Broadcom Audit Triggers: What Sets Them Off

Audits do not arrive randomly. Broadcom audits a customer because something in the customer's relationship with Broadcom — or in the customer's behaviour in the market — has surfaced the customer in Broadcom's compliance prioritisation. Knowing what surfaces a customer is the difference between being audited and being prepared. This article walks through the twelve most common triggers we observe across 280+ Broadcom and legacy VMware audit engagements, organised from highest to lowest frequency in 2025 and 2026.

The triggers are not equally weighted. A handful — lapsed SnS, refusal of VCF outreach, M&A activity — account for the substantial majority of audit initiations. Others are situational. Customers with any of the high-frequency triggers active should expect audit activity within three to nine months and should prepare accordingly.

Trigger 1: Lapsed or non-renewed Support and Subscription

The single largest audit trigger since the acquisition is a lapsed or non-renewed Support and Subscription (SnS) contract on perpetual VMware entitlements. When SnS lapses, Broadcom loses recurring revenue from the customer and gains an incentive to convert the customer to a subscription contract. The audit is the standard mechanism for that conversion.

The mechanism is straightforward: the audit identifies licensing exposure (real or contested) and proposes remediation in the form of a VCF subscription. Customers who let SnS lapse and continue to run perpetual VMware in production are over-represented in audit activity by roughly 4x compared with customers who maintain SnS on the perpetual estate.

Mitigation: maintain SnS on the perpetual estate as long as the cost is supportable, even if you have no intention of upgrading. If SnS must lapse, prepare the audit defence in parallel — entitlement reconstruction, deployment validation, and contract review — so that you are audit-ready before the audit arrives.

Trigger 2: Refusal to engage with VCF migration outreach

Broadcom has prioritised VCF migration as the central commercial motion for VMware customers since 2024. Customers who decline to engage with VCF outreach — declining workshops, declining "readiness assessments", declining to share deployment data for VCF sizing — are flagged in Broadcom's account management systems and frequently moved into the audit pipeline.

This is not punitive in a personal sense; it is process. The Broadcom commercial motion is designed to convert customers to VCF subscription. Customers who do not convert through the sales channel are routed to the compliance channel.

Mitigation: engage with VCF outreach at a level that does not require deployment-level data sharing. Aggregate environment data and forward-looking business requirements are appropriate inputs to a commercial conversation; per-cluster deployment data is not. Customers who maintain engagement at the commercial level are less likely to be routed to compliance.

Trigger 3: M&A activity

Mergers, acquisitions, and divestitures trigger Broadcom audit activity in approximately 35-40% of cases where the M&A activity is reported publicly. Broadcom's licensing terms permit transfers subject to consent, and Broadcom uses consent requests as an opportunity to verify compliance and to re-price entitlements at current commercial rates.

The trigger is particularly strong when the acquired entity has its own VMware footprint that overlaps with the acquirer, when the acquisition substantially changes the customer's revenue or headcount, or when a divestiture transfers VMware entitlements to a new entity.

Mitigation: handle entitlement transfers as a discrete project, with specialist advice, before approaching Broadcom for consent. Pre-empt scope expansion by clearly documenting the entitlements being transferred and the deployment they support. Engage independent counsel for the consent negotiation rather than relying on Broadcom's standard transfer template.

Trigger 4: Public job postings that imply expanded use

Broadcom's compliance organisation monitors public job postings for signals that customers are using VMware capabilities beyond their entitlement. Job postings that mention NSX, Tanzu, vSAN at scale, or VCF in a customer environment where the public entitlement record does not support that use are flagged.

This trigger is particularly active for customers who post technical roles publicly with detailed technology stacks. Postings on LinkedIn, Indeed, and specialist tech job boards are routinely scraped and matched against entitlement records.

Mitigation: avoid mentioning specific VMware product names or version numbers in public job postings unless they reflect a known and licensed entitlement. Generic descriptions ("virtualisation platform", "hypervisor administration", "software-defined data centre") provide the same signal to candidates without surfacing detail to compliance scrapers.

Trigger 5: SnS renewal sizing disputes

When a customer disputes the sizing of a proposed SnS renewal — for example, by declining to renew SnS on a portion of the estate that the customer believes has been decommissioned — Broadcom frequently routes the customer to compliance verification to confirm the customer's claim. The verification often becomes a broader audit.

Mitigation: document decommissioned entitlements at the time of decommissioning, not at the time of renewal. Maintain a contemporaneous record of clusters removed, hosts redeployed, and entitlements released. When the renewal arrives, the documentation supports the sizing claim and reduces the probability of compliance escalation.

Trigger 6: Industry vertical prioritisation

Broadcom prioritises audit activity by industry vertical. In 2025 and 2026, the prioritised verticals have been: financial services (banking, insurance, asset management), healthcare (providers, payers, pharmaceutical), federal contractors, large public sector entities, and large manufacturing. Customers in these verticals are audited at materially higher rates than customers in non-prioritised verticals.

