Conducting a self-audit while facing potential copyright infringement claims from Autodesk or any other software publisher often is complicated and time-consuming. Nevertheless, it is critical to choose an appropriate method to ensure the audit results are accurate.
A self-audit usually may be conducted using various methods, including third-party scanning tools, such as Belarc, or manual inspection of each computer to obtain the installation information. In addition, Autodesk recently has started to advocate heavily for the use of its own AIA scanning tool in order to obtain raw data from audit targets.
Regardless of the method, however, a circumspect business should look at results from scanning tools - including AIA - only as starting points, not as end results. AIA and most other free scanning tools have been reported to elicit inaccurate information. Scott & Scott's clients have indicated that Autodesk's tool sometimes reports significant numbers of product installations later determined to be only free viewer installations. Reporting such raw data from AIA or other similarly over-inclusive tools therefore could result in drastically over-inflated audit exposure.
For this reason, automated audit results always should be subjected to secondary review for accuracy. Businesses with smaller networks may even choose to appoint an IT expert to manually investigate each computer to obtain the installations. While this method may be preferred when the network contains fewer than 10-15 computers, larger IT environments may require a different approach to verification.
Regardless of the method of self-audit, conducting a final review of the audit materials is essential to mitigate potential exposure. Once submitted, it is usually very difficult to revise the audit materials during the course of audit negotiations. If in doubt, seek professionals with experience conducting and defending against Autodesk audits.