Software Vendor Audits – 8 Things you need to know

1. What are Software Vendor Audits?

Software vendor audits are how software publishers like Microsoft, Oracle, IBM, Adobe and SAP protect themselves from intentional and unintentional software theft, by periodically request that customers perform an audit to make sure that they are adequately licensed for all the software they have deployed.

Customers effectively agree to abide by these terms when they install software, making the right to audit legally binding.

2. What types of Software Audit are there?

There are several dynamics to consider when discussing software vendor audits. They can be an internal audit – best-practice SAM exercise, or external audits; either a formal procedure instigated by software vendors, or they can arise as part of a conversation with vendors or resellers, such as a ‘SAM Review’ or when discussing what you may need to buy.

Internal Audits

There are many reasons as to why you may choose to conduct an internal audit:

  • Verify license your compliance and identify risks
  • Track and report on software and associated usage
  • Quality Assurance, a Health check on the software being used
  • Investigate cost-reducing license optimization opportunities
  • Comply with industry / corporate standards and legal requirements

External Audits

External software audits are typically initiated with a formal letter in the mail. If your request comes via an email or telephone call, it is more likely a software review (also called SAM Engagement, Self-Audit or Software Compliance Review).

Be mindful that an audit and a review are different; SAM reviews are conducted voluntarily, but audits are something that you are legally obligated to adhere to. (Although if declined, SAM reviews can often result in an official audit).

 The golden rule is to always be aware that any time you submit information to a vendor or agree to undergo the scrutiny of a formal audit, you are disclosing confidential information that could lead to unplanned expenditure – if you’re not fully in control of your software licensing.

Therefore, think cui bono – who gains?

Formal vendor audits are usually funded by the vendors and they’ll bring in a partner at their expense – would they do this if they were not confident of a significant return?

Resellers are in business to sell you volume licenses – should you pay them to perform an audit for you and then buy whatever they recommend is needed? How can you ensure confidentiality? This presents a potential conflict of interest.

Or should you work out your licensing strategy independently? Either in-house or with a trusted SAM partner with no conflicting commercial interest to sell you anything other than their licensing optimization expertise?

3. Why are Software Audits a Risk?

Software audits happen because software licensing is notoriously complex and challenging to manage at scale. It’s important to remember that you don’t actually own software, you buy the rights to use software under the terms which you agree. As a result, software publishers reserve the right to ensure that all software products deployed are being paid for, but at the same time it’s incredibly easy to make extremely costly mistakes and to routinely over-spend on software that delivers no value (as much as 30% of software purchased is never used!).

So, unbudgeted expenditure aside, undergoing software vendor audits can also be a lengthy, disruptive, stressful and generally painful experience.

Make no mistake – the act of deploying software usually means you are entering into a legal agreement with the vendor, as laid out within their End User License Agreement or ‘EULA’. That means that they have a right to conduct the audit and if you need to atone for any errors or under-licensing, you have to do so within a fixed number of days as dictated by terms of the EULA.

If you don’t agree with the results of the audit, it’s up to you to provide evidence to challenge it – in extreme cases ending up in a court battle that can cause significant reputational damage to the business and seldom ends well.

4. What is an Independent Software Audit?

To protect your business and avoid the cost and disruption of software vendor audits, you have two options;

  • Have a robust SAM in-house SAM program, with the skilled people, processes and technology to stay in control of your licensing.
  • Augment or outsource your in-house team with a trusted independent SAM partner like Certero, who can perform an internal audit for you directly and advise you on precisely how you to mitigate any risk and optimize your licensing to reduce costs.

Both of these approaches mean you can stay informed and in control and will be able to easily prove it to a vendor in the event of an audit, or even likely avoid the audit altogether.

There’s additional cost and security benefits too, SAM identifies all your software, so you can easily identify any potential security vulnerabilities quickly, understand precisely where your company data resides and be able to progress an optimal licensing strategy, buying precisely what you need and not over-spending.

The audit process is really about identifying your Effective License Position (ELP) – an evidenced and agreed position that shows how correctly you are licensed at a point in time. An independent SAM partner can provide this for you as a emergency Audit Defense Service, a tactical ELP and Optimization service, or can sustain the value of this clarity through an on-going SAM Managed Service.

With each, the independent SAM partner will apply their knowledge and expertise to finding every possible cost-benefit for your business and particularly under a 12-month SAM Managed Service. They will work closely with your business to understand your strategy and actively guide you through a series of recommended actions, that will optimize your licensing and reduce costs as much as is possible.

