Software Audit Checklist: Ensuring Your Business Is Properly Licensed

A software audit is one of those business tasks that rarely feels urgent until it suddenly becomes very urgent — when a software vendor makes contact about compliance, when you are preparing for sale or investment, or when you need to demonstrate to a client or regulatory body that your IT environment is properly managed. Carrying out a proactive internal audit before any of these situations arise is straightforward, puts you in control, and eliminates unpleasant surprises.

This checklist guide walks through the process of auditing the software in your business: what to look for, how to record it, how to identify gaps, and how to address them.

Why Software Audits Matter

Using software without the appropriate licence is a form of copyright infringement, and the practical consequences can be significant. Software publishers use a variety of means to monitor for unlicensed use, from technical phone-home mechanisms to industry anti-piracy organisations that pursue complaints on publishers’ behalf. Consequences range from licence compliance agreements requiring back-payment to legal action.

Beyond the legal risk, there are practical reasons to keep software licensing in order. Unlicensed software may not receive security updates, leaving known vulnerabilities unpatched. Staff productivity depends on reliable, supported software. IT audits from investors, clients, or acquirers will flag software compliance gaps. And fundamentally, knowing what software you have, what version, and what licence it runs under is basic good practice for any IT environment.

Step 1: Inventory All Devices

Start by creating a complete list of every device in your business on which software is installed. This includes:

• Desktop computers and workstations
• Laptops
• Servers
• Virtual machines
• Any shared or kiosk computers

For each device, record the hostname or device identifier, the user it is assigned to (or its purpose), the operating system and version, and its physical location or network segment. This device inventory is the foundation of the software audit — every software installation needs to be attributed to a specific device.

For organisations with ten or more machines, manual inventory quickly becomes impractical. IT asset management tools — many of which offer free tiers for small organisations — can automatically discover and inventory devices and installed software on a network. Tools worth considering include Snipe-IT (free, open source), Spiceworks Network Inventory (free), or the Microsoft Intune endpoint management platform.

Step 2: Discover All Installed Software

For each device in your inventory, generate a list of all installed software. On Windows machines, this can be done in several ways:

• Open Settings, then Apps, then Installed Apps (Windows 11) for a complete list of installed applications
• Use PowerShell: Get-WmiObject -Class Win32_Product | Select-Object Name, Version | Export-Csv software_list.csv to generate a CSV export
• IT inventory tools (as mentioned above) automate this discovery across multiple machines simultaneously

Record every application: name, version, and the date installed where available. Pay particular attention to:

• Operating systems (Windows versions)
• Productivity suites (Microsoft Office versions)
• CAD and engineering software (AutoCAD, Revit, Inventor, Fusion 360, etc.)
• Creative software (Adobe products, etc.)
• Any specialist industry software
• Development tools and IDEs
• Remote access software

Step 3: Collect Your Licences

In parallel with the software discovery, gather all the licence documentation you hold. This includes:

• Email confirmations of software purchases
• Retail licence certificates and product keys
• Volume licensing agreements and portals
• Subscription account details
• Software downloaded with purchase from GetRenewedTech or similar suppliers

Consolidate this information into a licence register — a spreadsheet or database that records: the software name, version, the licence type (perpetual, subscription, OEM), the number of licences held, the purchase date, the supplier, and any key reference (order number, licence key, account ID). Store copies of all licence documentation securely, with backups.

Step 4: Match Software to Licences

With your installed software inventory and your licence register both complete, work through each application and match installations to licences. For each application, answer:

1. How many installations are in use?
2. How many licences do we hold?
3. Do the versions in use match the versions licenced?
4. Are the licence terms still current (not expired for time-limited licences)?
5. Are the licences being used in compliance with their terms (correct platform, correct number of users, etc.)?

The most common gaps discovered in software audits are:

• Unlicenced software — applications in use with no corresponding licence
• Over-installation — more installations than licences held (common where a single-device licence has been installed on multiple machines)
• Version non-compliance — using a version not covered by the licence held (particularly relevant for licences with version-specific coverage)
• Expired subscriptions — subscription licences that were not renewed but the software continues to be used
• Platform mismatch — using a Windows-only licence on a Mac, or vice versa

Step 5: Address the Gaps

Once gaps are identified, they need to be addressed. Options include:

• Purchase the missing licences — the straightforward solution for software you need to keep using. If the gap has existed for some time, purchase the licences going forward. Note the dates and keep documentation clear.
• Uninstall software you do not need — if unlicensed software is not actually being used, remove it. This reduces the compliance risk and the security attack surface simultaneously.
• Consolidate to collections or bundles — if you have several individual Autodesk licences, consolidating to the AEC Collection or PDMC Collection may cover all your needs under a single, clearly documented arrangement
• Switch to free alternatives — for non-critical software where a free alternative meets the need

Step 6: Establish Ongoing Controls

A one-time audit is valuable, but its value erodes quickly if software installations are not controlled going forward. Establish processes to maintain compliance:

• Software installation policy — only IT (or authorised individuals) install software on business devices. All installation requests go through a defined approval and logging process.
• Regular audit cadence — repeat the audit process at least annually, or after any significant change (new staff, new projects, new software purchases)
• Licence register maintenance — update the licence register whenever software is purchased, installed, or removed
• Offboarding procedure — when staff leave, ensure their assigned licences are either deactivated or reallocated. Many businesses accumulate unused software installations on ex-employees’ decommissioned machines.

Operating System Compliance

The operating system is often overlooked in software audits but is fundamentally important. Windows licences are tied to specific devices and, for OEM licences, cannot be transferred between machines. Windows 11 Pro’s licence terms require activation of the specific edition purchased. Running an unlicensed Windows installation carries the same risks as any other unlicensed software, plus the practical issue that Windows Update may be limited on unactivated copies.

