Audits are most commonly done as part of technical due diligence for mergers and acquisitions. When software is a significant part of a deal, the acquiring company usually requires the target company to have these audits performed in order to better understand the limits of, and risk associated with, the software that they are investing in or purchasing. A trusted third-party auditor performs an analysis and communicates results to the acquirer, while protecting the intellectual property of the target company.
Open source audits are not done just during M&A processes, though. They can be done at any time for any other reason, such as customer requirements, internal risk assessments, seller preparation, etc.