Software Audit Information | Office of Information Technology

compliance audits our procedure Contact us

Software compliance

Software applications are usually not free and require the purchase of a license. A software license is a legal agreement defining the conditions by which the application can be used. For example, “the application may only be used by one ‘named’ person.” Licenses generally grant the software manufacturer the right to audit the customer. If a manufacturer chooses to exercise this right, they often audit the entire organization to ensure overall compliance, even if only a few licenses have been purchased. Non-compliance can lead to unexpected expenditures.

Software audits

While CU Boulder is committed to software compliance, manufacturers may still audit the university. Audits can be complicated and time consuming, and the communications and exchange of information should be carefully regulated.

If you receive an audit notification, do not respond, and contact the OIT Software Asset Management (SAM) team at oitsoftware@colorado.edu. The SAM team is skilled to lead software audits for the Boulder campus.

Software audit response procedures

The Software Audit Response procedures were developed by the SAM team and are used to guide the audit process. The procedures are outlined below.

Phase 1: Initial Audit Response Process

Confirm the legitimacy of the audit request, execute tracking and control procedures and communication protocols.

Phase 2: Pre-Audit Activities

Organize a steering committee and audit team. Respond to the audit notice requesting the auditor to deliver relevant contracts and purchase records and complete a questionnaire documenting the timeline, scope, methodology, discovery tools, and balance calculation methods.

Phase 3: Kick-off, Planning and Scoping

Negotiate the ground rules, timeline, data collection, testing and counting methods, priorities, and change management.

Phase 4: Data Collection

Review purchase records for scope relevancy and completeness. Approve the collection method and oversee the data collection.

Phase 5: Data Analysis

The collected data is carefully reviewed to ensure it contains only relevant information and masks proprietary university information. Agree on the final license balance.

Phase 6: Negotiation

If necessary, a CU negotiation team enter negotiations with the manufacturer.

Phase 7: Audit Completion

The manufacturer delivers an audit close notice.

Phase 8: Implementation

Action items are implemented, tracked, and documented.

Phase 9: Conclusion/Post-Audit

A final report is distributed to key stakeholders.

Contact us

If you have any questions related to software compliance or audits, please email oitsoftware@colorado.edu.