We have a policy for software purchases/usage where we ask the vendor about open source components, that are disclosed, to make sure they have commercial acceptable licensing, appropriate methodology, procedures in place, etc. We track our software licenses (E.g. Microsoft Office), through desktop support processes. This review is conducted by our IT Architecture SMEs. I hope that helps.