Software audits: how do they work and how do you protect yourself?
Software audits are a proven business model for vendors and a costly surprise for customers. How does an audit work, which vendors conduct them, and how do you protect yourself?
- March 1, 2025
- 5 min
A software audit is an unexpected and costly surprise for many organisations. Vendors send a letter, request insight into software usage, and the outcome often leads to additional charges ranging from tens of thousands to millions of euros. How does this work exactly, and how do you protect yourself?
How does a software audit work?
Almost every enterprise software contract contains an audit clause. This gives the vendor the right, with some prior notice, to check whether you are using the software according to the license agreement. In practice, an audit proceeds in three steps:
Announcement: The vendor or an external audit party (often KPMG, Deloitte or a specialised firm) sends a formal audit notification
Inventory: You are asked to provide data about software installations, users, servers, and deployment environments
Outcome: The auditor compares the actual usage with the purchased licenses. Discrepancies lead to additional charges
Why are audits being conducted more frequently?
Software audits are a proven business model for vendors. For large clients, an audit almost always yields results; license models are complex, rules change regularly, and most organisations do not maintain an up-to-date license overview.
Factors increasing the chance of an audit include: approaching contract renewal, organisational growth or merger, a vendor acquisition (such as VMware by Broadcom), or the vendor has released new product versions with changed license terms.
How do you protect yourself?
The best protection is preparation:
Keep an up-to-date license overview. Know what you have purchased, what is installed, and how many active users there are
Read the audit clause. How much notice must the vendor provide? How long may the audit last? Who bears the costs?
Do not respond immediately. After receiving an audit notification, you always have time to respond. Get guidance from an independent party before sharing data
Negotiate the outcome. Even if there is a discrepancy, additional charges are negotiable. A vendor has an interest in maintaining the relationship
Frequently Asked Questions
The most common questions about this topic.
What is a software audit?
A software audit is a formal review by a software vendor or an external auditor to verify whether an organisation is using its software in accordance with the license agreement. Audit rights are standardly included in almost all enterprise software contracts.
Which vendors conduct audits?
Almost all large software vendors, including Microsoft, Oracle, SAP, IBM, Adobe, Autodesk, regularly conduct audits with customers. Tier 2 & 3 vendors do so less frequently, but the right is always contractually reserved.
What are the consequences of a negative audit?
Additional charges plus fines, sometimes amounting to two or three times the normal license price. In addition, the vendor may require you to immediately purchase additional licenses, on their terms, without room for negotiation.
Ready to save on software?
SoftVaro negotiates the best deal on your behalf with over 4,000 suppliers. Independent, transparent, within 24 hours.