Software audits: how do they work and how do you protect yourself?
Software audits are a proven business model for vendors and a costly surprise for customers. How does an audit work, which vendors carry them out, and how do you protect yourself?
- March 1, 2025
- 5 min
A software audit often comes as an unexpected and costly surprise for many organizations. Vendors send a letter, demand insight into software usage, and the outcome regularly results in additional charges ranging from tens of thousands to millions of euros. How exactly does this work, and how do you protect yourself?
How does a software audit work?
Almost every enterprise software contract contains an audit clause. This gives the vendor the right, with some notice, to verify whether you are using the software in accordance with the license agreement. In practice, an audit proceeds in three steps:
Notification: The vendor or an external audit party (often KPMG, Deloitte, or a specialized firm) sends a formal audit notification
Inventory: You are asked to provide data about software installations, users, servers, and deployment environments
Outcome: The auditor compares the actual usage with the purchased licenses. Discrepancies lead to additional charges
Why are audits increasingly performed?
Software audits are a proven business model for vendors. With large customers, an audit almost always results in additional revenue; license models are complex, rules change regularly, and most organizations do not keep an up-to-date license overview.
Factors increasing the likelihood of an audit: contract renewal is approaching, the organization has grown or merged, there has been a vendor acquisition (such as VMware by Broadcom), or the vendor has released new product versions with changed license terms.
How do you protect yourself?
The best protection is preparation:
Keep an up-to-date license overview. Know what you have purchased, what is installed, and how many active users there are
Read the audit clause. How much notice must the vendor give? How long can the audit last? Who bears the costs?
Do not respond immediately. After receiving an audit notification, you always have time to respond. Get support from an independent party before sharing data
Negotiate the outcome. Even if there is a discrepancy, the additional charges are negotiable. A vendor has an interest in preserving the relationship
Frequently Asked Questions
The most asked questions about this topic.
What is a software audit?
A software audit is a formal review by a software vendor or an external auditor to verify whether an organization is using its software according to the license agreement. Audit rights are standardly included in almost all enterprise software contracts.
Which vendors perform audits?
Almost all major software vendors—Microsoft, Oracle, SAP, IBM, Adobe, Autodesk—conduct audits regularly with customers. Tier 2 & 3 vendors do so less frequently, but the right is always contractually reserved.
What are the consequences of a negative audit?
Additional charges plus fines, sometimes amounting to two or three times the normal license price. Additionally, the vendor may require you to purchase supplementary licenses immediately, on their terms, without room for negotiation.
Ready to save on software?
SoftVaro negotiates the best deal on your behalf with over 4,000 suppliers. Independent, transparent, within 24 hours.