A typical clause regarding the return of information or destruction of information requires the accounting firm to promptly return to the client all confidential information and information derived therefrom or destroy the information at the request or at the end of the audit by the client. Involuntary consent to such a provision could have unintended consequences. It`s not news that software audits are becoming more frequent and aggressive. In fact, at MetrixData360, we`ve been beating this drum for years. One of the trends we`ve seen is that different vendors are using external auditors to set the licensing position. These external auditors can be audit firms or simply partners of the software provider. In both cases, it is important that you enter into specific non-disclosure agreements to protect yourself, as in many cases they provide an incentive to fill a license gap. Many companies make far too little effort to enter into appropriate non-disclosure agreements during software audits. Some companies even completely neglect NDAs during the audit process, believing that they have no leverage to demand adequate protection of the information that auditors will ask them to provide.
This is a mistake that can cost a company millions. The most important thing you want to achieve in this non-disclosure agreement is to make sure that you (the external auditor) cannot share data with the organization that commissioned the audit without your consent. It may sound simple, but in our experience, without a non-disclosure agreement, these external auditors will often exchange data before it has been signed by your team. The result is that the provider sees the first incorrect versions of the ELP. This can include development and test environments, out-of-scope products, and more. This often causes them to predict purchases for you based on incorrect data, and it`s harder to get them to accept the right data when they`re done. Client requests for confidentiality agreements or non-disclosure agreements (NDAs) are becoming common in accounting. CPAs receive requests for confidentiality agreements both as part of exploratory discussions on future business relationships and in the context of actual service agreements for clients. The problem for accounting firms is that many NDAs contain standard provisions that may conflict with professional standards and public accountancy laws.
Non-disclosure agreements also generally prohibit disclosure by the customer`s supplier to third parties. This type of provision may be acceptable to suppliers who are not subject to professional standards, but CPAs may be required to share working papers with an unaffiliated third party, for example as part of a peer review. It is therefore good practice to add an exception to this type of provision that allows the accounting firm to share its working papers for peer review or in response to legal proceedings, such as a subpoena.B. Setting client expectations for this engagement at the beginning of an engagement avoids unnecessary conflicts later on. The auditor signs a confidentiality agreement and forwards it to IBM only for the period under investigation, which are due and payable. Clients of accounting firms increasingly need non-disclosure agreements before the engagement begins. However, the typical NDA form has not been designed with the accounting-client relationship in mind and can therefore lead to false customer expectations and unexpected conflicts with professional standards and legal requirements. Therefore, accounting firms should be vigilant when reviewing standard non-disclosure agreements or service agreements with non-disclosure provisions. While it may be acceptable to use a standard confidentiality agreement for discussions about a possible future business relationship between the parties, the terms of such a “prospecting” agreement should be terminated before entering into a definitive service contract. At this point, accounting firms should pay close attention to the three topics mentioned above. When in doubt, look for a lawyer who is aware of the unique issues THAT CPAs face.
It is important to remember that these external auditors work for the supplier and are also paid by them. In most cases, we understand that they are rewarded for deficiencies in their driver`s license. They run their scripts, ask you for various deployment data, and present you with an ELP that compares your permissions to your deployments and identifies licensing gaps. It is important to note that the first PELs they present to you are imperfect and contain false assumptions. They will then present evidence and work to ensure that it is correct. In our experience, these first ELPs lean strongly in favour of the supplier. You don`t want them to assume that these first PELs are representative of your true licensing position. This is where the non-disclosure agreement comes into play. An NDA is often the only way to close the scope of a software audit. Many software vendors and their hired auditors may refuse to consider full pre-audit agreements. However, most generally agree to negotiate non-disclosure agreements to control the processing of audit data. An audited entity must make the most of this opportunity by ensuring that the data to be disclosed is relevant to the type of questions it is allowed to ask.
Here are some important points to keep in mind: NDAs offered by auditors often contain no restrictions on the confidential information they can share with their customers, the software companies. Audited companies must ensure that the audit information that can be reported in the NDA is defined in such a way as to comply with the terms of the control license agreements. For example, state laws, such as Section 473.318, Laws of Florida, provide that working papers are the property of the accounting firm, unless otherwise expressly agreed with the client. If an accounting firm agrees to return this type of information in accordance with the NDA, it may get stuck without the working papers necessary to comply with professional and peer-reviewed standards. In addition, the “Requests for Documents” interpretation in the AICPA Code (ET ยง1.400.200) contains specific provisions for the return of client documents as well as for files prepared by members, results of members` work and working documents. . . .