Broadcom Audit: The Full Guide to Defend Yourself (Focus on VMware Products)
Executive Summary: Broadcom’s acquisition of VMware has ushered in stricter software audits and new compliance obligations for enterprises.
This guide provides IT Asset Management (ITAM) professionals with a comprehensive strategy to defend their organization during a Broadcom audit – with a focus on VMware licensing.
We’ll explore what’s changed under Broadcom, common VMware compliance pitfalls, and proactive steps to prepare for and respond to an audit.
The tone is direct and pragmatic, offering actionable advice to help global enterprises navigate Broadcom’s audit tactics without vendor bias.
The New Broadcom Audit Landscape (VMware Focus)
Broadcom’s approach to VMware licensing and audits represents a significant departure from VMware’s past practices.
After the Broadcom-VMware deal, enterprises have seen a sharp uptick in compliance enforcement:
- Aggressive Audit Posture: Broadcom has signaled it will audit VMware customers more frequently. Many organizations that never faced a VMware audit before are now bracing for a Broadcom audit as a routine risk.
- Cease-and-Desist Tactics: In a bold move, Broadcom sent cease-and-desist letters to customers with perpetual VMware licenses whose support contracts lapsed. These letters require the removal of any updates or patches installed after the support expiration date. This effectively forces customers to either re-subscribe or risk running unsupported (and potentially non-compliant) software.
- “Subscribe or Get Out” Pressure: The audit and enforcement strategy underscores Broadcom’s goal to drive all VMware users to its new subscription model. Perpetual licenses without active support are no longer tolerated; Broadcom wants customers on recurring contracts, even if it means using audits as leverage.
- Impact on IT Teams: This new landscape has IT departments on edge. A Broadcom audit now feels less like a formality and more like a high-stakes event that could lead to substantial true-up fees or expensive contract upgrades. ITAM professionals must adapt their compliance strategies accordingly.
In short, Broadcom’s ownership has transformed VMware’s compliance environment into one of zero tolerance.
Organizations must treat VMware license management with the same rigor traditionally reserved for vendors like Oracle – expecting audits and preparing defense measures in advance.
VMware Licensing Changes and Challenges Under Broadcom
Understanding Broadcom’s VMware licensing changes is key to defending against audits. Broadcom has overhauled VMware’s licensing model and terms in ways that directly affect compliance:
- End of Perpetual Licensing: Broadcom has discontinued new perpetual license sales for VMware products, opting instead for subscription-only licensing. If you need additional VMware capacity or renewals, you’ll be required to enter into subscription contracts. This means long-time VMware shops must either stick with existing entitlements (without growth) or migrate to Broadcom’s pricier subscription bundles.
- Subscription-Only and Upfront Commitments: VMware subscriptions under Broadcom typically run 1–5 years, turning VMware spend into an operating expense. Be aware that allowing a subscription to lapse triggers steep penalties (Broadcom imposes ~20% late renewal fees). Budget accordingly and renew on time – Broadcom audits will quickly catch lapsed subscriptions.
- Core-Based Licensing (New Metrics): Traditionally, VMware vSphere was licensed per CPU socket (with up to 32 cores per CPU counting as one license). Broadcom now uses a per-core licensing model for vSphere and suites. Every CPU is identified by the number of cores (with a minimum of 16 cores per CPU for licensing purposes). Broadcom requires a minimum purchase of 72 cores’ worth of licenses per order. This change means:
- If you run servers with high core-count processors (e.g., 64 cores), you need far more licenses than before, directly proportional to core count.
- Small deployments face forced over-purchase. For example, one server with eight cores still requires buying 72 cores of licensing under Broadcom’s policy – a huge cost burden for smaller environments.
- Mandatory Compliance Reporting: A new obligation that has caught many by surprise is VMware’s Mandatory Compliance Reporting. Broadcom now requires customers to submit automated usage reports every 180 days for certain products (like VMware Cloud Foundation). These telemetry reports verify that your usage aligns with purchased entitlements.
- Failure to report has consequences: after 180 days without a report, the software will begin issuing warnings for non-compliance. After 270 days, some VMware functionality may degrade or become inaccessible. In essence, Broadcom built compliance checks into the software itself, forcing customers to stay transparent or risk service disruption.
- Support and Patch Restrictions: Under Broadcom, if your support contract expires, you lose access to all but critical security patches. Using any updates or patches released after your support lapse is deemed a license violation. Broadcom’s audits and legal notices are targeting customers in this situation.
