Software audits: how do they work and how do you protect yourself?
Software audits are a proven business model for suppliers and an expensive surprise for clients. How does an audit work, which suppliers carry them out, and how do you protect yourself?
- 1 March 2025
- 5 min
A software audit comes as an unexpected and costly surprise for many organisations. Suppliers send a letter, demand insight into software use, and the outcome often leads to additional charges ranging from tens of thousands to millions of euros. How exactly does this work, and how do you protect yourself?
How does a software audit work?
Almost every enterprise software contract contains an audit clause. This grants the supplier the right, with some notice, to check whether you are using the software in accordance with the licence agreement. In practice, an audit proceeds in three steps:
Notification: The supplier or an external audit party (often KPMG, Deloitte or a specialised firm) sends a formal audit notification
Inventory: You are asked to provide data about software installations, users, servers, and deployment environments
Outcome: The auditor compares actual usage with the purchased licences. Discrepancies lead to additional charges
Why are audits carried out more frequently?
Software audits are a proven business model for suppliers. For large clients, audits almost always yield results; licence models are complex, rules change regularly, and most organisations do not keep an up-to-date licence overview.
Factors increasing the likelihood of an audit include: contract renewal is approaching, the organisation has grown or merged, there has been an acquisition of the supplier (such as VMware by Broadcom), or the supplier has released new product versions with changed licence terms.
How do you protect yourself?
The best protection is preparation:
Keep an up-to-date licence overview. Know what you have purchased, what is installed, and how many active users there are
Read the audit clause. How much notice must the supplier give? How long can the audit last? Who bears the costs?
Do not respond immediately. After receiving an audit notification, you always have time to respond. Seek guidance from an independent party before sharing data
Negotiate the outcome. Even if there is a discrepancy, additional charges are negotiable. A supplier has an interest in maintaining the relationship
Frequently Asked Questions
The most commonly asked questions on this topic.
What is a software audit?
A software audit is a formal check by a software supplier or an external auditor to verify whether an organisation is using its software in accordance with the licence agreement. Audit rights are standardly included in almost all enterprise software contracts.
Which suppliers carry out audits?
Almost all major software suppliers — Microsoft, Oracle, SAP, IBM, Adobe, Autodesk — regularly carry out audits with clients. Tier 2 & 3 suppliers do so less frequently, but the right is always contractually reserved.
What are the consequences of a negative audit?
Additional charges plus penalties, sometimes reaching two or three times the normal licence price. Additionally, the supplier may require you to immediately purchase additional licences on their terms, with no room for negotiation.
Ready to save on software?
SoftVaro negotiates the best deal for you with over 4,000 suppliers. Independent, transparent, within 24 hours.