Prepare and Defend Against a Software Audit

A mishandled audit can result in financial consequences far more severe than a slap on the wrist.


This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • Audit defense starts long before you get audited. Negotiating your vendors’ audit rights and maintaining a documented consolidated licensing position ensure that you are not blindsided by a sudden audit request.
  • Notification of an impending audit can cause panic. Don't panic. While the notification will be full of strong language, your best chance of success is to take control of the situation. Prepare a measured response that buys you enough time to get your house in order before you let the vendor in.
  • If a free software asset review sounds too good to be true, then it probably is. If a vendor or one of its partners offers up a free software asset management engagement, they aren’t doing so out of the goodness of their heart — they expect to recoup their costs (and then some) from identified license discrepancies.

Our Advice

Critical Insight

  • The amount of business disruption depends on the scope of the audit, and the size and complexity of the organization coupled with the contractual audit clause in the contract.
  • These highly visible failures can be prevented through effective software asset management practices.
  • As complexity of licensing increases, so do penalties. If the environment is highly complex, prioritize effort by likelihood of audit and spend.
  • Ensure electronic records exist for license documentation to provide fast access for audit and information requests
  • Verify accuracy of discovered data. Ensure all devices on the network are being audited. Without a complete discovery process, data will always be inaccurate.

Impact and Result

  • Being able to respond quickly with accurate data is critical. When deadlines are tight, and internal resources don’t exist, hire a third party as their experience will allow a faster response.
  • Negotiate terms of the audit such as deadlines, proof of license entitlement, and who will complete the audit.
  • Create a methodology to quickly and efficiently respond to audit requests.
  • Conduct annual internal audits.
  • Have a designated cross-functional IT audit team.
  • Prepare documentation in advance.
  • Manage audit logistics to minimize business disruption.
  • Dispute unwarranted findings.


  • Filip Lauwereys, ASIST
  • Richard Spithoven, B.Lay
  • Max Ablimit, Tarim Consulting, LLC
  • Eric Chiu, HW Fisher & Company
  • Three anonymous company contributors

Want to Participate in Our Research?

  • Analyst Interviews: Share your best practices, opinions, tools or templates with your peers.
  • Webinars: Interactive session to keep us focused on topics you want to tackle.
  • Upcoming Workshops: Accelerate your project with an onsite, expert analyst to facilitate a workshop for you. Contact us for more details.

Become a Participant

Get the Complete Storyboard

See how all the steps you need to take come together, with tools and advice to help with each task on your list.

Download Now

Get to Action

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should be prepared and ready to defend against a software audit, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

  1. Prevent an audit

    Begin your proactive audit management journey and leverage value from your software asset management program.

  2. Prepare for an audit

    Prepare for an audit by effectively scoping and consolidating organizational response.

  3. Conduct the audit

    Execute the audit in a way that preserves valuable relationships while accounting for vendor specific criteria.

  4. Manage post-audit activities

     Conduct negotiations, settle on remuneration, and close out the audit.


Guided Implementation icon Guided Implementation

This guided implementation is a thirteen call advisory process.

    Guided Implementation #1 - Prevent an audit

  • Call #1: Red flags leading to increased odds of an audit

  • Call #2: Maturity assessment and conducting an internal audit

  • Call #3: Structuring and preparing an audit team

  • Guided Implementation #2 - Prepare for an audit

  • Call #1: Steps to take upon notification

  • Call #2: Examine the various engagement requests from self-audit to formal

  • Call #3: Defining the scope and how to respond

  • Guided Implementation #3 - Conduct the audit

  • Call #1: Overview of processes conducted

  • Call #2: Kick off and discuss the confirmed audit scope

  • Call #3: Prioritize business continuity

  • Call #4: Working with auditor personality types

  • Guided Implementation #4 - Manage post-audit activities

  • Call #1: Discuss the results of the audit

  • Call #2: Discuss the validity of the findings

  • Call #3: Negotiation terms and close out

Onsite Workshop

Module 1: Prevent an Audit

The Purpose

  • Kick off the project
  • Identify challenges and red flags
  • Determine maturity and outline internal audit
  • Clarify stakeholder responsibilities
  • Build and structure audit team

Key Benefits Achieved

  • Leverage value from your audit management program
  • Begin your proactive audit management journey
  • A documented consolidated licensing position, which ensures that you are not blindsided by a sudden audit request

Activities: Outputs:
1.1 Perform a maturity assessment of the current environment
  • Maturity assessment
1.2 Classify licensing contracts/vendors
1.3 Conduct a software inventory
1.4 Meter application usage
1.5 Manual checks
1.6 Gather software licensing data
1.7 Reconcile licenses
  • Effective license position/license reconciliation
1.8 Create your audit team and assign accountability
  • Audit team RACI chart

Module 2: Prepare for an Audit

The Purpose

  • Create a strategy for audit response
  • Know the types of requests
  • Scope the engagement
  • Understand scheduling challenges
  • Know roles and responsibilities
  • Understand common audit pitfalls
  • Define audit goals

Key Benefits Achieved

  • Take control of the situation and prepare a measured response
  • A dedicated team responsible for all audit-related activities
  • A formalized audit plan containing team responsibilities and audit conduct policies

Activities: Outputs:
2.1 Use Info-Tech’s readiness assessment template
  • Readiness assessment
2.2 Define the scope of the audit
  • Audit scoping email template

Module 3: Conduct the Audit

The Purpose

  • Overview of process conducted
  • Kick-off and self-assessment
  • Identify documentation requirements
  • Prepare required documentation
  • Data validation process
  • Provide resources to enable the auditor
  • Tailor audit management to vendor compliance position
  • Enforce best-practice audit behaviors 

Key Benefits Achieved

  • A successful audit with minimal impact on IT resources
  • Reduced severity of audit findings

Activities: Outputs:
3.1 Communicate audit commencement to staff
  • Audit launch email template

Module 4: Manage Post-Audit Activities

The Purpose

  • Clarify auditor findings and recommendations
  • Access severity of audit findings
  • Develop a plan for refuting unwarranted findings
  • Disclose findings to management
  • Analyze opportunities for remediation
  • Provide remediation options and present potential solutions 

Key Benefits Achieved

  • Ensure your audit was productive and beneficial
  • Improve your ability to manage audits
  • Come to a consensus on which findings truly necessitate organizational change

Activities: Outputs:
4.1 Don't accept the penalties; negotiate with vendors
4.2 Close the audit and assess the financial impact
  • A consensus on which findings truly necessitate organizational change

Workshop Icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now
GET HELP Contact Us
VL Methodology