5. Which Software Vendors are likely to Audit?

As you might expect, the big-ticket ‘Tier 1’ software vendors are the most likely to instigate a formal audit with you, because these are the vendors with which you will likely be spending the most money:

The Top 10 Auditors, as reported by Gartner in 2021

#1 Oracle

#2 IBM


#4 SA

#5 VMWare

#6 Micro Focus

#7 BMC

#8 OpenText

#9 Quest Software

#10 Adobe  

It’s worth paying close attention to your relationships with these vendors as it’s easy to feel like they may ‘request an audit with you at the worst possible time’, but in reality, there are patterns and events that make it logical for them to take that interest in your business.

6. What causes a Software Vendor to Audit?

Consider that all software vendors deploy a multitude of tactics to keep you within their ecosystems and on the treadmill of steadily increasing spending. This means that they know the cycles with which you should be spending and the rates at which your spending should be increasing.

So, trigger-points and red-flags for audit activity can be found everywhere, including:

  • Routines and major renewals – you are more likely to incur the soft-touch ‘lets see what you’re using’ approach, but still – any event where by you need to disclose information is a risk and the vendor has a vested interest to maneuver you into a position. Also, the more complex your agreement, the higher the risk.
  • Change – anytime the complexity of your organisation increases such as with Mergers, Acquisitions and Divestitures (MAD) activity, there’s a new scope to contend with and a high chance of being out of control – blood in the water for auditors.
  • The 3yr Cycle – Obviously following an audit and being found lacking, you will have to spend considerably to bring your organization back into compliance. So, where do you go from there? Do you invest in SAM and put measures in place to ensure the nightmare you’ve just experienced doesn’t happen again? Or… do you consider it done and dusted? Happy that the vendor will leave you alone now for…about 3years? It’s just enough time for you to get significantly out of control again and then guess what…?
  • Times are Hard – This one isn’t within your ability to control. Any times where the software vendor’s sales teams are struggling to hit their numbers because there is a pandemic or some other disruption, is a risk for you. Audit activity generates revenue, particularly approaching the vendor’s end of year…
  • The difficult break-up – “It’s not you, it’s me” might ease the pain slightly, but if you really want to start seeing other people and dating other software vendors, watch out. Your Ex has an ace up their sleeve that could see you out of the dating game for good. Spending less will be noticed, vendors and their resellers talk, so beware. If you’re moving away you’d better be on top of your licensing or you could find yourself with a huge bill that you can only mitigate by investing further in the technology you wanted to move away from. Another reason why SAM is for life, not just for Christmas.
  • Whistleblowers – can report unlicensed software use to organizations such as the British Software Alliance or the Federation Against Software Theft. Beware of that disgruntled employee or better yet… proactively manage your software licensing!
  • Loose lips, Sink Ships – Vendors are always listening. Whether your techie is speaking to them regarding an upcoming project or your support team has requested some additional help – any changes or deployments in your environment can flag license audits. Vendors can sometimes send informal ‘questionnaires’ to be filled out by a database admin, who unknowingly, incorrectly declares an exposure and the vendor will hold you to account – if you want to question it, you’re in an audit.
  • Downloads – Some software vendors allow you to freely download software from their website, its important to remember they may be able to see exactly who is downloading what. If your downloading something that you are not entitled to use this will be a sign of non-compliance and may trigger an audit.

7. What is Software Audit Defense?

Software Audit Defense is exactly as it sounds – an ‘emergency’ service provided by independent SAM partners who can rapidly come to your aid, as soon as the letter arrives from the software vendor, requesting a formal audit.

There are lots of reasons why this is a shrewd move, your SAM partner should be able to help control the scope and scale of the audit, help to establish a much more commercially favorable Effective License Position (ELP) for you by limiting any under-licensing exposures and leverage any incumbent extra value in your complex licensing agreements.

Your SAM partner will expertly guide you through your communications with the vendor. At this point, it’s contract law and so having a team of hugely experienced SAM consultant in your corner, means they can help to take the stress and uncertainty away.

From advising on timescales and scope, to providing strategic guidance on what to buy (without having any interest in selling it to you), your trusted SAM partner’s Software Audit Defense Service will save you money, precisely as costs could otherwise spiral out of control.

8. Can you Challenge a Software Audit?

Did you know… It is possible to challenge the results of a formal vendor audit, even after it is complete? This remarkable case study from independent SAM partner Certero, demonstrates how they were able to bring in their superior SAM technology and expertise and identify inaccuracies in the formally sponsored report, providing evidence that successfully reduced the customer’s bill with Microsoft by over $140,000!

