Home  ›  Blog  ›  License Compliance Checklist
Audit Defence · Checklist

The annual compliance checklist — the 47 line items every enterprise should run each year.

A compliance checklist is not a SAM tool report and not a vendor self-declaration. It is a structured internal audit of the buyer's licensing position, executed by the buyer for the buyer, on a fixed annual cadence. The output is two documents: a current Effective Licensing Position by vendor, and a remediation log of any gaps with named owners and dates. Running this annually is the single highest-leverage practice in enterprise software governance. This article gives you the checklist — vendor by vendor, by quarter.

Updated: June 2026 Reading time: 11 min Audience: IT Asset Manager, CIO, SAM Steering Committee
Governance baseline

Before the checklist — the four governance preconditions.

A checklist run without governance produces a binder. A checklist run with governance produces a defensible compliance posture. Four preconditions before you start:

  1. Named SAM owner. A single individual accountable for the position, with a deputy. Without an owner, evidence trails go cold.
  2. SAM Steering Committee. Quarterly cadence; CIO, procurement, IT asset manager, independent advisor. Signs off the annual position.
  3. Document control. Versioned, dated, immutable. Audit-defensibility lives or dies on whether you can prove what you knew when.
  4. Contract library. Every executed master agreement, order form, amendment, and renewal letter, indexed by vendor and effective date.

No SAM owner today?

That's a six-figure issue at next renewal. We stand up the role and the operating cadence in 4 weeks.

Contact Us →
Q1 — Oracle & IBM

Heavy-metric vendors first — where the exposure is concentrated.

Oracle and IBM dominate audit settlements by dollar value because their licensing metrics interact with infrastructure choices in non-obvious ways. The Q1 checklist runs deepest here. When a run surfaces material exposure on either vendor, that is the moment to bring in structured software license audit defense — well before the vendor formalises a claim.

Oracle (12 line items)

IBM (6 line items)

Q2 — Microsoft & SAP

User-metric vendors where seat sprawl drives exposure.

Microsoft (10 line items)

SAP (8 line items)

Download the License Optimization Toolkit.

Includes the full 47-line annual checklist with worksheets, evidence templates and sign-off forms.

Get the toolkit →
Q3 — SaaS estate

Salesforce, ServiceNow, Adobe, Workday and the long tail.

Q4 — Cloud & AI

Cloud commitments and AI usage governance.

Want a turnkey annual compliance run?

We execute the full 47-line checklist with your team in 8–12 weeks.

Contact Us →

No annual compliance run on the books?
That's the gap your next audit will price.

We execute the full annual checklist, vendor by vendor, with your team. 8–12 weeks, predictable cost.

The Compliance Brief

Weekly compliance intelligence for IT leaders.