Audit Letter — First 48 Hours Emergency Checklist

Your Progress

0/25 (0%)

🚨

Hour 0-4: Stop & Secure

5 items

0/5

▾

STOP — Do NOT respond to the vendor

Any response, even acknowledging receipt, can start a contractual clock. Pause before acting.

Critical

Do NOT let anyone in your organisation contact the vendor

Instruct all staff that no one should respond to, call, or email the vendor about the audit. Lock down communications.

Critical

Do NOT run any vendor-provided audit scripts or tools

Vendor scanning tools collect data far beyond what is needed and are interpreted in the vendor favour.

Critical

Do NOT share any data, screenshots, or reports

Even informal data sharing can be used against you. Share nothing until you have a strategy.

Critical

Photograph or scan the audit letter immediately

Preserve the original letter with date stamps. You may need to prove when you received it.

📜

Hour 4-12: Understand Your Position

5 items

0/5

▾

Read the audit letter carefully — identify which contract clause is cited

The audit clause defines scope, process, and timeline. Your obligations depend on the specific clause.

Critical

Determine which vendor is auditing and what products are in scope

Different vendors have different audit powers. Oracle, Microsoft, SAP, and IBM each have distinct approaches.

Important

Check if the notice period is correct

Most contracts require 30-45 days advance notice. If notice is insufficient, you have grounds to request more time.

Identify your contractual obligations — what you MUST do vs what is requested

Vendors often request more than they are entitled to. Know the difference between obligations and requests.

Important

Determine the deadline for response

Calendar the actual contractual deadline. Do not accept artificial urgency from the vendor.

👥

Hour 12-24: Mobilise Your Team

5 items

0/5

▾

Notify your CIO, CTO, or VP of IT immediately

Executive awareness is essential. Audit responses require budget, resources, and decision authority.

Important

Alert your legal team

Legal should review the audit letter, your contractual obligations, and any response before it is sent.

Important

Contact an independent software licensing advisory firm

This is the single most impactful action you can take. Independent advisors typically reduce audit claims by 50-90%.

Critical

Assemble your audit response team

Designate: a single vendor contact point, an IT lead, a procurement lead, a legal lead, and an executive sponsor.

Brief the team on communication protocols

No one outside the response team should discuss the audit with the vendor. Document this in writing.

🔒

Hour 24-36: Secure Your Evidence

5 items

0/5

▾

Locate ALL licence agreements, order forms, and entitlement records

Start gathering documentation immediately. Missing records are treated as missing licences.

Critical

Identify your software asset management (SAM) tool data

If you have SAM tooling, pull current reports. This is your baseline for understanding your position.

Preserve current system configurations — do NOT make changes

Do not uninstall, reconfigure, or modify software in response to the audit. Changes can be viewed as evidence tampering.

Critical

Document your current infrastructure landscape

Record: physical servers, virtualisation platforms, cloud deployments, and all environments running the vendor software.

Check for any recent changes that may affect compliance

Recent migrations, upgrades, new deployments, or decommissions may be relevant to the audit scope.

⏰

Hour 36-48: Plan Your Response

5 items

0/5

▾

Draft your initial response with your advisor — acknowledge receipt only

The first response should acknowledge receipt, confirm the audit clause, and request clarification on scope. Nothing more.

Important

Request clarification on the exact audit scope if vague

Vendors often send broad audit letters. Ask for specific products, systems, and time periods in scope.

Propose a reasonable timeline for data collection

You are not obligated to produce data overnight. Propose 30-60 days for data gathering and analysis.

Important

Schedule an internal kick-off meeting with your full response team

Align on strategy, assign responsibilities, set milestones, and establish a communication cadence.

Begin your internal software discovery — understand your position FIRST

Run your own assessment before the vendor sees anything. Knowledge is your primary defence.

Critical

Get Your Personalised Report

Enter your details to unlock your downloadable checklist and receive expert follow-up guidance from our advisory team.

Need Expert Software Licensing Guidance?

Redress Compliance provides independent software licensing advisory services — fixed-fee, no vendor affiliations. Our specialists provide independent advisory across Oracle, Microsoft, SAP, IBM, Salesforce, ServiceNow, and Broadcom — fixed-fee, no vendor affiliations.

Explore Software Licensing Advisory Services →

Please use your company email address.

Your details are shared only with Redress Compliance.

Need Emergency Audit Defence?

Call Redress Compliance immediately. We provide emergency audit response support across Oracle, Microsoft, SAP, IBM, and all major vendors. Do not engage the vendor without independent advice.

Book a Free Consultation

Audit Letter — First 48 Hours

Get Your Personalised Report

Need Expert Software Licensing Guidance?

Need Emergency Audit Defence?

📊 Free Software Licensing Risk Assessment

Related Guides

Explore More Licensing Hubs