Emergency Response

Audit Letter — First 48 Hours

You\x27ve received a software audit letter. Here\x27s exactly what to do in the first 48 hours to protect your organisation. 25 critical action items.

48 hrs
Critical Window
25
Action Items
DO NOT
Reply Yet
Your Progress
0/25 (0%)
🚨
Hour 0-4: Stop & Secure
5 items
0/5
STOP — Do NOT respond to the vendor
Any response, even acknowledging receipt, can start a contractual clock. Pause before acting.
Critical
Do NOT let anyone in your organisation contact the vendor
Instruct all staff that no one should respond to, call, or email the vendor about the audit. Lock down communications.
Critical
Do NOT run any vendor-provided audit scripts or tools
Vendor scanning tools collect data far beyond what is needed and are interpreted in the vendor favour.
Critical
Do NOT share any data, screenshots, or reports
Even informal data sharing can be used against you. Share nothing until you have a strategy.
Critical
Photograph or scan the audit letter immediately
Preserve the original letter with date stamps. You may need to prove when you received it.
📜
Hour 4-12: Understand Your Position
5 items
0/5
Read the audit letter carefully — identify which contract clause is cited
The audit clause defines scope, process, and timeline. Your obligations depend on the specific clause.
Critical
Determine which vendor is auditing and what products are in scope
Different vendors have different audit powers. Oracle, Microsoft, SAP, and IBM each have distinct approaches.
Important
Check if the notice period is correct
Most contracts require 30-45 days advance notice. If notice is insufficient, you have grounds to request more time.
Identify your contractual obligations — what you MUST do vs what is requested
Vendors often request more than they are entitled to. Know the difference between obligations and requests.
Important
Determine the deadline for response
Calendar the actual contractual deadline. Do not accept artificial urgency from the vendor.
👥
Hour 12-24: Mobilise Your Team
5 items
0/5
Notify your CIO, CTO, or VP of IT immediately
Executive awareness is essential. Audit responses require budget, resources, and decision authority.
Important
Alert your legal team
Legal should review the audit letter, your contractual obligations, and any response before it is sent.
Important
Contact an independent software licensing advisory firm
This is the single most impactful action you can take. Independent advisors typically reduce audit claims by 50-90%.
Critical
Assemble your audit response team
Designate: a single vendor contact point, an IT lead, a procurement lead, a legal lead, and an executive sponsor.
Brief the team on communication protocols
No one outside the response team should discuss the audit with the vendor. Document this in writing.
🔒
Hour 24-36: Secure Your Evidence
5 items
0/5
Locate ALL licence agreements, order forms, and entitlement records
Start gathering documentation immediately. Missing records are treated as missing licences.
Critical
Identify your software asset management (SAM) tool data
If you have SAM tooling, pull current reports. This is your baseline for understanding your position.
Preserve current system configurations — do NOT make changes
Do not uninstall, reconfigure, or modify software in response to the audit. Changes can be viewed as evidence tampering.
Critical
Document your current infrastructure landscape
Record: physical servers, virtualisation platforms, cloud deployments, and all environments running the vendor software.
Check for any recent changes that may affect compliance
Recent migrations, upgrades, new deployments, or decommissions may be relevant to the audit scope.
Hour 36-48: Plan Your Response
5 items
0/5
Draft your initial response with your advisor — acknowledge receipt only
The first response should acknowledge receipt, confirm the audit clause, and request clarification on scope. Nothing more.
Important
Request clarification on the exact audit scope if vague
Vendors often send broad audit letters. Ask for specific products, systems, and time periods in scope.
Propose a reasonable timeline for data collection
You are not obligated to produce data overnight. Propose 30-60 days for data gathering and analysis.
Important
Schedule an internal kick-off meeting with your full response team
Align on strategy, assign responsibilities, set milestones, and establish a communication cadence.
Begin your internal software discovery — understand your position FIRST
Run your own assessment before the vendor sees anything. Knowledge is your primary defence.
Critical

Get Your Personalised Report

Enter your details to unlock your downloadable checklist and receive expert follow-up guidance from our advisory team.

Please use your company email address.
Your details are shared only with Redress Compliance.

Need Emergency Audit Defence?

Call Redress Compliance immediately. We provide emergency audit response support across Oracle, Microsoft, SAP, IBM, and all major vendors. Do not engage the vendor without independent advice.

Book a Free Consultation