Microsoft Audit Penalties

The High Cost Of Microsoft Audit Penalties

If stress kills, then receiving a notice with the opening line “Your organization has been selected to complete a Microsoft License Verification process” is practically lethal. As unpleasant as software audits are, if you have licenses with heavy-hitting vendors like Microsoft, IBM, and Oracle, it’s likely that software audits and compliance verification are just an unfortunate reality of business. So what are the Microsoft Audit fines and penalties that you could face when you receive an audit request?

At Metrixdata 360, one question that we hear brought up a lot is, “What will a Microsoft software audit or Microsoft SAM review cost my company at the end of the day?” This article will answer that question, focusing on where your expenses will accumulate the most in a poorly conducted Microsoft License audit.

For more information on how you can get a better handle of your software audit, please visit our article Microsoft Audit: 10 Powerful Tips to help you take back control.

Stay up to date on Microsoft’s Audit Penalties:

Download our Audit Penalties PDF:





Microsoft SAM Engagement vs. Software Audit

SAM Engagement Software Audit
Medium of Delivery
You will be notified of a SAM review usually through an email. You will be notified of an upcoming audit through a formal letter in the mail.
People Involved
You are allowed to conduct a SAM review internally, using your own SAM tools and led by your own SAM team. It can also be conducted by Microsoft’s SAM partner. Microsoft will appoint a third-party auditor to conduct the process (this could be anyone from a specialized SAM partner to a large consulting firm like Deloitte or PwC).
Voluntary or Not?
Voluntary – sort of. Refusing to comply with a SAM review will likely result in being sent a software audit. In the minds of the software vendors, only those with something to hide refuse to be examined. Not voluntary. You’re contractually obligated to comply with a Microsoft License Audit. Ignoring a software audit can result in legal action on the part of the software vendor.
Process
The process is similar for both a SAM review and a software audit. Scripts on your network will be run, your Active Directory Records will be accessed, and deployment data from your SAM tool will be pulled throughout the process, among other similar tasks. This will be done to try and determine your usage of Microsoft products and then compare that to the licenses you own to create an Effective (or Estimated) License Position (ELP). If there are any grey areas, the auditors will take the liberty of assuming the worst-case scenario to inflate your license gap, therefore the quality and completeness of your data can have a significant impact on the final cost of the process.
Final Penalties
At the time of this post, under a SAM, Microsoft will not charge you any penalties. You will simply place an order for any license shortfalls against the terms of the contract that you purchased a license under (Enterprise Agreement, MPSA, Open, etc). In addition, you are not responsible for the cost of the SAM engagement as Microsoft funds the selected partner. Under an Audit, you need to read the terms of Microsoft’s rights to validate compliance in your contract to understand what the Audit Penalties are. If you are an Enterprise Agreement or an MPSA customer, this is typically found in your Business Agreement. It may differ depending on your region and the version of contracts you are under, but typically customers are subject to the Audit Penalty of paying the list price as well as an additional 5% penalty for all products found unlicensed. Any historical or contractual discounts the customer usually benefited from will not be applied. Customers will also be expected to pay for the auditors’ fees if they are found to be out of compliance by 5% or greater. How the 5% is determined varies but it is typically calculated based on the number of licenses owned compared to licenses required. You will need to read your agreement to understand what the exact terms of an audit with Microsoft are and what Audit Penalties you may be responsible for.

What are the Biggest Costs in a Microsoft Compliance Verification Audit?

Now that we can clearly distinguish a software audit from a SAM review, let’s talk about a few of the most common areas where expenses can accumulate. Settlements, true-ups, and wasted resources can prove the biggest detriment to a company’s license compliance during an audit. Let’s look at them one by one to answer why that is:

Settlements

Settlements occur at the end of the software audit and determine the fine that the company will pay for being out of compliance.

If it is discovered that the company attempted to hide things from the auditor during the process, then the company can be held in breach of their contract, which can worsen the situation. A study conducted in 2013 by KPMG found that 52% of companies reported that the losses they had incurred through unlicensed software amounted to 10% of their total yearly revenue.

True-Ups

True-ups are a lump sum payment that companies produce after a set period of time has elapsed (such as a year or three years) to the software vendor within 60 days of the date making the anniversary of the initial purchase of the software.

