The High Cost Of Microsoft Audit Penalties
If stress kills, then receiving a notice with the opening line “Your organization has been selected to complete a Microsoft License Verification process” is practically lethal. As unpleasant as software audits are, if you have licenses with heavy-hitting vendors like Microsoft, IBM, and Oracle, it’s likely that software audits and compliance verification are just an unfortunate reality of business. So what are the Microsoft Audit fines and penalties that you could face when you receive an audit request?
At Metrixdata 360, one question that we hear brought up a lot is, “What will a Microsoft software audit or Microsoft SAM review cost my company at the end of the day?” This article will answer that question, focusing on where your expenses will accumulate the most in a poorly conducted Microsoft License audit.
For more information on how you can get a better handle of your software audit, please visit our article Microsoft Audit: 10 Powerful Tips to help you take back control.
Stay up to date on Microsoft’s Audit Penalties:
Download our Audit Penalties PDF:
Microsoft SAM Engagement vs. Software Audit
|Medium of Delivery
|You will be notified of a SAM review usually through an email.
|You will be notified of an upcoming audit through a formal letter in the mail.
|You are allowed to conduct a SAM review internally, using your own SAM tools and led by your own SAM team. It can also be conducted by Microsoft’s SAM partner.
|Microsoft will appoint a third-party auditor to conduct the process (this could be anyone from a specialized SAM partner to a large consulting firm like Deloitte or PwC).
|Voluntary or Not?
|Voluntary – sort of. Refusing to comply with a SAM review will likely result in being sent a software audit. In the minds of the software vendors, only those with something to hide refuse to be examined.
|Not voluntary. You’re contractually obligated to comply with a Microsoft License Audit. Ignoring a software audit can result in legal action on the part of the software vendor.
|The process is similar for both a SAM review and a software audit. Scripts on your network will be run, your Active Directory Records will be accessed, and deployment data from your SAM tool will be pulled throughout the process, among other similar tasks. This will be done to try and determine your usage of Microsoft products and then compare that to the licenses you own to create an Effective (or Estimated) License Position (ELP). If there are any grey areas, the auditors will take the liberty of assuming the worst-case scenario to inflate your license gap, therefore the quality and completeness of your data can have a significant impact on the final cost of the process.
|At the time of this post, under a SAM, Microsoft will not charge you any penalties. You will simply place an order for any license shortfalls against the terms of the contract that you purchased a license under (Enterprise Agreement, MPSA, Open, etc). In addition, you are not responsible for the cost of the SAM engagement as Microsoft funds the selected partner.
|Under an Audit, you need to read the terms of Microsoft’s rights to validate compliance in your contract to understand what the Audit Penalties are. If you are an Enterprise Agreement or an MPSA customer, this is typically found in your Business Agreement. It may differ depending on your region and the version of contracts you are under, but typically customers are subject to the Audit Penalty of paying the list price as well as an additional 5% penalty for all products found unlicensed. Any historical or contractual discounts the customer usually benefited from will not be applied. Customers will also be expected to pay for the auditors’ fees if they are found to be out of compliance by 5% or greater. How the 5% is determined varies but it is typically calculated based on the number of licenses owned compared to licenses required. You will need to read your agreement to understand what the exact terms of an audit with Microsoft are and what Audit Penalties you may be responsible for.
What are the Biggest Costs in a Microsoft Compliance Verification Audit?
Now that we can clearly distinguish a software audit from a SAM review, let’s talk about a few of the most common areas where expenses can accumulate. Settlements, true-ups, and wasted resources can prove the biggest detriment to a company’s license compliance during an audit. Let’s look at them one by one to answer why that is:
Settlements occur at the end of the software audit and determine the fine that the company will pay for being out of compliance.
If it is discovered that the company attempted to hide things from the auditor during the process, then the company can be held in breach of their contract, which can worsen the situation. A study conducted in 2013 by KPMG found that 52% of companies reported that the losses they had incurred through unlicensed software amounted to 10% of their total yearly revenue.
True-ups are a lump sum payment that companies produce after a set period of time has elapsed (such as a year or three years) to the software vendor within 60 days of the date making the anniversary of the initial purchase of the software.
The payment is intended to cover all the expenses for another term, but it will be inflated to accommodate any unlicensed software that was discovered during the SAM review or audit. In a SAM review, the discounts can still be applied for purchasing new licenses. However, the reason why true-ups can prove so detrimental in a software audit is because the discounts that companies would have otherwise had with the software vendors are no longer applied.
Suddenly having to pay for software products at full price can prove a huge expense for companies to pay. After a software audit, a survey conducted by Flexera, with input from IDC, found that a company with a revenue of 50 million can expect a true-up cost of roughly $263,000. Meanwhile, a company with $4 billion in revenue could expect a true-up cost of roughly $1.6 million.
One of the least known costs of a software audit is the loss of company time and resources. Software contracts can include clauses that state the “busy season” for a company and therefore a time when the company cannot be audited. When a software audit does arrive, it can still disrupt otherwise productive business hours. Workers often find their projects delayed or rearranged in the wake of an audit, while high-paid IT staff are often sent off to run fruitless errands at the software auditor’s bidding. To make matters worse, software audits can last anywhere from six months to multiple years.
Facing a Software Review or Microsoft Audit and Need A Guiding Hand?
Understanding where a SAM review or an audit can cost you the most money is important if you’d like to be able to prepare for each.
At MetrixData360, we would suggest that companies perform a self-assessment at least once a year to understand what their license position is. By doing this, you will have your own data to counter the auditor’s findings.
Over the years Metrixdata 360 has successfully defended companies from nearly every industry and saved them millions of dollars in heavy fines. If you’d like to know more about how Metrixdata 360 can save you money, check out our Audit Service page.