Establishing the Parameters of the Audit
The provisions for any audit should be carefully negotiated and incorporated into the governing agreement to avoid future disputes. In negotiating the terms of any audit, the parties should carefully consider the parameters of the audit.
Perhaps the most important issue from the audited party’s perspective is the issue of confidentiality. No audit should begin until the auditing party and all members of the audit team, as well as those who will receive the audit report, have executed a nondisclosure agreement requiring each such individual to maintain the confidentiality of all information disclosed during the audit. This is especially true if the auditing party is a competitor of the audited party. If the parties are competitors, the audited party should insist that an independent third party, such as a nationally recognized accounting firm, conduct the audit and that only the final report be provided to the auditing party. If the parties are direct competitors in a highly competitive niche market, the information may be so sensitive that the audited party should insist that the results be provided only to the auditing party’s outside attorneys. See, e.g., Pitney Bowes Inc. v. Broadvision, Inc., 2010 WL 3292981 (S.D.N.Y. Aug 16, 2010). The auditing party should recognize that the work product of and correspondence with an “independent” third party auditor hired by its counsel to conduct the audit may not be protected by the attorney client work product privilege and any information discovered by the independent auditor may be discoverable by the audited party. See, Columbia Data Products, Inc. v. Autonomy Corporation Limited, 2012 WL 6212898 (D. Mass. Dec. 12, 2012)(Audit results requested by and provided to licensor’s attorneys were not prepared in anticipation of litigation and thus not subject to work product privilege; attorney client privilege did not apply because audit report was disclosed to the audited party).
Most parties will not allow their employees to sign a nondisclosure agreement directly with a third party, such as the audited party. Instead, they argue that the employee has already signed a nondisclosure agreement with the auditing party and that the auditing party in turn has signed a nondisclosure agreement with the audited party. While this reasoning may be acceptable for the auditing party’s employees, the audited party should require all third-party consultants and contractors to sign nondisclosure agreements directly with the audited party. Use of disclosed information should be limited solely for the purposes of the audit and for no other purpose. For example, if a licensee is being audited to confirm that the licensee is not utilizing more licenses than it has purchased, the audit team should not be permitted to undertake any other activity other than to count the number of licenses in use.
2. Scope of the Audit
An audited party should seek to place strict limits on the scope of any audit to limit ill-defined “treasure hunts.” A well-drafted audit clause should set forth the time period during which the auditing party can request to conduct an audit. Limitations should be placed on how far back the auditing party can audit and how frequently the auditing party can conduct an audit. For example, the audited party should seek to limit the auditing party’s right to request an audit to the term of the agreement and for six months after its termination, while limiting any audit of the vendor’s financial records to the period two years prior to the date of the audit request.
To avoid placing an undue burden on the audited party, the audit should take place at the target’s place of business during normal business hours or at the location of the relevant records and the auditing party should be required to provide the audited party with at least 10 business days’ prior written notice of the audit, be limited to requesting an audit only once in any 12-month period, and limit the type of records that must be made available to the auditing party to those strictly necessary to achieve the stated parameters and agreed upon scope of the audit. Although many licensees seek to require the licensor to conduct the audit during normal business hours, some licensees seek to have the audit conducted outside of normal business hours to limit the impact the audit tools used by the licensor may have on the licensee’s information technology systems.
A well-written audit clause will also obligate the audited party to cooperate with the auditing party and set forth how any deficiencies identified by the audit will be addressed. Further, the audited party should seek the contractual right to review and comment on the independent auditor’s report prior to the report being sent to the auditing party.
Finally, the audited party should be required to pay any under-payment and fines and penalties within 30 days of a finding of an underpayment. Similarly, in the event the audit finds an overpayment, the customer should be required to refund any such overpayment within 30 days of the completion of the audit.
At a minimum, at audit should address the following:
The requirement for the parties to execute a non-disclosure agreement
The obligation of the audited party to co-operate with the audit
The frequency of audits
The time period the audit will cover
The subject matter of the audit
What aspects of the contract can be audited
How much advance notice of the audit must be provided
During what time period of the day can the audit take place
Who may conduct the audit
What records may be reviewed, i.e. physical and electronic
How long must the party subject to audit retain the relevant information
Can the auditing party retain or make copies of documents
Access to third party records
The payment of any fees for under or overpayment
The payment of interest on under or over payments
Dispute resolution procedures
The right of the audited party to review and comment on the finding if the audit was conducted by a third party.
3. Reimbursement of Costs
Reimbursement for the costs incurred during an audit can be contentious. The audited party often seeks compensation for the internal costs it incurs in preparing for and supporting the audit. The auditing party often seeks to include language in the audit provision allowing the auditing party to recover its costs in the event it is discovered that the audited party has underreported the revenue due the auditing party by 5 percent or more. Five percent is often considered to be “material” and thus serves as an appropriate threshold for the auditing party to recover its costs. A prudent party, however, will require the underreported revenue to exceed a minimum dollar threshold before the auditing party is entitled to recover its costs. The intent is to avoid a situation where the fees recovered are 5 percent or greater but the cost of conducting the audit significantly exceeds the underreported fees. In the event the audited party intentionally underreports the fees due the licensor, the audited party should pay all costs and fees associated with the audit. Nonetheless, the audited party should insist on an absolute limit on the costs it may be required to reimburse the auditing party, which would typically be stated as a fixed dollar amount in the range of $10,000 to $50,000 depending on the scope of the audit.