The payment is intended to cover all the expenses for another term, but it will be inflated to accommodate any unlicensed software that was discovered during the SAM review or audit. In a SAM review, the discounts can still be applied for purchasing new licenses. However, the reason why true-ups can prove so detrimental in a software audit is because the discounts that companies would have otherwise had with the software vendors are no longer applied.

Suddenly having to pay for software products at full price can prove a huge expense for companies to pay. After a software audit, a survey conducted by Flexera, with input from IDC, found that a company with a revenue of 50 million can expect a true-up cost of roughly $263,000. Meanwhile, a company with $4 billion in revenue could expect a true-up cost of roughly $1.6 million.

Wasted Resources

One of the least known costs of a software audit is the loss of company time and resources. Software contracts can include clauses that state the “busy season” for a company and therefore a time when the company cannot be audited. When a software audit does arrive, it can still disrupt otherwise productive business hours. Workers often find their projects delayed or rearranged in the wake of an audit, while high-paid IT staff are often sent off to run fruitless errands at the software auditor’s bidding. To make matters worse, software audits can last anywhere from six months to multiple years.

Facing a Software Review or Microsoft Audit and Need A Guiding Hand?

Understanding where a SAM review or an audit can cost you the most money is important if you’d like to be able to prepare for each.

At MetrixData360, we would suggest that companies perform a self-assessment at least once a year to understand what their license position is. By doing this, you will have your own data to counter the auditor’s findings.

Over the years Metrixdata 360 has successfully defended companies from nearly every industry and saved them millions of dollars in heavy fines. If you’d like to know more about how Metrixdata 360 can save you money, check out our Audit Service page.

Book a Meeting with Your Office 365 Licensing Expert

Software Auditors: Top 10 Silly Things They Say

Software Auditors say lots of silly things that make you shake your head. So much of it is truly laughable if you know their act.  However, I think some Software Auditors actually believe they are saying the truth when they utter these statements.  Sometimes when you are in an audit, you just have to be able to laugh at the ridiculous nature of the situation.

Without Further Delay – Here Is The Top 10 List Of Silly Things Software Auditors Say:

 

#1 Its A SAM Engagement, Not An Audit.

If you believe this, I have a bridge to sell you in Brooklyn.   There was actually an element of truth to this at Microsoft around 10 -15 years ago but, not anymore. You can’t say no to it and once the software auditors disguised as SAM specialists are in the door, they will follow the same process as an audit.  Really the only difference between a SAM Engagement and an audit is the remediation.  We have written a few great blog posts on the difference between a SAM Engagement and an Audit and you can check them out below:

    •  How Does A Microsoft SAM Differ from an Audit.

 

software auditors dont believe you

#2 This Will Only Take 4 Weeks.

It starts off simply enough and the software auditors say that the audit will only take 4 weeks.  Phew!  That doesn’t sound so bad does it?  Then you start thinking about it and realize that you have a large, complex environment.  Some of it may be effectively fire-walled from your SAM Tools for regulatory or security reasons.  The software auditors will likely then tell you that they won’t accept output from the SAM Tool you have poured time and effort into enabling (I’ll get to that soon enough) and instead insist that you to run their proprietary scripts, Active Directory Scans and perhaps Microsoft MAP.  Oh, and they may also want screenshots from various consoles.

Lets just assume that you can get approval to run these scripts, or for the sake of expediency that your security department ceases to exist and you have all the server admin access that you need.   Now you need to ask yourself, why you are in a rush in the first place?  You didn’t ask to be audited nor should the timeline really matter to you.  You have a business to run.  MetrixData 360 can of course help you out and show your organization how to push back.  In my opinion, the only way an audit gets done in 4 weeks is if you blindly and rather naively agree with everything the software auditors present and then cut a big fat check to the software publisher.

#3 We won’t accept outputs from your SAM tool.

