Does it ever feel like you’re fighting an uphill battle when it comes to your Microsoft software audits? You try your best to keep up with the auditor’s demands, collecting data and checking licensing details, but it all amounts to you owing far more than you feel could be possible? This is a very common situation, as we have helped clients who despite their best efforts to work with the auditors, have found themselves being forced to pay out millions more than they need to. At MetrixData 360, we have Microsoft’s software audits down to a science and we have seen patterns in the common mistakes people make before we are called onto the job. So here are the most common mistakes companies make in a Microsoft software audit and what you can do to avoid them.
Common Microsoft Audit Mistake #1: You’re Trusting Microsoft’s Audit Team Too Much
Microsoft will often bring on a third-party auditing firm like Deloitte and KPMG, and it’s tempting to fall into the mindset that they are the professionals in this situation — that they know best. We have often seen companies that go along with the auditor’s every demand and who take the software auditor’s findings as though they were set in stone.
Solution: Remember Who the Software Auditors are working for
Microsoft hired these auditors and Microsoft may even pay them based on how large a compliance gap they can find. It’s not to say that the auditors won’t do their job properly, but they have no incentive to investigate grey areas or ambiguous findings when they could instead just assume that the most expensive case is the scenario and call it a day. These expensive assumptions can greatly over-inflate your compliance gap while lining the pockets of Microsoft and their team.
When the software auditor’s hand over your Estimated License Position at the end of their investigation, the important thing to remember is that it is, in fact, an estimate. It’s not a receipt like the kind you would get in the restaurant, think of it instead as the beginning point of your negotiations and it is important to challenge any findings you don’t agree with.
Common Microsoft Audit Mistake #2: You’re Handing Over Everything Without Question
Microsoft’s auditors can be an intimidating bunch and having Microsoft ticked off at you is not a good feeling. So, there can be a knee-jerk reaction to play nice, do damage control by complying with demands, and exposing your entire software environment to the auditors as a sign of good faith, to show you have nothing to hide. However, we have often seen how this can backfire on many well-meaning companies since not everything that the software auditors will ask for will be relevant to the software audit. One client that we helped through a software audit was asked for information that wasn’t relevant to the audit and would be used in a later case against them.
Solution: Ask Questions
You can and should ask for justification on any data requests, especially if you think they are outside of the scope of the audit. We did that for a client, and it resulted in the audit being brought to a standstill which lasted months, with the auditors going silent. Our client received valuable time to prepare their own defense and carry on with their business. There are some requests that you can push back against and some which you will have to comply with. Knowing which request is which will greatly benefit you during a software audit against Microsoft.
Common Microsoft Audit Mistake #3: You Have no Single Point of Contact
Who are the software auditors talking to? Where do they go when they want something? And who is tailoring a response for them? This is often a simple question that for many companies goes unanswered during their Microsoft audit to produce devastating results. If just anyone is talking to the software vendor, including people who may not have the best information to answer the question completely, then the end result is that you do not know what Microsoft knows, where the software vendor is getting these assumptions from and, therefore, having no way to correct or challenge any misplaced information.
It also makes it quite difficult to structure a proper defense for yourself if you do not know what the vendor could possibly use in their own argument, making you essentially blind during the software negotiation process at the end of the software audit.
Solution: Establish a Single Point of Contact as Soon as You Received Your Audit Notification
Establishing a single person or team who will be in charge of interacting with the software auditors should be one of the first things you do when you receive your software audit notification. This Single Point of Contact (SPC) will review all data before it is passed onto the software auditor in order to maintain a clear understanding of your company’s stance with the vendor. The SPC will also review any data requests that the software auditor provides in order to ensure it is relevant to the scope of the audit.
In the event that an employee is interviewed by the software auditor, the SPC will prep the employee to ensure that the employee is ready to address the questions with a full understanding of the answer.
Common Microsoft Audit Mistake #4: You Trust your Microsoft Sale’s Rep Too Much
Microsoft sales reps are often friendly in nature and may come across as though they have your company’s best interest at heart. Due to this seemingly friendly nature, many companies will trust their sales reps to understand their business needs and their compliance requirements. This trust has resulted in companies wasting time and energy purchasing licenses they don’t need while remaining exposed to compliance risks during their next software audit.
Solution: Know What You Want
Don’t let the sales rep tell you what to do because it is important to remember that at the end of the day, Microsoft’s sales reps have the main goal of selling you more licenses regardless of whether it is of any advantage to you. This is why it is so important that you have a good understanding of what you want and how many licenses you need in order to remain compliant and get your company to where you want to go from a software perspective. This type of visibility into your software environment is typically only achieved through software asset management if your software environment is large enough.
Common Microsoft Audit Mistake #5: You have no SAM Tool or Software Asset Management Strategy in Place
Software asset management is perhaps one of the best defenses you can deploy when it comes to protecting yourself against the heavy fines of a software audit. However, very few companies have a software asset management strategy in place and only consider employing SAM in their software environment after they have received their audit notice. To ensure the strongest defense, however, SAM should be a year-round endeavor, to ensure you don’t fall back into the SAM bad habits that opened you up to compliance risks in the first place.
Solution: Have a Strong SAM Strategy Long Before
Implementing a strong software asset management strategy not just during the event of a software audit but for all year round comes with many benefits including but not limited to:
- Realized Savings: Software asset management implemented in the long term can result in an estimated 20%-30% of your current software spending to be reclaimed and reinvested into your IT budget.
- Long Term Software Audit Defense: Clients who have implemented our long-term SAM strategies have found that they can sleep easy at night knowing that they are well prepared for a software audit if ever one should occur (and it will happen because software audits are a matter of when, not if).
- Improved Security: It isn’t often that SAM is thought of when considering IT Security but having a good understanding of your assets and making sure those assets are organized and not filled with noise can make the job of IT security that much easier. It’s also important to note that cybercriminals will often use old forgotten assets to enter your software environment and software asset management’s job is to hunt down such assets.
MetrixData 360: Microsoft Audit Specialists, Here to Help
At MetrixData 360, we have gone up against Microsoft on multiple occasions for close to a decade now. We have been tenacious in our approach to defend our client’s interest and our success can be found in the millions of dollars we have saved our clients over the years. We take a data-first approach, where we build a defense against the onslaught of auditors that allows us to beat Microsoft at their own game. If you’d like to learn more about our tireless defense of your business’s interests, you can contact us today and we can get started helping you through your next Microsoft Audit because MetrixData 360 has your back!