Software Audit Defence — Complete Guide

The audit letter just arrived — your first 48 hours

The single most important thing in the first 48 hours: do NOT respond to the vendor directly. Buy time. Every sentence you email the vendor becomes evidence. Our audit defence service is typically engaged within 72 hours of an audit letter.

Key actions 48h-72h: (1) lock down deployment and usage data collection, (2) notify internal legal, (3) identify the named vendor auditor (Deloitte, KPMG, EY, PwC, or vendor-internal), (4) request the audit scope letter in writing.

Oracle audits — what's actually being measured

Oracle audits measure two things: processor counts against PVU/NUP entitlements, and sub-capacity compliance on virtualised infrastructure. Oracle's interpretation of 'hard partitioning' is aggressive; most VMware environments are non-compliant by vendor interpretation.

See Oracle audit defence and Oracle on VMware licensing.

Microsoft audits — SAM Engagement vs formal audit

Microsoft typically starts with a 'SAM Engagement' (friendly tone) that's actually an audit. Never treat a SAM Engagement as informal — your data submissions become discoverable in any follow-on formal audit.

Read the real mechanics of Microsoft SAM Engagement.

SAP audits and the S/4HANA conversion trap

SAP audits are often preludes to an S/4HANA upgrade push — the vendor finds indirect-access non-compliance, then offers to 'resolve it' through an S/4HANA deal. Decouple the two conversations.

Our SAP service handles the entangled audit + migration negotiation.

IBM audits and the ILMT sub-capacity trap

Any IBM sub-capacity customer who has not run ILMT correctly for the trailing 30 days is exposed to full-capacity billing. ILMT misconfiguration audit findings regularly run $5-20M on enterprises running AIX or WebSphere.

See IBM service and ILMT glossary.

Settlement negotiation — why initial claims are 2-5x real exposure

Vendor initial audit claims are negotiating positions, not legal assessments. Claims of $10M typically settle at $2-4M. But only if the buyer has the evidence, the patience, and the willingness to go to arbitration if needed.

Read our anonymised $7M to $1.8M audit settlement case study.

Why audit defence is a specialist function

Legal counsel handles the legal process. Accounting firms handle the arithmetic. But software audit defence requires a third skill: vendor-licensing architecture expertise, typically held by former vendor-side auditors. That's our bench.

We engage as the buyer-side specialist alongside your legal team.

Cost of audit defence engagement

Our audit defence engagements run on the same 25% gainshare model — our fee is 25% of the verified reduction from the initial claim. A $10M initial claim reduced to $2M means $8M of savings; our fee is $2M; you keep $6M and have paid zero upfront.

If an audit notice just arrived, book a free estimate within 48 hours.

Frequently asked questions

Related reading

• Software Audit Defence service
• Oracle audit defence
• Microsoft SAM response
• SAP audit defence
• IBM ILMT audit defence