I told you I’d get to this one!   You’ve been diligent and invested a SAM Tool like SCCM.  You spent time, money and resources to get it up and running and you’re pretty confident that at a push of a button you can give the software auditor what they are asking for and prove that you are on side with your software licensing compliance.  Brace yourself as the software auditors explain that they won’t accept outputs from your tool and instead insist you run their proprietary scripts.   I always giggle when Microsoft won’t accept outputs from SCCM/System Center as I think it speaks volumes about that tool.

Software Auditors will typically stand firm on their non acceptance of your SAM tool output in a formal audit but, there will be more flexibility in a SAM Engagement.  The reason for this is that SCCM/System Center struggles to properly/accurately identify SQL Editions.  It may be to your benefit to supplement your SQL inventory with a quick targeted Microsoft MAP scan that will confirm the actual editions deployed vs auditors “assumed editions” deployed.

#4 We Need This Data Point and We Need It In 5 Days.

There will come a point where the Software auditors will make a licensing data request and give you a ludicrously short time period to collect the data.  They will say it seriously and act surprised when you explain that it is not possible to capture a full data scan of a 40,000 seat environment spread out over a large geographical area.  Even though you want to comply with their request, its simply impossible within the time frame they insist on.  The Software Auditor’s reaction will be pretty predictable.  Shock, surprise and a haughty, “how much time do you think you need?”.  This is often then followed up with, “we expect to finish this engagement in 4 weeks”.

This is where you calmly try to provide a reality check for them about the time and effort which is required to fulfill these sorts of requests.  Its worth noting that most software auditors have never walked a mile in your shoes.   They have never had to do anything other than pour over deployment and licensing data.  They certainly don’t know or more accurately, don’t care about how impossible the request may seem.   My advice is to take a hard stance and push back with a realistic time frame to compile the requested data and do your best to keep to that date while focusing on your day to day business tasks.  If its looking like you will miss the date let them know in advance and re-set expectations.

#5 This Report Contains All Your Entitlements.

At some point the software auditors will want to do a complete pull of all the software licenses (entitlements) that they have on file for your organization and present it to you.  You’ll look and it and quickly see that they are missing a substantial amount of your estate.   Perhaps they missed company names that you formerly did business under, acquired or they missed an entire geographic region all together.

The other big “gotcha” is that this report will not include OEM licenses, retail boxes or any valid license acquired outside of a volume licensing program.  Just because licenses were not acquired via a volume licensing program, does not make them invalid but, you need to be able to prove it.

#6 Thats Not An Entitlement!

I  love Hunter S. Thompson and I always have found him to be an endless source of great and weird quotes as the man was a living meme.  Well, buckle up because things are about to get weird!  We talked about how the entitlement report that the software auditor initially provides will lack any software license purchased outside of a volume licensing program.  The auditor will agree that you may have OEM or retail boxes that have valid licenses kicking around in your environment.  Your challenge will be providing evidence that yes, you did indeed buy OEM/Retail boxes and having the auditor accept it.

Depending on the publisher, some auditors will accept photocopies of jewel cases, other will want accounting records or physical retail boxes.  Its a good idea to check and understand what they will accept as a valid license.  Personally, I’ve had the experience of going through this process of asking what they will accept, gathering it and then being told that they will not accept any OEM license as a valid entitlement.  This was with Adobe and we were ultimately able to get them to accept a few thousand OEM licenses in that case.  Just be prepared for an uphill battle and reach out to us if you need help or have questions.

Jennifer Lawrence Thumbs Up GIF - Find & Share on GIPHY

#7 Of Course We’ll Remove Those Items From The Spreadsheet.

This one is one of our team of analyst’s pet peeves.  The auditor provides you with the the ELP (Effective License Position) and upon review a whole bunch of errors jump off the page at you.  These errors of course inflate the gap.   You prove that several of the line items need to be removed and provide extensive details such as:  Its a Dev/Test server, its not a SQL Server – It only contains SQL bits, Its double counting multiple copies of Microsoft Office on the same PC.  The “friendly” software auditor agrees with you verbally that these items will be removed.  This usually leads to the feeling that you’ve made some great progress towards a reasonable resolution.

