The most valuable preparation is being well organized and having a complete and accurate administration. This can be difficult in large organizations where software and hardware are available through multiple sources. The auditee must provide proof of purchase for every copy of the software installed or accessed via invoices and receipts, Certificates of Authenticity (COAs), product keys, VL agreements, and any applicable purchase records.
If you perform an inventory of your installed and accessed software, do not forget that employees work remotely! When the software resides on a server you must ensure that every user or device accessing the product is licensed with appropriate user or device Client Access Licenses (CALs). Many users will use corporate assets on [HG1] personally owned devices such home PCs, tablets, and smartphones. A common violation is that virtual servers (primarily SQL) are being accessed remotely. Auditors know this, so they certainly will focus their attention on such areas.
A number of Software Asset Management (SAM) tools may help to partially automate the inventory process but manual research and documentation will be required as well. Most inventory tools for instance don’t account for CALs, nor do they adequately analyze virtual scenarios.
Once you have an accurate inventory of applicable software, devices, and users you’ll need to match the proof of purchase with each installation or instance of the software. If you cannot demonstrate that everything has been properly licensed and purchased, you will be out of compliance and subject to additional purchase and/or penalties.