- Consolidated Bundles and Reduced Discounts: Broadcom simplified VMware’s product catalog into a few large bundles (e.g., VMware Cloud Foundation suites) and has been less flexible with discounts (even for public or educational sectors). Many customers are forced into buying broader bundles than they need, which can significantly inflate costs. While this is more a cost issue than a direct audit issue, it increases the stakes. Some enterprises feel they must run lean on licenses due to budget constraints, which unfortunately increases audit risk if usage exceeds entitlements.
Takeaway:
With Broadcom’s changes, maintaining compliance requires increased vigilance.
ITAM teams must adjust asset tracking to core-based metrics, plan for subscription renewals, and implement processes (like the 180-day usage reporting) to meet Broadcom’s stricter terms.
Any oversight in these areas could trigger a Broadcom audit or compliance action.
Common VMware License Compliance Pitfalls to Watch
In the VMware environment, there are several classic compliance “gotchas” that Broadcom auditors will look for.
ITAM professionals should pay special attention to the following areas where VMware deployments often drift out of compliance:
| Compliance Pitfall | Why It Matters (Impact) | Defense Strategy (Mitigation) |
|---|---|---|
| Territory restrictions on licenses | Most VMware licenses are sold with a country-of-use restriction. Deploying VMware software outside the licensed region (e.g. using a US-only license in Europe) violates the EULA. Auditors will flag unlicensed global use. | Ensure you purchase the correct regional licenses or a global use license if your VMware workloads span countries. Track deployments by location and align them with your entitlements. |
| Lapsed support on perpetual licenses | Using software after support expiry isn’t itself a violation, but applying updates or patches released post-support is. Broadcom is actively cracking down: a lapsed support contract combined with continued updates can trigger cease-and-desist letters or audits. | Proactively manage support renewals. If you choose not to renew VMware support, strictly avoid installing updates released after your support end date. Consider third-party support services to stay secure without violating terms. |
| Under-counting CPU cores | With Broadcom’s core-based licensing, any underestimation of cores can leave you under-licensed. For example, if you have servers with 48 cores but only licensed 32 (assuming old rules), you’re out of compliance. Auditors will compare your hosts’ CPU specs against your license purchases. | Maintain an accurate inventory of hardware specs for all VMware hosts. Reconcile it against license entitlements regularly. If using older licensing metrics, update your compliance position to Broadcom’s per-core model (e.g., ensure that high core-count CPUs have the appropriate number of licenses). |
| Inconsistent support levels | VMware’s support policy requires a consistent support level across linked environments. If part of your vSphere cluster is on Basic support and another part on Production support, for instance, that’s not allowed. This often happens when purchases at different times had different support tiers. Auditors can cite this as non-compliance. | Standardize support levels for all interconnected VMware products and hosts. At renewal or purchase, align support terms across the environment. If you discover a mismatch, work with VMware/Broadcom to rectify it (upgrade or adjust contracts accordingly) before an audit does. |
| Unauthorized VMware use cases | Certain VMware use cases require special licensing. Common examples: using VMware to provide hosting or cloud services to third parties (requires a VMware Cloud Provider Program license), or using a developer/academic license in production. If auditors find VMware software being used outside the scope of its license (no matter if you have enough copies), it’s a violation. | Review the VMware End User License Agreement for any use-case restrictions. Ensure you’re not, for example, running production workloads on evaluation licenses or using developer licenses beyond development. If you provide services on VMware infrastructure, make sure you’re in an approved service provider program or have the correct multi-tenant licensing. |
| Feature or edition mismatches | Upgrading software versions or enabling certain features can inadvertently change your edition entitlement. E.g., vSphere Enterprise Plus includes features not in Standard edition. Some organizations unknowingly enable features (like Distributed Switch or NSX components) without owning the right edition, especially during upgrades. Auditors will spot feature usage that exceeds your license tier. | Control and monitor feature usage in VMware tools. If you perform version upgrades, double-check that you’re not automatically entitled to higher editions’ features. If a feature is critical, plan budget to purchase the proper edition or add-on license. Regularly run license compliance tools or scripts that map features in use to the licenses you own. |
| Missing compliance reports | Under the new mandatory 180-day compliance reporting, failing to send Broadcom the required usage data can itself put you in breach. Beyond contractual breach, your VMware software may start disabling functions after prolonged non-compliance. | Treat the 180-day reporting like a key operational task. Set calendar reminders and automate the report generation/upload process as much as possible. Verify after each period that Broadcom confirmed receipt. Staying ahead of this prevents any system nags or audit flags for non-reporting. |
Each of these pitfalls has caused real pain for enterprises.
