Why Software Vendors Are Auditing More in 2025 And How to Stay Ready

By bedigital on October 30th, 2025
Text graphic displaying the blog title ‘Why Software Vendors Are Auditing More in 2025 and How to Stay Ready’ with the bedigital logo icon.

If it feels like software audits are popping up more often, you’re not imagining it.
In 2025, 62% of organisations were audited by at least one major vendor (Gartner Market Insights, 2025), up from just 40% two years ago. For large enterprises, that number climbs to 66%.

Software vendors are tightening compliance controls, turning audits into a predictable revenue stream, and focusing their attention on the growing complexity of hybrid and cloud estates. Nobody’s immune, not even the most mature IT Asset Management (ITAM) teams.

So what’s behind this surge? And more importantly, how can you stay one step ahead when the audit letter arrives?

Let’s unpack it.

Audits as a revenue strategy

Audits used to be about compliance. In more recent years, they’re about cash.

According to Gartner, 87% of vendors now use audits as a structured revenue strategy, not a last-resort compliance mechanism. When growth targets slip or subscription renewals stall, the audit engine revs up.

IBM, RedHat, Oracle, and now Broadcom (post VMware acquisition) are among the most active. Their goal is to recover “lost” revenue and nudge customers toward more lucrative subscription or cloud models.

The result is a sharp rise in unexpected liabilities, with 32% of organisations now reporting audit penalties exceeding £1 million.

It’s not personal. It’s business. But it’s also a warning shot.

The cloud and subscription shift

If you’ve moved part of your estate to SaaS or hybrid cloud, congratulations, you’ve also stepped into the most complex licensing environment ever.

Cloud migrations make licensing much more complicated, especially in BYOL (Bring Your Own License) scenarios, where boundaries between entitlements, instances and actual usage become increasingly blurred.

Missteps are easy: undercounted virtual machines, misaligned user metrics, or double-counted hybrid licenses. Vendors know this, and they audit accordingly.

Broadcom’s VMware audits jumped 45% after its acquisition, targeting customers who hadn’t transitioned to new subscription models. From what we’re seeing, RedHat, too, has ramped up audits lately, chasing revenue through stricter subscription enforcement.

As the market shifts from perpetual ownership to subscription consumption, audits are becoming the lever vendors pull to accelerate your move.

What really triggers an audit

You might think audits are random. They’re not.

Audits tend to follow predictable patterns. They often cluster around moments of business change such as mergers, vendor renewals, restructures, or major cloud migrations. These events draw attention from vendor account teams who want to validate compliance before renewing or consolidating contracts.

They can also be triggered by operational signals such as rapid license growth, new account ownership, or major version upgrades that prompt a compliance review. Contract anniversaries are another common trigger, as vendors use renewal cycles to reconcile entitlements and usage.

Broadcom’s post-merger VMware audit surge is a clear example. It’s a deliberate strategy to enforce subscription migrations, verify inherited entitlements, and tighten customer control. It’s precisely this kind of timing that makes proactive license management before renewal cycles essential.

The complexity gap

Hybrid IT is a blessing for flexibility, but a nightmare for compliance.

Different license metrics, regional entitlements, and third-party integrations create blind spots. Over 40% of organisations admit to accidental non-compliance due to hybrid licensing gaps.

Even strong ITAM teams struggle to maintain visibility across multi-cloud estates and evolving user models. It’s not neglect, it’s the sheer pace of change.

Without continuous ELP (Effective License Position) reviews and clear entitlement repositories, those gaps can turn into audit findings fast.

Who’s auditing the most in 2025

According to Flexera’s 2025 State of ITAM report, the “big four” remain firmly in charge of audit activity.

  • Microsoft (50%) focuses on cloud usage validation and hybrid licensing anomalies.
  • IBM (37%) often uses external auditors such as Deloitte or KPMG to target mainframe and middleware estates.
  • SAP (32%) continues aggressive reviews around indirect access and cloud migration.
  • Oracle (29%) leverages audit rights before renewals or infrastructure changes.
  • Broadcom and VMware are the fastest growing players post-acquisition, using audits to enforce their subscription-first strategy.

At bedigital, we’ve seen the same trend up close. In one case, our independent ITAM audit defence service helped a FTSE 250 financial services client avoid significant penalties during a Broadcom initiated VMware audit, achieving full compliance before data submission.

How to stay audit ready?

Audit readiness isn’t about paranoia. It’s about control.

The organisations that navigate audits smoothly aren’t luckier, they’re prepared. Here’s how they do it.

  1. Run regular ELP reviews. Annual or semi-annual checks reveal discrepancies before the auditor does.
  2. Centralise entitlements. Keep one authoritative source of truth across on-prem, SaaS, and hybrid.
  3. Review contract audit clauses. Know exactly what access rights vendors have and when they can trigger an audit.
  4. Conduct independent pre-audit assessments. Vendor-neutral ITAM reviews often uncover hidden risk areas that vendor tools don’t flag.
  5. Train cross-functional teams. Audit response isn’t just IT’s job; procurement, finance, and legal all play critical roles.

As we often say at bedigital: “Audit readiness isn’t just about compliance, it’s about control. The earlier you assess your licensing position, the more leverage you have when the audit letter arrives.”

The bottom line

Software audits aren’t slowing down in 2025, they’re accelerating.

Driven by subscription transitions, cloud complexity, and revenue pressure, vendors are using audits as a business tactic, not a technical one. The financial risk now rivals cybersecurity fines, with 69% of CIOs citing vendor audits as a top three financial threat this year.

But the good news is that audit resilience is achievable.

With proactive ITAM, transparent data, and independent expertise, you can turn compliance from a risk into a strategic advantage.

Don’t wait for the audit notification to land in your inbox.

Download our Software Audit Defence Whitepaper: “How to Stay One Step Ahead of Software Vendor Audits” for proven strategies, vendor-specific insights, and real-world lessons from IBM, VMware, and Microsoft audits.

Key takeaways

  • Audit rates are up 55% since 2023
  • Vendors now view audits as a revenue tool
  • Hybrid and cloud environments drive accidental non-compliance
  • Regular ELPs can cut penalties by up to 58%
  • Independent ITAM partners like bedigital give you clarity, leverage, and confidence before the auditors call

Written by

bedigital

© Copyright 2026 - bedigital - All Rights Reserved

bedigital