A software audit is a publisher review that compares deployed usage against purchased entitlement, and the resulting compliance gap often lands on a buyer in the months after a deal closes.
What is software audit? A software audit is a formal review by a publisher that measures how much of its software an organisation actually uses against what it has paid for. Where deployment exceeds entitlement, the publisher issues a compliance finding and a bill. In M&A this matters because audit risk is inherited. A target that has under licensed for years carries that exposure into the deal, and the audit frequently arrives after close, when the buyer owns both the estate and the liability that comes with it.
Publishers watch for ownership change because it signals a moment when usage and entitlement may no longer line up. A merger, carve out or rapid integration can multiply users, copy environments, or move workloads onto new hardware, all of which can breach a license metric. The publisher does not need to prove intent. It needs only to show that deployment exceeds entitlement, and the burden of disproving the claim sits with the new owner.
The largest audit exposures cluster around a familiar set of publishers. Oracle, SAP, Microsoft and IBM have long run structured audit programs, and Broadcom following its VMware acquisition, along with Salesforce and ServiceNow, have raised the stakes in recent years. Each uses different metrics, from processor cores to named users to indirect access, and each metric is a way a combined estate can slip out of compliance without anyone noticing.
Public disputes show how large these findings become. As of June 2026, reporting on SAP described a reported 600 million dollar claim against AB InBev and a reported 60 million claim against Diageo, both turning on disputed and indirect usage. These figures underline why a software audit is a deal issue, not just an IT housekeeping task, and why buyers quantify the exposure before they sign rather than discovering it in an audit letter.
The defence against an audit is an effective license position, a reconciled view of what the organisation is entitled to set against what it actually runs. Built before close, it tells the buyer where the gaps are, what they would cost to cure, and where the publisher has overstated a claim. Built only after an audit letter arrives, the same exercise becomes a scramble under a clock the publisher controls. Audit response is commercial and licensing advisory, not legal advice.
| Publisher | Common metric | Where the combined estate slips |
|---|---|---|
| Oracle | Processor and named user plus | Virtualisation and cores on new hardware |
| SAP | Named users and indirect access | Third party systems calling SAP data |
| Microsoft | Per user, per core, CALs | User growth and duplicated environments |
| IBM | PVU sub capacity | Untracked deployments and missing reporting |
| Broadcom VMware | Per core subscription | Repackaged bundles after renewal changes |
Related reading: see the M&A software glossary hub, plus effective license position and indirect access.
Map and quantify the licensing exposure in your target or portfolio before it becomes a post close audit. Independent, buyer side, paid only by the acquirer.
Talk to a software M&A advisor