A software audit is a daunting situation for any organization – one that creates demands and stress on IT staff and threatens costly penalties for noncompliance with licensing agreements.
The first step to take after being notified of a software audit is to contact the vendor to determine the scope of the audit. Depending on the answer, it may be possible to proactively address any shortfalls and circumvent the audit entirely. For example, the scope of the audit may include only certain products, a subset of users’ computers, defined time periods or specific locations.
Organizations must clearly understand the type of software audit that is being requested, and which organization is conducting the audit — the vendor, a watchdog association or a third party (usually a public accounting firm).
If BSA | The Business Sofware Alliance or Software and Information Industry Association is conducting the proceedings, for example, a formal contractual audit may not be required. The review might instead call for a self-audit, where the software vendor requires the business to create a comprehensive list of the software it uses, along with details about versions, users and hardware. The results of the self-audit determine whether it will be extended into a formal audit.