SOFTWARE COPYRIGHT COMPLIANCE REVIEW
Audit No. 02-058 

BACKGROUND 

Computer software copyright compliance is a significant issue with the potential to affect all business and governmental entities.  The various rules and regulations regarding computer software licensing create a myriad of compliance issues that must be addressed.  The unauthorized use of computer programs and applications is termed “Software piracy.”  Types of piracy include the following: 

• Purchasing a single user license and loading the software onto multiple computers or a server (softloading);
• Making, distributing and/or selling copies that appear to be from an authorized source  (counterfeiting);
• Renting software without permission from the copyright holder;
• Distributing and/or selling software that has been "unbundled" or separated from the products with which it was intended to have been bundled; and
• Downloading copyright software from the Internet or bulletin boards without permission from the copyright holder.

Software piracy is illegal, and thus creates a liability for both the individual and an organization.  The penalty for civil copyright infringement is a fine up to $100,000 per title infringed; a willful criminal violation carries fines up to $250,000 per title infringed and up to five years imprisonment. 

UNT has several computer policies and guidelines that assist in computer use and security.  These policies are based on guidelines established by the Texas Department of Information Resources (DIR), The Copyright Act of 1976 (Title 17 of the U.S. Code), and the No Electronic Theft (NET) Act of 1997.  UNT Policy 3.6.4.4 states that (1) computer software, computer data, and/or software manuals may not be copied or transmitted electronically without appropriate prior consent, and (2) computer installations will take appropriate and reasonable steps to inhibit attempts to obtain unauthorized copies of computer software, computer data, and/or software manuals.  Additionally, UNT Policy 3.10 states “All commercial software and many other digital materials are covered by a copyright of some form. The unauthorized duplication and distribution of software and other copyrighted materials (including copyrighted music, graphics etc) is a violation of copyright law and this policy.”

 OBJECTIVE/SCOPE 

Internal Audit has completed a review of computer software copyright compliance at UNT.  The objective was to evaluate conformity with Texas Department of Information Resources guidelines and UNT policy, as well as industry best practices.  To achieve the objective, Internal Audit performed the following procedures: 

·        Interviewed key personnel to gain an understanding of copyright compliance issues and current centralized processes; and

·        Surveyed network managers and evaluated responses related to software copyright controls in the distributed environment.  

RESULTS 

Based on procedures performed, it appears UNT is in compliance with the primary objectives of DIR guidelines and UNT policy.  The following guidelines (controls) appear to be in place and functioning as intended: 

• Procedures for acquiring and registering software have been established;
• A software manager has been appointed;
• A periodic review is performed on all PC's;
• A software code of ethics has been implemented;
• A library of software licenses is maintained;
• Use of personal software on University PC's is in compliance with the license agreement for that particular software; and
• If personal software is loaded onto a University PC, the supporting purchase documentation has been turned over to the department, or the owner has agreed to be responsible for providing the documentation upon request.

However, the following item suggests an opportunity to further strengthen the overall control environment related to computer software copyright compliance at UNT. 

Informational and Training Materials 

Written informational and training materials related to software copyright compliance exist in only one of eighteen network manager departments surveyed.  Without such documentation, the following issues could arise: 

·        Inconsistent and/or inaccurate interpretation of copyright compliance standards;

·        Diminished ability on the part of network managers to enforce copyright compliance; and

·        Inability to demonstrate appropriate diligence to external entities. 

In order to demonstrate attentiveness to copyright infringement issues, Internal Audit suggested that software copyright material related to compliance and industry best practices be developed and distributed to all network managers.