An ITAM manager’s best defense is to identify these risks early and remediate them before Broadcom comes knocking.
Regular internal license audits and employee training on VMware license policies go a long way in avoiding unintentional violations.
Preparing for a Broadcom VMware Audit
Hope for the best, but prepare for the worst. Given the heightened audit risk, organizations should have an audit response plan ready.
Here’s how to prepare before an official Broadcom audit notice arrives:
- Review Your VMware Agreements and Audit Clause: Understand Your Rights and Obligations. VMware’s standard EULA (now under Broadcom) gives the vendor the right to audit usage during the license term and for up to two years after license expiration. Note any specifics, such as the required notice period and scope of records. Being well-versed in your contract helps you enforce the limits of an audit (e.g., phrases such as “reasonable notice” and “will not unreasonably interfere with business activities” are terms you can hold Broadcom accountable for).
- Establish a Dedicated Audit Response Team: Identify stakeholders in advance – typically from ITAM, IT operations, legal, and finance. Assign roles: Who will liaise with the auditors? Who will gather data? Having this team defined means you can mobilize quickly when an audit letter hits, rather than scrambling to involve the right people.
- Conduct a Self-Audit (Internal Compliance Review): It’s wise to periodically audit your VMware deployments before Broadcom does. Use software asset management (SAM) tools or VMware’s usage reports to map your deployed software against entitlements. Verify counts of vSphere licenses, vCenter servers, add-on products, etc. This internal review should highlight any glaring gaps (e.g., 10 hosts deployed but licenses for only 8) so you can address them proactively. If needed, engage an independent licensing expert to validate your findings.
- Document Your License Entitlements: Maintain a centralized repository of all VMware licenses, contracts, support renewals, and purchase receipts. In an audit, you’ll need to prove you own what you think you own. Ensure you have organized records of license keys, purchase orders, and invoices, along with the quantities/editions purchased. Also, track any special licensing agreements or exceptions in writing.
- Snapshot Your Environment at Audit Notice: If you do get an audit notification, one of the first steps is to preserve evidence. Virtual environments change rapidly (VMs spin up and down). Capture the state of your VMware environment (e.g., export an inventory of hosts, VMs, configurations) as of the audit notice date. This prevents disputes later if the environment drifts during the audit – you have a reference point to show what was in place when the audit started.
- Review Security & Privacy Policies for Audits: Broadcom’s auditors (often a third-party firm, such as one of the Big Four or specialized consultants) may request to run data collection scripts or conduct remote sessions in your environment. Before this happens, coordinate with your security team. Determine what is permissible: Can external scripts be run? Do they need to be vetted? Additionally, if you operate in regions with strict data protection laws (such as the EU GDPR), you may need the audit to occur on-site or with anonymized data. Align these requirements with Broadcom in advance if possible, or be prepared to negotiate them when the audit begins.
Preparing thoroughly not only makes the audit process smoother, but it also demonstrates to Broadcom that you are a diligent, well-governed customer.
That alone can sometimes discourage overly aggressive tactics. Essentially, preparation is your first line of defense in a Broadcom audit – it shifts the balance of power slightly back in your favor, the customer, by eliminating surprises.
Managing the Audit Process and Defending Your Position
When the audit kicks off, how you manage the process can significantly influence the outcome.
Here’s how to engage with Broadcom and the auditors in a firm but cooperative manner:
- Verify the Audit Legitimacy and Scope: Upon receiving an audit notice (often titled “Software and Support License Review”), confirm who it’s from. Broadcom may use an external auditor (the letter should name the firm and the Broadcom compliance manager). Cross-check this with your contracts to ensure the auditor is authorized. Then, clarify the scope: is it all VMware products or specific ones? All business units or a subset? You have the right to understand what will be reviewed. Don’t hesitate to ask Broadcom for scope clarification in writing.
- Insist on an NDA: Before any data or access is provided, ensure an appropriate Non-Disclosure Agreement is in place with the auditing firm. Audit teams will review sensitive information about your IT systems and usage. A robust NDA helps protect your data and sets confidentiality expectations. Broadcom should agree to this as a standard practice – if they don’t offer one, request it.
- Control the Data Collection: Auditors will typically send a questionnaire and propose running scripts or tools to gather usage data from your vCenters, ESXi hosts, and other relevant systems. You are within your rights to review these methods. If a proposed script conflicts with your security policy or could potentially impact systems, discuss alternative approaches. For example, you might offer to run the script yourself and send results, or provide data exports from your tools. “Reasonable cooperation” is required by the contract, but that doesn’t mean carte blanche access to everything. Strike a balance: provide the needed info without exposing more than necessary.
