First off, I am not a lawyer.... but the best option is to ignore them and hope that they go away. The BSA sends out scary letters all the time, but what can they really do? Send another even scarier letter? Don't talk to them, hang up when they call, and file their letters in a folder.
Here is how it works on the BSA side. A disgruntled employee contacts the BSA and makes the claim that a entity is using pirated software. They typically talk to the whisteblower multiple times on the phone and ask lots and lots of questions over and over before sending out the scary letter. They always run the risk that the person could be lying, crazy, or disgruntled.
In phase II, they get more legal and more specific and depose the informant and create a sworn statement. They put the informants claims in legalese and make them swear that it is true and sign it. After this happens, you will get scary letter two or three. Often times, the informant isn't disgruntled enough to perjure themselves and risk a countersuit from you company for monetary damages. The BSA will not go further without this because they don't want to be liable in a counter suit for civil damages. They need to show that they are acting in good faith that software piracy is occurring, without a specific sworn statement it amounts to hearsay. They pay a cash reward for information and they make the information work hard for the money they are never going to collect.
:)
If you open the door and say, "Come on in and audit us, we've got nothing to hide." you are building a case against yourself. Even if you are legal, you're not since whatever proof you think you have will not be enough to appease them. In my opinion, the only way they can come in is if you let them in or a judge orders the audit as part of a discovery in a lawsuit. Apparently the EULA you clicked "I agree" to on install allows for auditing anytime, but no one has ever tested this legal theory. Meanwhile, do your own audit and make sure you are clean. Make it as difficult as possible on them and hope they go away. Then quit being such a jerk to your employees so they quite calling the BSA or switch to Open Source.
:)
Watch this video for more details:
The Bully Software Alliance