The point when a Software Vendor chooses to perform a software review (an ‘audit’ in old money) of their software deployed within an organisation can be triggered by many different actions.
Whilst most vendors will deny it, the primary objective for auditing will be to recover revenue based on inappropriately or under licensed software (be it accidental or intentional).
A vendor will never tell you the real reason.
There are the more obvious triggers.
- Vendors compliance teams compare the size of your software portfolio against that of your competitors.
- Perceived unavailability of information relating to compliance position or controls.
- Changes to infrastructure (e.g. virtualisation, consolidation, data centre moves).
- Dropping maintenance and support.
- Previous ‘non-compliance’ history.
- It’s simply ‘your turn’ … however normally quantified by one of the other triggers.