your company owns.
  • Register receipts. Receipts from retailers like Best Buy or Walmart also are acceptable, provided they clearly identify what was purchased. However, points are deducted here due to the lack of a purchaser name on the receipt. In most cases, that would not be a big problem, but corporate structures and questions regarding who purchased what sometimes are critical during license reviews.
  • Purchase orders. Most auditors will not accept internal purchase orders as proof of license ownership, no matter how detailed they are, with two principal exceptions: (1) Order documents that clearly indicate they were signed and accepted by a publisher or reseller, the name of the publisher/reseller representatives who accepted them, and the dates that they were accepted, or (2) Order documents that are accompanied by financial account records demonstrating that the PO amount was paid to the reseller within a few days after the date of the PO.
  • Serial numbers. For many publishers (notably including Microsoft), providing the serial numbers for licenses previously purchased will get you nowhere because the publishers do not track ownership of licenses associated with those numbers. There are exceptions, however, and chief among those is Autodesk. Those numbers are registered with Autodesk when the software is installed along with the licensee’s name and contact information. As long as a company is confident that it accurately submitted that information to Autodesk and that the records will demonstrate that the serial numbers are registered to it, then this can be a perfectly viable option in the event of an Autodesk audit. However, complications arise when, for example, an employee’s information is registered in lieu of the company’s. These issues sometimes can be addressed during the course of the audit, but they also may complicate a resolution.
  • E-mails. Occasionally, a company will receive product licenses as part of an incentive offer or even as an award by the software publisher. We all like free things, but it remains critical to document when, how and on whose authority the company acquired such licenses. E-mails and other communications often are the only records that accompany such entitlements, so they must be retained just like dated invoices for as long as the company intends to use the software in question. E-mails also often help to supplement other kinds of license records, like purchase orders.
  • Other records. The above list is not exhaustive, but what remains tends to be more difficult to characterize and can vary on a case-by-case basis. One good example is the original system configuration records that Dell maintains for the computer systems it builds and sells. Using the Service Tag number that Dell applies to all of its systems, it usually is possible to obtain from Dell’s website a list of all hardware and pre-installed software components shipped with a computer. That list includes the date that a system was shipped and sometimes is acceptable proof of license ownership in the event of an audit. Another class of records we have seen from time to time are employee reimbursement documents that may show an employee having been reimbursed by the company for software purchased to perform company work.

Companies need to implement strong internal controls to recognize, secure and maintain any and all documentation demonstrating ownership of license for software products, and they need to have systems in place that make it easy to locate and retrieve that documentation on demand.