The prioritisation is driven by a combination of audit yield (verticals where the average finding is large), commercial yield (verticals where the conversion to VCF subscription is high-value), and competitive considerations (verticals where alternative hypervisors are gaining traction).

Mitigation: customers in prioritised verticals should not wait for an audit notice to begin preparation. Annual entitlement and deployment reviews, with the same rigor as a formal audit response, materially reduce exposure if and when an audit arrives.

Trigger 7: Reseller channel changes

Changes in the customer's reseller relationship — switching resellers, consolidating purchases through a new partner, or moving from a reseller to direct Broadcom purchases — frequently trigger compliance verification. The trigger is partly process-driven (the new commercial relationship requires entitlement reconciliation) and partly opportunistic (the transition is a natural moment for Broadcom to verify the customer's full position).

Mitigation: complete entitlement reconstruction before any reseller change. Have a clean, validated entitlement statement available to provide to Broadcom on request, with supporting documentation. The proactive provision of a clean entitlement statement frequently pre-empts a formal audit.

Trigger 8: Public statements about VMware alternatives

Customers that publicly discuss migration away from VMware — in earnings calls, conference presentations, technical blog posts, or community forum discussions — are flagged for audit activity. The flag is not about punishing migration; it is about establishing the licensing baseline at a point in time before the migration alters the deployment footprint.

Mitigation: limit public discussion of VMware migration to high-level commercial framing without deployment specifics. Where migration is publicly material, prepare the audit response in parallel with the migration plan so that the inevitable audit finds a clean entitlement and deployment position.

Trigger 9: Whistleblower or insider tips

Broadcom maintains channels for current and former employees of customers to report suspected non-compliance. Insider tips — typically from disgruntled IT staff, recently terminated employees, or contractors who have been let go — account for a small but measurable share of audit initiations. The tips are credible because the source has direct visibility into the deployment.

Mitigation: maintain accurate, current entitlement and deployment records. Document any non-standard licensing positions (sub-capacity arrangements, hard partitioning, special transfer rights) with the contractual basis and the management approval. Insider tips are most damaging when they identify a real non-compliance position; they are weakly effective against a clean, well-documented position.

Trigger 10: Auditor referrals from related vendor audits

Where the customer is being audited by another software vendor (Oracle, IBM, SAP, Microsoft), the auditor may identify VMware deployment data that triggers a referral to Broadcom. This is particularly common where the customer is using a Big Four firm that holds engagements with both vendors.

Mitigation: tightly compartmentalise audit data exchange across vendors. Data provided in an Oracle audit should not be visible to a Broadcom auditor and vice versa. Where the same Big Four firm is conducting audits for multiple vendors, require contractual segregation in writing.

Trigger 11: Renewal cycle timing

Broadcom audit activity spikes in the quarter before major renewal events. The mechanism is straightforward: an audit-driven exposure creates commercial leverage in the renewal negotiation, and Broadcom prefers to surface that exposure before the renewal closes rather than after.

Mitigation: complete the entitlement and deployment baseline twelve to eighteen months before a major renewal. Where the baseline reveals exposure, address it in the renewal commercial negotiation rather than waiting for the audit to surface it.

Trigger 12: Random sample (low frequency, real)

A small share of audits — perhaps 5-10% — are genuinely sample-based, with no specific triggering event. Broadcom maintains a baseline audit volume across the customer base as a deterrence mechanism and as a statistical sampling of compliance posture.

Mitigation: the absence of any other trigger does not eliminate audit risk. Customers should maintain audit-ready entitlement and deployment records as a baseline practice, not as a response to a specific trigger.

How to assess your trigger profile

Take ten minutes and run through the twelve triggers against your own organisation. Score each from 0 (does not apply) to 3 (strongly applies). A total score above 8 indicates a high probability of audit activity within the next twelve months. A score above 12 indicates that audit preparation should be active and ongoing rather than reactive.

The triggers compound. A customer with one trigger active has perhaps a 20-30% probability of audit in the next twelve months. A customer with three triggers active has a probability above 70%. Customers with the high-frequency triggers (SnS lapse, VCF refusal, M&A activity) active concurrently should treat the audit as a matter of when, not whether.

The bottom line

Audits do not arrive randomly. They follow recognisable triggers, and customers with active triggers can predict the audit window with reasonable accuracy. The customers who consistently produce the best audit outcomes are those who recognise the triggers in advance and use the window between trigger and notice to prepare — entitlement reconstruction, deployment validation, contract review, advisor engagement.

The customers who consistently produce the worst outcomes are those who treat the audit notice as the start of the audit. By that point, the high-leverage preparation window has closed, and the customer is operating on Broadcom's timeline rather than its own.

For a confidential assessment of your trigger profile and the appropriate preparation, Contact us →.