There are two types of audits:
Audits to get some certification
Audits to catch discrepancies

Thie first type my company just went through. ISO came onto our site and checked everything out and left a week later.

The second is when the IRS comes and puts you through hell to squeeze a bit more money out of you. The audits described here sound like the latter. If the agreement called for annual audits to make sure everything is good and combine the audit with training, Q&A sessions for the auditied company, then no problem. but “Surprize! lets see if you have abused your agreement with us” is not something I’d be happy about.

Having recently guided a large global client through the painful process of verifying itself to an Adobe audit I can also offer and confirm the following

The guilty till proven innocent methodology means that the target (victim) company has to produce their own data which in the case of global companies can be extremely costly

Many software vendors offer no tooling to help assist companies in detecting any potential unlicensed installations on their machines – in adobe’s case they didn’t even have a coherent list of software to be audited (it changed on a monthly basis) and didn’t know the registry keys their own software made for auditing purposes

The software companies expect to see the actual first hand invoice (scans and photocopies are not enough). OK for a small company but gets expensive for larger companies with vault based storage of millions of invoices

The goalposts moved considerably over the course of several months, proofs which were acceptable one month would suddenly become unacceptable the next

Adobe and its vendors insist on sending licenses locally but expect to audit globally, In certain countries invoices from adobe partners are not acceptable – they didn’t seem to like the fact that Chinese companies insist on producing local invoices in Chinese for instance. Plus its a pain getting all your local support to store the paper licenses in a sensible location

The list of problems was legion and this auditing a company which honestly was not that bad at obtaining the correct amount of licenses

One thing my client instigated almost immediately was a reduction in the number of products purchased – the whole costly and frustrating exercise finally convinced them that brand name is not everything. They did some checking around and in many cases found alternatives that were cheaper and from companies happy to be more flexible with their licensing (concurrent user licenses, transferable license pools etc)

In one notable example Fox-It PDF Reader (thoroughly recommended by the way) has proven to be quicker, less hassle and a lot less risky than Adobe Reader and is now the companies defacto standard

Admittedly not all vendors will be the same but Adobe are amongst the worst – the best one I had from them was a few years ago when they insisted that installation copies on rollout servers on another of my clients networks would need licenses. The company had several servers spread out around the world with installation files on them to help field support and others reinstall software in the event of failure – Adobe seriously expected them to have separate licenses for these even though they weren’t actually installations (this company was large enough to laugh at them however and told the auditor where he could shove his pencil!)

Generally I would advise anybody involved in the purchase of software to ensure that they only work with vendors who manage both their licenses and purchasing centrally, keep a track of every invoice to do with a purchase in your asset management system as well as your financial one and ensure that all installation or license keys are recorded in the same system – it makes life a shed load easier later