- Define Clear Timelines and Communication Channels: Audits can drag on for months if not managed. Agree on a timeline for each phase (data gathering, analysis, preliminary findings, response period, final report). Designate a single point of contact on your side for all communications to ensure nothing slips through the cracks. Prompt communication is key – for instance, Broadcom’s letter may request a response within a few business days. Even if you need more time, respond quickly to acknowledge and negotiate a reasonable schedule. Demonstrating professionalism and responsiveness helps maintain your good standing during the audit.
- Analyze Preliminary Findings – Don’t Accept Them Blindly: After data collection, the auditors will compile a findings report, which might include a list of under-licensed areas and a bill for license fees (and possibly back maintenance or penalties). Treat this as a starting point for discussion, not gospel. Scrutinize their findings:
- Are there any mistakes in the data? (e.g., phantom VMs, old servers that were decommissioned but still appeared in records)
- Are the auditors using the correct license metrics and applying the correct counting rules? Sometimes auditors make assumptions (e.g., counting all powered-off VMs as needing licenses) that you can challenge.
- Do you have entitlements they missed? It’s common to discover the auditor didn’t account for some licenses you own or an upgrade credit you have.
- Engage in Good-Faith Negotiation: If the audit reveals that you are genuinely under-licensed, the next step is to resolve the issue. Broadcom’s goal will likely be to sell you a subscription bundle to cover the shortfall (perhaps converting your estate to a new licensing model). Before you simply sign the purchase order:
- Negotiate the solution. You may be eligible for a waiver of penalties if you promptly purchase the necessary licenses or subscriptions. Broadcom often prefers selling you more product over charging pure penalties – use that to your advantage.
- Explore if you can offset costs. For example, if you were over-licensed in one area and short in another, can those be balanced? Or if you recently paid support on licenses that you are now dropping in favor of a subscription, can that be credited?
- If the proposed cost is exorbitant, it may be time to escalate the issue to higher management and consider external mediation or legal advice. Broadcom audits can have a huge financial impact; it’s okay to push back and seek a more reasonable settlement, especially if you believe the fault was unintentional or due to ambiguous license terms.
- Document Everything: Keep a detailed log of all communications and steps during the audit. If Broadcom’s team makes any verbal promises (e.g., “We won’t charge backdated maintenance fees” or “We’ll give a discount on the new subscription”), get it in writing. Solid documentation protects you if disputes arise later about what was agreed.
Throughout the audit process, maintain a professional and cordial tone while also being assertive. You want to cooperate, but on fair terms.
Use the guidelines in your contract to push back on unreasonable requests (e.g., overly broad data demands unrelated to VMware, or audit activities that would disrupt your business).
By actively managing the process, you defend your organization’s interests while still fulfilling the audit obligations.
Strategic Options and Long-Term Planning Post-Audit
A Broadcom audit of VMware products is not just a one-time event; it often prompts organizations to rethink their future IT strategy and vendor relationship.
Here are some strategic considerations once you’ve navigated (or resolved) the audit:
- True-Up and Optimize: If the audit revealed any license gaps, treat this as a learning opportunity. True-up to compliance, but also optimize your usage. Perhaps you identified unused licenses or could retire some workloads to stay within license bounds. Implement a continuous license optimization process so that you don’t pay for software you’re not using (which can offset some of the cost of buying what you do need).
- Renegotiate Your VMware Agreement: Post-audit (especially if it was painful), approach Broadcom to renegotiate terms to prevent future surprises. For example, you might seek to incorporate more favorable audit terms in your contract – such as longer notice periods or specific audit methodologies. Or negotiate a global agreement if you operate in many regions, to avoid inadvertent territorial issues. Enterprises often have more leverage right after an audit settlement, when Broadcom is closing a sale and eager to maintain the relationship.
- Consider Subscription Alternatives: Broadcom’s push to subscriptions is aggressive, but you may have options. Investigate if any of your VMware products are eligible for third-party maintenance providers for support at a lower cost (keeping you compliant while avoiding Broadcom’s expensive renewals). In some cases, staying on an older version with third-party support for a couple of years can help bridge the transition to a new technology.
- Evaluate Your Technology Roadmap: As some organizations face massive VMware cost increases and hostile audit tactics, they begin evaluating alternative solutions. This is a significant decision – VMware is usually deeply embedded – but it’s worth assessing:
- Alternate virtualization platforms (such as Hyper-V, KVM, or Nutanix AHV) or increased adoption of cloud-native services that reduce reliance on VMware.