A few days go by and they provide an updated ELP to you.  A quick glance shows that most or all of the items they agreed to remove are still there.  Now, you need to explain again why they need to remove them.  Basically, a rinse and repeat.  We generally find that the larger the dollars associated with these line items, the harder it will be to get them removed, even if its pretty obvious they shouldn’t be showing as a gap.  The reason for this is that the auditor will often lack the empowerment to remove anything substantial from the ELP.  This then becomes a negotiation with the software vendor/account team.

#8 This Is Cut and Dried

Software auditors love to make it sound like they deal in facts and absolutes….You know, like a real auditor.  The truth is that this isn’t a forensic accounting audit.  In many cases, the software vendor may outsource the audit to an accounting firm.  Sounds good right?  Keep in mind you are not their client, the software publisher is.  They don’t come out and say it but they are not governed by the same principles that they would in a forensic audit.  Their goal is to drive revenue for the vendor and/meet a sales number.

I guess what I’m trying to say is that, software auditors will make things seem like they are black and white when the reality is, that we are dealing with grey areas.  Here at MetrixData 360 we specialize in helping you get right to the optimum deal.

#9 Everyone In The Organization Needs the Highest Edition of a Product

Auditors often make the assumption that everyone in the organization needs the highest and coincidentally the most expensive edition of a product.  Oh, we see you have a shortfall of Office licenses and they will propose Office Professional Edition to deal with it.  Really?   Or you have a shortfall on developer tools and the auditor proposes that the best way to cover the gap is to purchase Visual Studio Enterprise.

You don’t always need to buy the flagship product offering.  Just like for Office 365 not everyone needs E3 or E5.  Sometimes E1 is just fine depending on what your users need and use.

Barry Sanders GIF - Find & Share on GIPHY

#10 This Isn’t A Negotiation, Its an Audit!

We made it to #10!  Despite what the software auditor tells you, an audit/SAM Engagement is ALWAYS a Negotiation!  A rule of thumb we use internally is that when you are given a compliance gap by an auditor, 80% of it is junk that with detailed licensing knowledge and when presented back to the software auditor properly, can be removed.  10% of it is open to interpretation and negotiation and the final 10% is a usually the real gap.

We know from experience, most organizations won’t have the deep licensing knowledge and vendor specific skills required to push back effectively.  Give us a call and lets see if there is an opportunity for us to help you!

We specialize in helping organizations defend themselves in software audits and SAM Engagements.  In you are in an active engagement or are just concerned that you are at risk just drop us a line and we will be happy to chat with you about it.   We’re here to help defend you and help you to be proactive in terms of audit preparedness! 

Flexera’s Initiative with Microsoft a Silver Bullet for Software Audits?

Microsoft and Flexera recently announced a partnership that they claim will use a standard set of software asset management tools.  Click to Read Article

Customers who deploy both Flexera’s FlexNetManger Suite and Microsoft’s Intelligent Asset Manager (part of SCCM) would be allowed to set an “agreed upon ELP baseline”.  An ELP is an Estimated License Position that shows you how your licenses owned relate to your software deployments and outline any overages or license shortfalls.  This announcement does not state if this “agreed upon ELP baseline” will be documented in any contracts.

At Microsoft Inspire 2017 conference Flexera CEO Jim Ryan described the program like an electrical provider, stating that to audit electricity consumption you simply attach a meter and bill accordingly to the meter.

Three issues were identified in the aricle:

#1 Near Term Exposure:

The cost to deploy the Flexera-Microsoft tool would need to be accounted for.  It is also indicated that this deployment would likely be done by either Flexera (with the clever nickname FlexeraSoft) or Microsoft looking over your shoulder.  This would mean that once the tool or meter is installed any licensing exposure could be agreed upon immediately causing the company to remedy any shortfalls right away.

#2 Long Term Exposure:

The question posed is what exactly will this tool be measuring?  Microsoft has in the past promoted Unified Logic’s Movere tool which is said to monitor the high-water mark of software usage.  The challenge with this approach is that spikes in product usage could be attributed to changing configurations.  These changes may not necessitate purchasing licenses however.

#3 SAM Tools Can and Do Fail:

It is next to impossible to create a SAM tool that does it all.  Since Flexera and Microsoft are developing this tool it is likely that the programming will be done to their favor not yours.  They also tend to operate under the paradigm that you can just do this and ignore important things such as your security protocols when pitching the simplicity of this program.

