As for relegated/delegated responsibility to ensure organizational software licensing compliance, management is still accountable when intellectual property rights are violated. If the safeguarding responsibility is assigned to an ineffective and/or inefficient unit within an organization, IT audit should recommend an alternative arrangement after the risks are substantiated.
— Robert E. Davis
applicationsassurance-serviceaudit-assurance