- Hybrid and multi-cloud strategies where new workloads go to cloud or containers (which don’t require VMware licensing) while legacy VMware workloads are gradually phased out.
- Keep in mind: switching has its costs and risks, but the mere option can provide leverage. Broadcom will know if customers are seriously considering leaving; this can sometimes motivate them to offer more palatable terms to retain business.
- Strengthen Asset Management and Governance: Ultimately, leverage this experience to enhance your ITAM governance. Implement stricter controls for deploying software in the data center – for instance, require any new VMware deployment to undergo a license check. Improve tagging and monitoring of VMs and hosts. Regularly train your virtualization admins on license use policies (e.g., don’t spin up an evaluation copy in production, don’t apply patches if not entitled, etc.). A culture of compliance must be nurtured, so that the next audit (which will inevitably come) is far less daunting.
In summary, defending against a Broadcom audit is not just about surviving the current audit—it’s about adapting for the future.
Broadcom’s VMware licensing regime will continue to evolve, and enterprises must evolve their strategies in parallel, balancing cost, compliance, and technical needs.
Recommendations (Practical Tips for Audit Defense)
1. Know Your License Position Cold: Keep an up-to-date inventory of VMware deployments versus entitlements. This “license baseline” is your strongest weapon – you can’t defend what you don’t measure. Regular internal audits (at least annually) will ensure you’re never caught off guard by what Broadcom discovers.
2. Proactively Address Compliance Gaps: If you find any potential non-compliance (e.g., extra VMs or hosts without licenses), fix it before Broadcom finds it. That might involve reallocating licenses, purchasing additional ones discreetly, or adjusting usage. Self-identified issues are almost always cheaper to resolve than audit-identified issues.
3. Leverage Expert Help: Consider engaging a software licensing consultant or legal firm experienced in Broadcom audit defense. They can provide an outside perspective, help interpret VMware’s complex licensing rules, and even handle communications with the auditor. Their cost may easily pay for itself if they reduce audit exposure or settlement costs.
4. Tighten Contractual Audit Terms: During your next renewal or negotiation with Broadcom, try to negotiate the audit clause. For example, clarify how much advance notice you’ll get, limit audits to once per X years, or specify that audits must occur during normal business hours and not interfere with operations. While Broadcom may not agree to major changes, even small tweaks give you more control.
5. Implement Continuous Compliance Monitoring: Tools and automation are your friends. Use VMware’s tools or third-party SAM software to continuously track license usage (like vCenter reports, license utilization dashboards, etc.). Set thresholds/alerts for usage nearing license limits. This way, you’ll catch compliance issues in real time rather than at audit time.
6. Educate and Communicate Internally: Ensure your IT staff and procurement teams understand Broadcom’s new VMware licensing rules. Simple mistakes (like buying a server with 64 cores but only budgeting for one CPU license) can lead to huge compliance gaps. By building awareness, your colleagues will involve ITAM early when planning expansions or changes.
7. Maintain a Compliance Calendar: Mark critical dates such as support contract expirations and the 180-day reporting deadlines. Treat these like mandatory meetings – no misses. Timely renewal and reporting will keep you off Broadcom’s radar and prevent self-inflicted issues, such as the loss of functionality due to non-reporting.
8. Don’t Wait for the Audit to React: The best defense is a good offense. Even if you haven’t heard from Broadcom, act as if an audit is coming next quarter. This mindset will motivate you to keep everything tidy. It’s much easier to handle an audit that confirms what you already know than one that uncovers surprises.
9. Plan an Exit Strategy (If Needed): While not the first choice, have a contingency plan if Broadcom’s terms become unbearable. This could involve a phased migration to alternative solutions or the cloud, or a strict cap on VMware usage growth. Knowing you have a “Plan B” can also strengthen your resolve in negotiations, because you’re not completely at Broadcom’s mercy.
10. Foster Vendor Communication: Lastly, keep open lines with Broadcom/VMware account reps. Regularly discuss your deployment plans and request clarification on any ambiguous license points. If Broadcom knows you are diligent and communicative, they may offer guidance that prevents issues. And if an audit does occur, a positive prior relationship can sometimes make the process less adversarial.
Checklist: 5 Actions to Take Now
- Inventory All VMware Usage: Compile a detailed list of all VMware software deployed (e.g., vSphere hosts, vCenter instances, vRealize components) and map it against your purchased licenses. Include versions and features in use. This is your baseline for any audit defense.
