Software audits aren’t new; nearly half (48%) of the organizations surveyed in Flexera’s 2026 State of ITAM Report said they had been audited in the last year. But they are becoming more frequent, more complex and more expensive. They’ve become a constant reality for IT leaders who are constantly asking themselves:
How do I reduce software audit risk while maintaining control across SaaS, cloud and AI?
The answer sits with governance, visibility and proactive ITAM practices.
44% of respondents spent more than $1 million on audits over the past three years
Software vendor audits are a significant cost burden, with many organizations spending $1 million or more over three years
Audit exposure remains one of the most persistent risks across the IT estate. Audit costs are rising because environments are harder to track. SaaS, cloud and AI introduce new licensing models, new usage patterns and new areas of non-compliance. On top of that, 64% of audited organizations report Microsoft audits, while Microsoft was also listed as the most relevant vendor to respondents’SAM program. This should be concerning to businesses.
Lack of visibility is the root cause: only 36% of organizations report complete visibility into their IT estate
Only a third of organizations have complete visibility into IT assets and their impact on business outcomes—most still operate with partial insight
Audit exposure is often a visibility problem first—and a compliance problem second. Maintaining accurate inventory is the top priority for 78% of ITAM teams, because you can’t prepare for an audit if you don’t know what you have. With that said, visibility remains a major gap with only 36% of organizations report complete visibility into their IT estate.
SaaS and cloud environments expand outside traditional procurement controls, while AI introduces new consumption models with tokens and limits. The result? Missing licenses, untracked usage and unclear ownership.
Navigating a software audit?
Software audits are disruptive, but there are ways you can lighten the load and mitigate your risk. Here are 10 steps to help you get through a software audit.
Audit preparation has shifted from an event to an always-on capability
Traditional audit preparation was reactive, with organizations preparing when notified. That model no longer works, and teams that embed continuous compliance into ITAM will be better positioned.
The data shows why:
- ITAM teams now spend a meaningful portion of their time responding to audits
- Audit activity remains consistently high year over year
- ITAM responsibilities now include cloud, SaaS and AI tracking, expanding the scope of compliance
Reducing waste isn’t just about cost savings—it’s one of the most effective ways to reduce audit risk
Waste and compliance are two sides of the same issue: lack of control. SaaS waste continues to increase year over year, while cloud waste (IaaS/PaaS) has also increased. Optimizing software spend is the top priority for SAM teams, while ITAM responsibility continues to grow, with 75% of teams managing cloud licenses and 64% managing SaaS.
Where’s the connection between waste and audit exposure?
- Unused licenses and decentralized ownership create audit exposure
- Overprovisioned environments create compliance gaps
- Poor tracking leads to inaccurate entitlement data
Responsibility for optimization in public cloud is now nearly evenly split between ITAM and FinOps teams, which means audit compliance now requires coordination across ITAM and FinOps.
Governance gaps also increase software audit exposure
As software environments expand, governance frameworks are struggling to keep up.
- Tracking new environments (SaaS, cloud, AI) is now a top challenge across organizations
- Complexity of software use rights continues to increase year over year
- Only 31% of organizations have visibility into AI software
Only 31% of respondents report visibility into AI software
This creates new audit risks:
- Untracked usage
- Unclear contract terms
- Misaligned licensing models
Audit risk today is driven less by intentional non-compliance—and more by governance gaps in rapidly changing environments with shifting ownership.
What effective ITAM audit preparation looks like today
Leading organizations are shifting from reactive to proactive audit management and focus on:
- Establishing complete visibility: A single, trusted source of truth across SaaS, cloud and AI
- Maintaining accurate entitlement data: Aligning licenses, contracts and usage data continuously
- Embedding audit readiness into daily operations: Treating compliance as an ongoing process—not a point-in-time exercise
- Aligning ITAM, FinOps and security: Ensuring all teams work from the same data and governance model
- Optimizing continuously: Using license reuse, rightsizing and contract management to reduce both cost and risk
Reducing software audit risk in 2026 requires better control over the entire software lifecycle. The organizations that succeed will:
- Improve visibility across SaaS, cloud and AI
- Align ITAM, FinOps and security around shared data
- Reduce waste as a path to reducing risk
Audit compliance is an always-on operating model connecting visibility, alignment between teams and waste reduction.
Software audits aren’t going anywhere
Check out Flexera’s latest State of ITAM report to see the vendors that are responsible for the most audits (and what it’s costing teams).