Windows 11 Professional from GetRenewedTech at £18.99 provides a properly licenced operating system at a very accessible price — there is no financial justification for running an unlicensed Windows installation when the cost of compliance is this low.

Conclusion

A software audit is not a painful compliance exercise — it is good business practice that protects you from legal risk, ensures your software is supported and secure, and gives you a clear picture of your IT assets. Conducting a thorough internal audit once and then maintaining the licence register and installation controls going forward requires modest ongoing effort. The alternative — discovering a significant compliance gap at the worst possible moment — is avoidable with straightforward proactive management.

Dealing with Inherited IT Environments

One of the most common scenarios that makes software audits complicated is an inherited IT environment — a situation where a business has grown through acquisition, taken on an existing team with their own IT setup, or simply grown from a one-person operation to a team without ever performing a systematic review. In these situations, the software inventory may include:

• Applications installed by previous employees who are no longer with the business
• Software that was originally licenced to individuals who have since left
• Trial versions of software that were installed years ago and never removed
• Applications whose licences were managed by a previous IT contractor or supplier and for which documentation no longer exists

The approach to inherited environments is the same as for a planned audit, but with the additional step of researching provenance for any application where licence documentation cannot be found. For some applications, the vendor’s customer portal can help — if you have the product key or installation serial number, many vendors can tell you the original licence holder and whether that licence is still valid.

Cloud and SaaS Software

Traditional software audits focus on installed applications, but an increasing proportion of business software is delivered as Software-as-a-Service (SaaS) through web browsers. SaaS applications present different licence management challenges:

• Account proliferation — SaaS tools are often signed up for individually by staff members using their work email, without IT oversight. A business may be paying for multiple competing tools doing similar jobs.
• Subscription creep — SaaS subscriptions tend to accumulate, with individual users signing up for tools on company credit cards and then forgetting about them. A review of business credit card statements often reveals surprising numbers of active SaaS subscriptions.
• Shared account misuse — some SaaS tools are purchased with individual user licences but credentials are shared among multiple people. This breaches the licence terms and creates security risks (shared credentials cannot be individually revoked when a team member leaves).

Include SaaS subscriptions in your audit by reviewing payment records and talking to each team member about which online tools they use regularly. For each SaaS tool, verify that the number of active users matches the number of licences paid for.

Special Consideration: AutoCAD and Autodesk Collections

Autodesk products deserve specific attention in any software audit. AutoCAD and other Autodesk tools are expensive at retail subscription prices, and licences are sometimes used informally across a team without proper management. Key things to verify for Autodesk software:

• Named user licensing means each person using the software must have their own licence — sharing a single licence account among multiple users is not permitted
• Autodesk’s account portal (manage.autodesk.com) provides a list of all licences associated with your organisation and can be used to verify which users have access
• If you have multiple team members using Autodesk tools, consolidating to an AEC Collection or PDMC Collection may be both more cost-effective and simpler to manage than individual application licences

Dealing with Inherited IT Environments

One of the most common scenarios that makes software audits complicated is an inherited IT environment — a situation where a business has grown through acquisition, taken on an existing team with their own IT setup, or simply grown from a one-person operation to a team without ever performing a systematic review. In these situations, the software inventory may include applications installed by previous employees who are no longer with the business, software that was originally licenced to individuals who have since left, trial versions of software that were installed years ago and never removed, and applications whose licences were managed by a previous IT contractor or supplier and for which documentation no longer exists.

The approach to inherited environments is the same as for a planned audit, but with the additional step of researching provenance for any application where licence documentation cannot be found. For some applications, the vendor’s customer portal can help — if you have the product key or installation serial number, many vendors can tell you the original licence holder and whether that licence is still valid.

Cloud and SaaS Software

Traditional software audits focus on installed applications, but an increasing proportion of business software is delivered as Software-as-a-Service (SaaS) through web browsers. SaaS applications present different licence management challenges. Account proliferation is common — SaaS tools are often signed up for individually by staff members using their work email, without IT oversight. A business may be paying for multiple competing tools doing similar jobs. Subscription creep is also typical — SaaS subscriptions tend to accumulate, with individual users signing up for tools on company credit cards and then forgetting about them. A review of business credit card statements often reveals surprising numbers of active SaaS subscriptions.

Include SaaS subscriptions in your audit by reviewing payment records and talking to each team member about which online tools they use regularly. For each SaaS tool, verify that the number of active users matches the number of licences paid for.

Special Consideration: Autodesk Collections

Autodesk products deserve specific attention in any software audit. Named user licensing means each person using the software must have their own licence — sharing a single licence account among multiple users is not permitted. Autodesk’s account portal (manage.autodesk.com) provides a list of all licences associated with your organisation and can be used to verify which users have access.

If you have multiple team members using Autodesk tools, consolidating to an AEC Collection or PDMC Collection at £149.99 each may be both more cost-effective and simpler to manage than individual application licences. The collection provides a clear, single licence covering multiple applications, simplifying both the compliance audit trail and the ongoing management of what applications each team member can access.

Keeping Records and Planning Renewals

Once your licence register is complete and any gaps addressed, maintain it as a live document. Set calendar reminders for any time-limited licences that require renewal. For subscription-based software, configure auto-renewal where appropriate, but review the subscription list annually to remove tools that are no longer needed.

A well-maintained licence register, reviewed annually alongside your software audit, transforms software compliance from a reactive scramble into a routine management practice. The time investment is modest; the protection against compliance risk and software downtime is substantial.