Not Bearish On Audit Clauses
The English Court Provides Clarification on the Scope and Operation of Audit Rights
May 09, 2023DownloadsDownload Article
For a small bear Paddington has made an unusual number of appearances in the Courts. Quite apart from his appearance in the Criminal Courts, memorialized in Paddington 2 in 2017, he appeared in the Civil Courts in 2022 by way of Pixdene Limited v Paddington and Company Limited  EWHC 2765 (IPEC).
Pixdene is one of the rare cases on audit clauses – the rights in most licensing contracts that enable the licensor to carry out some verification of amounts due from a licensee. The judgement provides a detailed examination of what may and may not be done under the terms of what was, in many ways, a very standard clause. This should be required reading for all those who exercise audit rights in contracts, and for all those on the receiving end.
The audit clause at issue was short – 57 words – but not much more so than usual. It reads:
“During the term of this Agreement a third party auditor may, upon prior written notice to Paddington and not more than once per every two year period, inspect the agreements and any other business records of Paddington with respect to the relevant records or associated matters during normal working hours to verify Paddington's compliance with this Agreement.”
The Court was asked to consider 10 issues, five of which will be especially familiar to those regularly involved with audits:
- Whether the audit could go ahead even if the auditor refused to sign an NDA with the licensee.
- Whether the auditor was entitled to copies of documents inspected and the extent to which these could be provided to the licensor.
- Whether the auditor must simply report its conclusions and the extent to which it may support these with documentary evidence.
- The extent to which the licensee was entitled to redact documents made available to the auditor.
- Access to documents held by third parties.
It is pretty much routine for auditors to be asked to sign an NDA before they are given access to the licensee’s information. It is also routine for negotiation of the NDA to become a vehicle for delay through insistence by a reluctant licensee on heavy constraints on the auditors. Those constraints may be in terms of the documents to be provided, redaction of information, the form of reporting and communications between auditor and licensor, as well as other matters such as liability and indemnities.
Many of these matters were dealt with explicitly under each of the 10 issues before the Court. As regards the need for an NDA, the Court noted that the licensee – Paddington – accepted that it had no right to require a third-party auditor to enter into a NDA and that the audit rights were not dependent upon the auditor doing so.
This is significant: if licensees wish to insist upon auditors signing an NDA then this should be explicitly stated. Some well-known software vendor clauses provide for this by offering a confidentiality undertaking but most do not.
Entitlement to copies
In most cases licensees accept that auditors are entitled to copies of the documents and records they wish to inspect but this is not invariable and was not the case in this matter. The Court helpfully decided that a right to copies could be implied into the right to inspect and explicitly mentioned professional obligations on the auditor to retain records of its work and advice.
The licensor claimed that it was reasonable to require copies of documents to be provided in advance of the audit so as to facilitate the audit process. This was robustly rejected by the Court absent any specific requirement in the audit clause to this effect. As it is very common practice to start an audit with a request for information to be provided in advance, licensors that wish to operate in this way should make sure this is reflected in the audit clause.
The audit report
The Court noted that the clause provided for a third- party auditor. It concluded that the licensee could not therefore conduct the audit itself and was not entitled to receive the documents to which the auditor was to be given access.
Paddington argued for severe limitations on what the auditor could report to Pixdene and that no confidential information could be provided. The Court decided that a limited disclosure right should be implied, covering only the information necessary for the licensor to properly understand the auditor’s report. It helpfully specified that the report should include:
- the conclusion reached on the audit (i.e. whether or not Paddington has complied with its obligations under the license agreement);
- the basis of that conclusion and, if an underpayment is found;
- what further sums are due from Paddington; and
- the basis of calculation of such sums.
This is clear and straightforward. Market practice is generally to remove or anonymise sensitive licensee information in reports – eg server names, identities of individual users, customer names etc – because that information is rarely necessary for the licensor to understand the audit report.
What may be necessary will vary: in some circumstances, for example, the detailed IT architecture might need to be described in order to explain a conclusion on license interpretation, and an accounting treatment might need to be set out in detail to explain a calculation. The Court was clear that confidentiality is not a bar to disclosure of necessary information.
Redaction by licensees is a common issue in executing audit clauses. Reasons given by licensees include third party obligations of confidentiality, data privacy, national security, commercial sensitivity and many others. Redaction during the audit (as opposed to in the reporting stage) can be problematic for the auditor because it can make it hard to establish the context of records and to verify the completeness of information provided. It can also be very time consuming for the licensee and therefore disruptive to the audit timetable.
The Court was clear that the auditor was entitled to see unredacted information confidential to the licensee and to third parties, provided it was necessary for the audit (and not privileged). The Court placed weight on the professional obligations of the auditor in reaching this decision: whether this will extend to auditors who are not, for example, qualified accountants or otherwise regulated, remains to be seen.
Access to documents held by third parties
The parties were also in dispute as to whether the auditor should have access to records which were not held by the licensee but to which the licensee had a right of access. This is a frequent area of discussion in audit contexts, especially where, for example, records are held by other group companies, or by a reseller or distributor or perhaps an IT outsourcer, depending upon context. Access to these is often denied, or at least constrained, but it appears that the Court will support an auditor’s request if there is a contractual right for the licensee to have access to these.
Taken together, the judgement provides useful clarity and broad support for the audit process, except for the clear rejection of any obligation to provide information to the auditor in advance.
One critical area for audit success that was not covered is the auditor’s right to verify the information which is provided to it. This remains the most contested area of audits in practice, particularly in relation to completeness. To conclude on completeness auditors need to look where things – software, IP use and so on – are not supposed to be. That means a right of access to documents which the licensee denies are relevant. This is not a theoretical problem given the advice which some licensees receive to the effect that if software use is not obvious licensees can avoid detection by rejecting access requests for testing. To address that problem we have to recall Lord Denning’s judgment in Fomento Sterling Area1 to the effect that a royalty auditor is entitled not to accept a licensee’s assertion but to put it to the test. It is surprising that this has not come before the courts since: until it does our leading royalty audit cases are set by a bear from Peru and a judgment about ballpoint pens, coincidentally both in their 65th year.
1: Fomento (Sterling Area) Ltd v Selsdon Fountain Pen Co. Ltd and Others  1 All ER 11
Most Popular Insights
- 10 Global Cybersecurity Predictions for 2024
- Global CFO Survey 2024
- Bridging the Gap Between Artificial Intelligence Implementation, Governance, and Democracy: An Operational and Regulatory Perspective
- The Power of Positive Paranoia: A Key Trait for Every CEO and General Counsel in 2024
- A Targeted Approach is Key to Implementing AI