When an IS auditor suspects unlicensed software usage, what should be the auditor's first action?

The first action an IS auditor should take when suspecting unlicensed software usage is to verify that the software is indeed in use through testing. By conducting such verification, the auditor can collect concrete evidence regarding the presence and extent of unlicensed software usage within the organization. This step is critical as it ensures any subsequent actions or decisions are grounded in factual, observable data rather than assumptions or unconfirmed suspicions.

This verification process typically involves examining software installations, inventory records, and licensing agreements. Once the auditor has established whether unlicensed software is actually being utilized, they can then make informed recommendations or report findings to management. Addressing the core issue with evidence not only strengthens the auditor's position but also provides a clear basis for any discussions with senior management or for inclusion in the audit report.

Engaging with senior management, documenting the findings, and discussing the situation with them are important subsequent steps but should occur after the initial verification has confirmed the auditor's suspicions. Therefore, establishing the fact that unlicensed software is in use is a necessary first action to guide further responses effectively.