COPYRIGHT COMPLIANCE REVIEW
Audit No. 02-058
Computer software copyright compliance is a significant
issue with the potential to affect all business and governmental entities.
The various rules and regulations regarding computer software licensing
create a myriad of compliance issues that must be addressed.
The unauthorized use of computer programs and applications is termed
“Software piracy.” Types of
piracy include the following:
Software piracy is illegal, and thus creates a liability
for both the individual and an organization.
The penalty for civil copyright infringement is a fine up to $100,000 per
title infringed; a willful criminal violation carries fines up to $250,000 per
title infringed and up to five years imprisonment.
UNT has several computer policies and guidelines that assist in computer use and security. These policies are based on guidelines established by the Texas Department of Information Resources (DIR), The Copyright Act of 1976 (Title 17 of the U.S. Code), and the No Electronic Theft (NET) Act of 1997. UNT Policy 22.214.171.124 states that (1) computer software, computer data, and/or software manuals may not be copied or transmitted electronically without appropriate prior consent, and (2) computer installations will take appropriate and reasonable steps to inhibit attempts to obtain unauthorized copies of computer software, computer data, and/or software manuals. Additionally, UNT Policy 3.10 states “All commercial software and many other digital materials are covered by a copyright of some form. The unauthorized duplication and distribution of software and other copyrighted materials (including copyrighted music, graphics etc) is a violation of copyright law and this policy.”
Internal Audit has completed a review
of computer software copyright compliance at UNT. The objective was to evaluate conformity with Texas
Department of Information Resources guidelines and UNT policy, as well as
industry best practices. To achieve
the objective, Internal Audit performed the following procedures:
· Interviewed key personnel to gain an understanding of copyright compliance issues and current centralized processes; and
Surveyed network managers and evaluated responses related to
software copyright controls in the distributed environment.
Based on procedures performed, it appears UNT is in compliance with the primary objectives of DIR guidelines and UNT policy. The following guidelines (controls) appear to be in place and functioning as intended:
However, the following item suggests
an opportunity to further strengthen the overall control environment related to
computer software copyright compliance at UNT.
Informational and Training Materials
Written informational and training
materials related to software copyright compliance exist in only one of eighteen
network manager departments surveyed. Without
such documentation, the following issues could arise:
· Inconsistent and/or inaccurate interpretation of copyright compliance standards;
· Diminished ability on the part of network managers to enforce copyright compliance; and
Inability to demonstrate appropriate diligence to external
In order to demonstrate attentiveness to copyright infringement issues, Internal Audit suggested that software copyright material related to compliance and industry best practices be developed and distributed to all network managers.