If you’re concerned about software vendor audits or would like to know more about how you can create or super-charge a robust Software Asset Management function, then contact Certero today and discover truly independent, SAM technology solutions, Services and expertise to help you stay in control!

Follow us on Linkedin for more SAM


Read more like this from

Ready to Speak to the Team that Makes Our Customers So Happy?

Certero’s [software-as-a-service] Solution

Certero help organizations transform their outdated operations and technologies in days and weeks not years. All of Certero’s solutions can be delivered as SaaS with no loss of functionality. 

Certero Unified Platform
Learn more about Certero’s truly unique ‘unified’ platform.

Digital Transformation Edition
Transform in days and weeks, not months and years, start your journey now.

Verified Oracle LMS/GLAS Solution
Verified LMS (License Management Services), now GLAS (Global Licensing & Advisory Services) solution.

Cloud Management
Manage Visibility, Cost and Governance of your Cloud Resources 

Enterprise Standard Edition – ITAM / SAM for Wintel
Default solution to manage ITAM/SAM for a Wintel environment. 

Enterprise Premium Edition – ITAM / SAM for Wintel
All you need in one place to manage your ITAM/SAM for a Wintel & Citrix environment. 

Stand-a-lone or holistic solutions for IBM, SAP and Oracle.

Software License Compliance
One Stop Shop, products and services for any solution – all in one

Business Intelligence Solution
See how to turn DATA into INFORMATION then transform into KNOWLEDGE, all in a few clicks. 

IT Asset Visibility
Find out: What do I own? Where is it located? Who is using it?

ITSM & CMDB Integration 
Populating the CMDB with ‘Quality’ asset information is more critical than ever

SaaS Subscription Management
Discover, manage and optimize your SaaS investments.

Everything in One place, True Unification

IT Hardware, Software, SaaS and Cloud Asset Management products that can run ‘stand-a-lone’ or ‘holistically’ and optimally together as a single solution, no dependencies. True unification across all asset and platforms and all delivered as SaaS. All of Certero’s products have the best TTV (Time to Value) by some distance.

Certero for Enterprise ITAM
Networks, printers, routers, Wintel, Mac, Linux, zLinux, Unix, all virtualizations and much more….

Certero for Enterprise SAM
Focused on Wintel software vendors, including automated solutions for Microsoft, Adobe and much more…

Certero App Centre 
Enterprise ‘Application Portal’ for Self-Service application provisioning.

Certero for Mobile
Go beyond standard MDM and deliver full management and security for your mobile workforce.

Certero SRDB (Software Recognition)
Transform raw software inventory data into actionable intelligence about application usage and licensing.

Certero for Oracle 
Optimize your Oracle Database, Middleware and E-Business Suite applications.

Certero for IBM
Discover and manage all IBM software & entitlements across the network. Dual Inventory, ILMT and Certero.

Certero for SAP Applications
Managing and automating the analysis of complex SAP named user and engine licenses across your estate. 

An intuitive self-service password reset solution that can reduce service desk calls by 30%. 

PC Power Management solution. Save money and reduce your carbon footprint. 

Certero Channel Partner Program

Our Partner Program opens up Certero solutions to a global network of partners – enabling customers to work with the trusted solution and service providers that know them best.

Join the Partner Program
Information on tiers and ease of doing business.

Deal Registrations 
Submit your deal-registrations.

Launching the Program
Highest-rated major SAM vendor on Gartner Peer Insights, launch global Partner Program.

Gartner Peer Insights Customers’ Choice

Rated #1 for SAM Customer Satisfaction year after year, after year

For the latest in ITAM, SAM, Cloud and SaaS Asset Management

White Papers and eBooks 
Download the latest white papers and eBooks for key insights and guides.

Read the latest news from Certero and the industry.

Events and Webinars
Keep up to date with Certero’s latest webinars and events.


View our range of product videos, webinars and customer case studies. 

Data Sheets
Download our datasheets which highlight the key benefits and features of our world class products and services. 

Case Studies 
See how organization around the globe change they way they [Do IT].

We think [and do] IT Differently

We don’t believe in claiming to be something we’re not. We will not do mediocre, average, indifferent, or outdated. We are different and will do it differently.

About Us
Get to know us more

Our Story
See how our approach is different

Our Journey
A timeline of events

Our Vision, Mission and Purpose
Mission, Purpose and Values

Browse our current roles

Find our nearest location