10 Strategic Lessons for Tackling Compliance, Audits, and Software Licensing Risk in 2025

ITAM News & Analysis

10 Strategic Lessons for Tackling Compliance, Audits, and Software Licensing Risk in 2025

The ITAM Forum’s 2025 global ITAM research report in partnership with Azul reveals some fascinating insights into the financial, operational, and compliance risks involved in software licensing and audits. This article provides a high-level overview of the key takeaways. It also provides a comparison of how these findings clash with the reported priorities of IT departments in 2025.

I’ve compared the insights from this research with Flexera’s IT Priorities Report, published earlier this year, to give a flavour of how compliance audits and software licensing risk is potentially creating havoc beyond ITAM to impacting strategic priorities.

Below are ten strategic lessons learnt from the research, along with a table below that aligns these lessons to 2025 IT Priorities Report.

1. Compliance is a strategic risk factor

This research confirms that 37% of organisations cite software license compliance as their number one challenge and that more than a quarter spend $500,000+ annually addressing non-compliance issues. It represents a significant financial and governance risk that requires executive-level oversight. ITAM must be recognised as a strategic discipline that reduces exposure and improves regulatory posture, not an administrative overhead.

2. Audit frequency is increasing, but readiness is inadequate

More than 80% of organisations now perform software audits at least twice a year, yet, many still report difficulty maintaining accurate records, understanding licensing terms, and aligning internal teams. This points to a disconnect between frequency and preparedness. IT leaders should move beyond periodic audits and enable continuous audit readiness through education, planning, automation, and standardised processes.

3. Hybrid complexity is undermining inventory accuracy

Tracking license usage across on-premises, cloud, and remote environments is now the most cited operational challenge. Hybrid infrastructures have rendered traditional inventory methods ineffective. Organisations must implement tools capable of unified, real-time visibility across the estate. This includes addressing SaaS, containers, and ephemeral workloads—areas that are still under-governed in many ITAM strategies (Further validating the partnership with FinOps).

4. Java licensing is now a board-level issue

Oracle’s multiple pricing changes and the shift to employee-based licensing have made Java a focal point for IT cost and compliance. Nearly 80% of organisations have either migrated from Oracle Java, are in the process of doing so, or are planning to. Two-thirds estimate they could save at least 40% by moving to an open-source Java alternative. IT leaders must ensure Java licensing is regularly reviewed, alternatives are evaluated, and inventory is accurate to support informed decision-making.

5. In-house audit management is common but risky

Despite the complexity involved, 74% of organisations internally handle license discovery and audits. However, many lack the expertise, automation, and internal resources to do this effectively. This leads to missed metrics, audit fatigue, and costly surprises. CIOs should evaluate where third-party support, audit playbooks, and process automation can reduce risk and workload. IT leaders should also call upon their industry peers, via networks such as ITAM Forum, to learn from the experiences of other customers.

6. Security and ITAM are converging

ITAM and SAM teams are increasingly involved in security functions, including vulnerability identification, patch tracking, and cloud monitoring. 41% of ITAM teams help identify unsupported software, and 44% contribute to cloud security monitoring. As compliance becomes a security issue—particularly under frameworks like DORA, SOC 2, and ISO 27001—ITAM must be embedded into the broader enterprise risk and security model.

7. SaaS sprawl is a growing concern

34% of organisations report difficulties in tracking SaaS subscriptions, a significant concern given the uncontrolled growth of SaaS and shadow IT. Without proper tracking, licensing costs escalate and compliance falters. SaaS discovery tools, regular usage audits, and reclamation policies must be part of any modern ITAM programme. This is a CFO-level issue as much as it is an IT one.

8. Employee-based pricing models require cross-functional governance

Oracle’s move to employee-based pricing has forced organisations to retool their tracking and reconciliation processes. New systems, internal audits, and increased collaboration across IT, HR, and procurement have become necessary. This is a clear example of how licensing changes drive cross-departmental impact. ITAM leaders must be involved early in vendor negotiations and policy shifts to prevent costly misalignment.

9. Audit disruption is undermining project delivery

Audits don’t just cost money; they disrupt operations, delay initiatives, and introduce uncertainty into budgeting cycles. Nearly one-third of respondents reported unplanned financial and operational impacts stemming from audit activity. IT leaders should implement an “audit response playbook” that includes standard processes, communication protocols, and predefined remediation actions to mitigate this disruption, underpinned by an audit policy signed off at the highest level.

10. Cost optimisation requires executive sponsorship

Despite clear savings opportunities, many ITAM functions operate without sufficient executive visibility. This limits their influence and effectiveness. Open-source transitions, licensing rationalisation, and vendor exit strategies all require top-down support. CIOs must elevate ITAM and SAM into the strategic planning cycle—not simply to manage costs, but to unlock agility and reduce waste. As per point 1 above – ITAM should be positioned as a provider of business intelligence to support IT decision making, not an administrative function.

Strategic Alignment with Flexera’s 2025 IT Priorities Report

These findings align closely with Flexera’s 2025 IT Priorities report from earlier in the year. See the table below.

2025 IT Priority	Key ITAM/SAM report finding	Strategic Takeaway for IT Leaders
Cost Optimization	Two-thirds of organisations estimate 40%+ savings from migrating off Oracle Java	ITAM is no longer just about compliance, it’s a commercial lever. CIOs should empower SAM teams to lead cost-efficiency initiatives and fund transitions to open-source models where appropriate.
Cloud Governance & Maturity	29% struggle with visibility across hybrid IT 44% of ITAM/SAM teams actively support cloud security monitoring	Cloud governance must integrate ITAM disciplines. Cloud-native licensing needs continuous visibility. Alignment between FinOps, ITAM, and SecOps is essential.
Risk Management & Security	81% conduct audits at least twice annually 73% have faced Oracle Java audits 41% use ITAM to identify unsupported software	Software risk now sits squarely within IT governance. Leaders must embed license oversight into broader compliance and security frameworks to prevent audit surprises and reduce exposure.
Visibility Across Hybrid Environments	74% manage audits in-house despite resource constraints 33% cite difficulty maintaining accurate inventory records	Hybrid complexity demands automated discovery and usage analytics. CIOs must ensure real-time, normalised data across on-prem, SaaS, and cloud workloads, without overburdening operational teams.
Vendor Relationship Management	Oracle’s employee-based Java pricing triggered tooling and audit investments 31.7% are “very concerned” about Oracle’s licensing model	Vendor relationships need to be data-driven. ITAM must inform negotiations and challenge opaque pricing. IT leaders should back efforts to exit exploitative vendor models with credible, costed alternatives.
SaaS and Shadow IT Control	34% cite SaaS subscription tracking as a key challenge	SaaS growth without ITAM governance risks budget overruns and compliance gaps. Introduce SaaS-specific discovery tools, usage audits, and rationalisation programs linked directly to budgeting cycles.

 

The evidence is clear: software licensing and audit management are no longer niche responsibilities. They are core enablers, or blockers, of IT strategy.

IT leaders who treat ITAM as a cross-functional, data-driven discipline will position their organisations to reduce risk, control cost, and respond with agility in a complex and rapidly evolving digital landscape. As mentioned above – ITAM as a strategic supplier of business intelligence, not an administrative function.

Can’t find what you’re looking for?