Three Ways to Avoid a Software Audit

One rainy afternoon several years ago, I waited in a parking lot for a leasing company representative to pick up my car. I leased that car three years earlier so it was time to return it. Unfortunately, I exceeded the mileage in the agreement so I had to provide the representative with a check before he would take back my car. I exceeded the mileage by 3,000 miles and the penalty was 25 cents per mile.

When software auditors come knocking on your door, they are looking to see if your organization has exceeded the number of licenses purchased. Similar to how a penalty is applied for exceeding mileage on a leased car, a penalty is applied when you exceed your license count. These penalties can be very expensive, especially for smaller organizations. To make things worse, many organizations don’t know if they have exceeded their license count and if so, by how many.

Software Vendor Partners and Software Audits

To avoid damaging relationships with customers, software vendors commonly use partners to perform their software audits.

An article posted regarding Microsoft software audits states: “Most often we are seeing Microsoft approach customers via email to conduct a self-audit, but we also see the more invasive, third-party types of audit that will send a shiver down any CIO’s spine.”

Why would Software Vendor Partners Want to Perform Software Audits?

Partners who perform software audits usually receive a percentage of the proceeds from penalties and true-up costs that are billed to an organization for any unlicensed software discovered during the audit. To avoid being targeted by software auditors, you need to understand the motivation of most software auditors—money.

How Can I Avoid a Software Audit?

Software audits are expensive for software vendors and their partners to perform. I recommend three things for any organization looking to avoid a software audit.

  1. Use ITAM software tools
  2. Build accurate software license reports
  3. Demonstrate understanding of your software license agreements

Use ITAM Software Tools

With IT Asset Management (ITAM) similar to document management software programs tools in place, you will properly discover software assets installed on your network. You will also have normalization capabilities, which will prevent inaccurate software license reporting that is a result of inaccurate data in your database.

ITAM tools that see software utilization can help recover unutilized software licenses. This can be a life-saving feature, or at a minimum, a job saving feature if you exceed your license count and are facing an upcoming software audit. Many organizations have been able to save or re-appropriate funds when renewing software licenses after removing software that is never used by employees.


When organizations manage their software using ITAM processes and software, they discourage software auditors hoping to make money from penalties and true-up costs that result from discovering unlicensed software.

In a study, Express Metrics claims: “Respondents whose organizations have implemented IT asset management (ITAM) tools report a 32% lower audit rate within the last two years than organizations with no such tools.”

Dashboard Blog 4

Build Accurate Software License Reports

Building accurate software reports is critical if you wish to avoid a full software audit. Often times, your software vendor or their third-party contractor will request a report that shows how many licenses you own versus how many you are using. If you are able to provide reports that are accurate and easy to understand, you can avoid a visit from the software auditing team.

Build reports similar to the software auditor’s reports. If your software license report looks like the software auditor’s report, you could lessen the chances that the software auditor will follow up by performing a full onsite software audit. Software audit report templates are available online.

  • Avoid contacting your software vendor or their partners to find sample/template reports.

This might raise a red flag from the software vendor’s perspective which could result in a date with the software auditor. Be advised that some software vendor partners not only sell licenses, they also do software audits.

If the software auditor decides to run their own software tools to build reports, it will be important to have your own software audit reports to address any discrepancies. The worst thing any organization can do is sit back and accept the findings of a software auditor at face value. Mistakes that favor the software auditor will result in unnecessary costs.

Demonstrate Understanding of Your Software License Agreements

It is important to understand your software license agreements, especially if you have to answer questions raised by a software auditor. Much like sharks will target an area where there is blood in the water, software auditors target organizations with a lack of knowledge about their contracts. When software auditors sense compliance issues they might see dollar signs, so if you demonstrate poor understanding about how your software licensing is structured, prepare to spend a day with the auditor at your location.


There is no indication that software audits are slowing down, so to avoid unexpected expenses as a result of a software audit, organizations should invest in ITAM tools. In a gated Gartner report published May 28, 2014. Gartner claimed:

Tracking license entitlement has become a priority for many organizations as a means to alleviate the anxiety caused by annual software vendor audit. Gartner has seen an exponential increase in the number of contracts it has received from customers looking to purchase an SLOE tool during the past nine months. We don’t expect this trend to slow down…”

No organization is immune from a software audit, however, organizations that demonstrate a good understanding about what they have through accurate software license reports will not be targeted as often as those who demonstrate poor ITAM practices.

-follow me on Twitter @marcelshaw

About Marcel Shaw 61 Articles
Marcel Shaw is a technology blogger focusing on ITSM, ITAM, and Endpoint Management at Marcel has worked as technical consultant for more than 25 years for industry leading IT companies with a focus on United States government agencies. Marcel's experience also includes working as a legal expert witness for IT management. Marcel writes about industry technology trends and best practices. He incorporates his views and his many years of experience to provide unique technology advice for people that manage and support IT solutions. Marcel Shaw graduated from Brigham Young University in 1991. Marcel has worked in both pre-sales and post-sales roles for companies such as Softsolutions, Novell, Dell, Softricity, Gateway, Landesk, and Ivanti. Marcel’s expertise and experience include networking technologies (LAN, WAN), IP infrastructure. Internet Caching technology, Storage and Fibre technology (SAN), Security Standards and Technologies, Document Management, Directory Services (NDS, AD, LDAP), Federal Security Standards and Requirements (DIACAP, FDCC, USGCB), ITIL, Asset Management (ITAM), endpoint Management, and endpoint security. Marcel has worked extensively with United States federal agencies solving IT problems. These agencies include USDA, NIST, FDA, DEA, DHS, FBI, DHA, Whitehouse Communications, Army, Air Force, Navy, Joint Task Force, NIH, Social Security Administration, IRS, NOAA, and FAA among others. All of Marcel's posts are edited by Carrie Shaw (@carrieshaw). She is not only a very good editor, but a great wife. Thank You