- Validate Compliance on Key Risk Areas: Check for the known pitfalls – are all deployed hosts within licensed territories? Are you using any VMware software for third-party services without a proper license? Did any host exceed the 32-core-per-CPU threshold under old licenses (thus needing extra licensing)? Address these immediately.
- Engage Stakeholders with a Drill: Conduct an “audit fire drill” with your internal team. Simulate receiving an audit notice by practicing the following steps: assembling data, answering a sample auditor questionnaire, and reviewing for potential issues. This will highlight weak spots in your processes and build confidence in handling a real audit.
- Ensure Support & Contracts Are Current: Review the status of your VMware support contracts and subscription terms. Renew any that are nearing lapse (or have lapsed unexpectedly). If you intend not to renew, document what this means (e.g., no new patches) and communicate this internally to avoid anyone inadvertently downloading updates.
- Set Up Compliance Reporting Mechanisms: If you’re under any Broadcom mandatory reporting requirements, set those up now. Configure the VMware usage meter or compliance report tool according to Broadcom’s instructions, test the upload process, and establish reminders to ensure it occurs every 6 months. Proving that you’re consistently compliant through these reports might even reduce the likelihood of a formal audit selection.
By ticking off this checklist, you’ll significantly harden your defenses against any upcoming Broadcom audit involving VMware.
Each action ensures you’re not only responding to Broadcom’s new rules, but staying one step ahead of them.
FAQs
Q: What triggers a Broadcom audit of VMware licenses?
A: Common triggers include noticeable gaps between your VMware deployments and license purchases (e.g., rapid growth in VM count without corresponding license orders), or failure to submit the new mandatory compliance reports. Additionally, if you let support lapse on a perpetual license and don’t transition to a subscription, Broadcom may conduct an audit to pressure a contract update. In general, any scenario where Broadcom suspects they are missing out on revenue can be a trigger.
Q: How much notice does Broadcom give before a VMware audit?
A: Typically, the audit notice letter will specify that your organization has been selected and may reference the EULA’s audit clause. Broadcom usually provides advance notice – often, the letter requests a response within 3-5 business days to schedule a kickoff call. The exact notice period isn’t very long (not like 30 days’ heads-up). It’s more of a “we’re auditing you now, please cooperate promptly” notification. That’s why preparation is crucial – you won’t get a lot of lead time once the audit is announced.
Q: Can we refuse or delay a Broadcom audit?
A: Outright refusal is not advisable – it would likely be deemed a breach of contract, since most VMware agreements grant audit rights. However, you can manage how it proceeds. You may request reasonable scheduling adjustments (e.g., starting after a critical business week) or clarification on the scope. Delaying without cause is risky; Broadcom could escalate the issue legally. It’s better to cooperate while controlling the process (with an NDA in place, properly scoped, etc.) than to stonewall. If you truly need a short extension (perhaps to gather data or personnel), communicate this openly and provide a concrete date for compliance. Reasonable requests are often granted if you demonstrate good faith.
Q: What if an audit finds we are non-compliant?
A: You will be expected to rectify any shortfall, typically by purchasing the necessary licenses or subscriptions retroactively. Broadcom may present a formal report with compliance gaps and a proposal for remediation. This could include back maintenance fees for the period you were unlicensed and the cost of new licenses moving forward (often as a subscription deal). The key is to review this proposal critically. If you disagree with the findings (e.g., you believe you were compliant or the auditor over-counted usage), you can contest them with evidence. If the findings are valid but the proposed cost is punitive, you have some room to negotiate – for instance, asking for a discount on the new licenses or waiving certain fees. Ultimately, expect to spend money to become compliant, but how that spending is structured can be negotiated.
Q: How can we minimize the chance of future audits?
A: While there’s no foolproof way to avoid vendor audits, staying in good compliance standing certainly helps. Submitting required usage reports on time, keeping your license counts in line with actual usage, and maintaining an open dialogue with Broadcom’s account representatives can portray you as a lower-risk customer. Some enterprises also stagger big purchases or true-ups just ahead of audit season to preempt any issues (if Broadcom sees a recent true-up order, they might skip auditing you that year). Additionally, ensure that any audit from Broadcom proceeds smoothly – if you demonstrate strong controls and minimal findings, Broadcom may deem your account well-managed and focus audit efforts elsewhere next time. In essence, run your VMware licensing as if you will be audited at any time, and you’ll naturally reduce the likelihood and impact of an audit.
