Microsoft’s Audit & Review; how to manage and prepare for it?

A friendly review or an audit from Microsoft is one activity every company or service provider of any size will eventually have to deal with. This is often not an ideal situation and it is always inconvenient.     

As a Volume License Agreement customer for Microsoft products, you may at some point receive an email with the description “Microsoft License Inventory – Software Asset Management.”    

A Software Asset Management also referred to as SAM request in your email will mean a SAM Audit asking you to provide an inventory of all Microsoft licenses from your company.   

What is the motive behind a SAM Audit?  

Microsoft does this to determine whether your “software household” is in order. The outcome is almost always the same: the company is not compliant, as it is called in the field of “license management”.  Actually, they just want to sell extra software to gain more revenue.   

Corrective actions must then be carried out and additional licenses must be purchased. The damage sometimes runs into the hundreds of thousands of Euros. An early internal audit by an independent party can prevent a lot of trouble.  This is not only for customers with an Enterprise Agreement, MPSA or Open Value contract but also customer and service providers with SPLA contracts.  

What you can do ahead of a Microsoft Audit    

Companies, especially IT Managers should not wait until Microsoft knocks on the door with an audit letter. They can proactively ask a specialized SAM company to conduct an independent internal review or audit to determine the license position.     

When it turns out that an organization is not compliant, remedial actions can be carried out calmly and clearly. This will be very different when a Vendor puts forward an auditor to carry out a review.    

In most cases, the party conducting the audit may be the customer’s reseller. The customer then faces two parties who both have an interest in selling as many licenses as possible and handing out fines.    

An early response and moves to allow the audit to proceed saves the company an expensive audit if Microsoft will have to send reminders or send an auditor over for proceedings.   

Conducting a friendly review is an important revenue model for a vendor. At that time, a customer has an interest in an independent party that operates on behalf of the customer to limit the damage as much as possible. Enforcing the licensing rules and closely performing license management are and will remain difficult matters for ICT departments.    

This is partly because the software used internally by customers often fluctuates.   

The various software manufacturers are also constantly adapting their complex licensing rules and conditions for their software. Good license management and staying up-to-date has therefore become almost impossible for organizations.   

What type of Audits and reviews do we have?

We have external audits and external reviews.  

Microsoft External Audit Explained 

During an external audit initiated by Microsoft, a third party will report its findings to Microsoft. Contrary to an external review, an audit is conducted by an official accountancy firm. This is an extremely intensive process during which this third party, e.g., KPMG or Deloitte, is physically present in your organization to run various tools that are used to generate a report for Microsoft. 

If it turns out that any software was not installed correctly or if you have not or not enough licenses for the software you use, you will be fined. Furthermore, practical experience shows that these accountancy firms tend to interpret the licensing regulations from the vendor’s perspective. As a result, it is quite common for higher charges to be employed, in addition to any incompliance that is found. Once again, independent advice is essential to ensure that you do not pay too much for your actual usage/needs. 

Q-Advise assists its clients throughout this entire audit process. This includes the communication that is conducted together with the client, with the auditors and the software developers. 

During this process, Q-Advise does whatever it can to take the pressure off your organization, so you have enough time and peace of mind to make well-considered decisions. It is important to take charge during this audit process and to understand your obligations and especially your rights as a client. 

Objectives during an External Audit are: 

  • Postponing the audit if necessary; 
  • Quickly assessing the current situation with regards to your installed base; 
  • Damage control: minimizing the damage or fine as much as possible; 
  • Ensuring that, in the event of non-compliance, the rectification fits as well as possible within your medium-term (3-6 years) IT policy.

Microsoft External Review explained 

During an external review, your organization’s licensing structure is assessed by an external party. This is not an ideal position to be in. They will draw up a report of their concrete findings, without revealing any necessary changes or improvements. Furthermore, these parties are not independent and operate by order of the developer. Your software supplier is often part of the same organization as the reviewer. 

Q-Advise has years of experience with assisting businesses during this review process to assess the damage of any hidden non-compliance quickly. There are many more possibilities during this process.  

Q-Advise has the right tools and expertise to quickly assess the damage of any hidden non-compliance. The goal is always to limit the risks and financial consequences of any non-compliance as much as possible. 

If a settlement has to be paid, we strive to make this an investment in your organization’s future, rather than a fine for its past. 

During this review process, Q-Advise assists the client during the interviews with the reviewing party and the negotiations with software developers that follow.

Our goals during an external review of your organization are: 

  • Postponing the review if necessary;
  • Quickly assessing the current situation in your organization with regards to your installed base; 
  • Damage control: minimizing the hidden non-compliance/redundancy of installations within your organization as much as possible; 
  • Ensuring that, in the event of not being compliant, the rectification fits as well as possible within your organization’s medium-term IT policy.

What role does an IT Provider perform towards an impending Audit?   

Immediately you receive an email requesting for an Audit, the timely manner with which you reply goes a long way to inform future Audit or Review activities from Microsoft.   

If you use an external IT service provider, then it is incumbent on your organization to quickly inform them to get to work. Yes! Get to work. This will mean putting documentation that contains all important data, such as license numbers, volume license agreements, number of PCs used together.   

Your organization more importantly, must be able to prove the licenses for all software. This documentation must be constantly updated between your organization and your internet provider.   

An audit or review does not have a duration to be carried out and to avoid a halt on your daily business operations looking at how time consuming the process might be, your license documentation should always be on standby.  

Your IT provider knowing how important a SAM or Audit is, having knowledge of how to carry out one, may carry out the entire SAM process on your behalf.   

Microsoft sends you an audit letter. What can you do?  

If an ICT Manager suddenly has to explain to his directors or management that additional licenses have to be purchased for  millions  of euros, they will not be amused. Q-Advise, as we specialize in independent software advice and support companies with reviews and audits would love to assist you.     

As an independent party, we represent the interests of the customer throughout the entire Audit or Review process if our client wishes.    

This way you can reduce the risk of compliance issues and prevent or recover from overgrowth. We often see that customers have mixed feelings about the fact that the reseller or auditor has a double role.    

Unlike other parties, Q-Advise does not operate on behalf of a software manufacturer or is not stimulated by the sale of additional licenses.  

Would you like more advice on Microsoft audits or compliance claims? Contact us today and save on licenses you won’t use after the audit.  

contact form

Name