MetrixData360 and others have SAM options that are independent of Microsoft and we suggest that anyone considering this offering careful review their options before going with a vendor supported (in their favor) solution.

Click here for more details.

Google Introduces Chrome Enterprise subscriptions for $50 per Chromebook per year

Organizations should be ready for Chromebooks to hit their organization and Google is going to take a swat at Microsoft with a new bundle of services that put the Chromebook on par with Microsoft Windows.  Chrome Enterprise will provide management features to allow for support of a fleet of Chromebooks, virtualized desktop applications and theft prevention to name just a few.  In addition it includes one of the most important features: authentication to Microsoft’s Active Directory!

The price for this service is $50 per year per managed Chromebook.  Google did not state if large Enterprises will be eligible to receive discounts on this price.  Google will be also adding support for enterprise mobility management into Chrome OS with this launch with VMware Airwatch to start and other EMM providers to follow.  This move is seen as giving organizations an opportunity to utilize low-cost Chromebooks in their enterprises instead of Microsoft Windows.  The cost of $50 per year may seem high but many organizations are paying $84 or more for Windows Enterprise E3.

MetrixData360 is seeing more large organizations looking for ways to decrease hardware costs and this announcement from Google may be a step in that direction.  Anyone looking to decrease licensing and overall costs may want to seriously look at Chrome Enterprise.

SAP Indirect Access: Are You At Risk For A $600M Audit Settlement – Webinar Replay

SAP Indirect access is becoming a hot topic as its driving huge audit settlements for SAP.  Anheuser-Busch InBev, one of the world’s largest brewing companies, has notified SEC that SAP claimed “damages potentially in excess of $600m” on the grounds that the former had allegedly breached its software license agreement. Just a few weeks before this came to light, the high court in London has ruled in favor of SAP against Diageo, another large brewer with a similar claim for approximately £54 million pounds. Both claims are related to a license term named “Indirect Access”, where SAP views that users that ‘indirectly benefits’ from any SAP solution, regardless whether they each have a user account within the SAP solution, needs to be licensed.

Your organization may be exposed to the same license compliance risk if it any of the below applies – Deploys any SAP solutions – Integrates SAP systems with other SAP or third-party applications – Allows external user access – Allows user to access data within SAP via an integrated application Top Learning Objectives from the Webinar: – Understand of the concept of SAP Indirect Access – Learn to assess your organization’s current Indirect Access Risk (IAR) level – Learn potential options to remediate IAR

During this Webinar we break down the risks of SAP Indirect Access and explain how you can be proactive to fix any gaps before SAP comes looking for a settlement.

How Does a Microsoft SAM Audit Differ From a Review?

Microsoft SAM vs Audit

Aah, the Microsoft SAM. I’m sure by now that you have been offered a Microsoft SAM Engagement by your “friendly neighbourhood” Account Team. If not, it’s likely coming. It seems that just about everyone has had the offer of a Microsoft SAM Engagement dropped in their lap, and clients are not sure if this is a friendly engagement or a full-blown Audit.

Let’s be honest, NOBODY likes the prospect of an Audit, but an Audit certainly does generate a TON of revenue for all software vendors. Of course, Microsoft will tell you that a Microsoft SAM Engagement is not a full-blown Audit, because Audit’s don’t sit well with customers. However, it may seem that a Microsoft SAM Engagement is indeed a warm and fuzzy way of telling you that you are about to be Audited.  I’m going to explain some of the similarities and differences, so you can be the judge.

  • A Microsoft SAM Engagement is usually completed by Microsoft or a trusted Partner. The Microsoft Audit is conducted by a 3rd party auditing firm.
  • The Process between a Microsoft SAM and a Microsoft Audit are the same. In both situations, the auditors will look to run the same tools, pulling the same data (often more than is required), and making the same assumptions based on that data.
  • Under a Microsoft SAM Engagement, if potential licensing gaps are found, a client can deal with any gaps by making purchases under their existing agreements. In an official Audit, the vendor often has the right to push that any licensing gaps be addressed at list price plus an uplift (usually 15%).
  • Under a full-blown Microsoft Audit, you may be required to pay for the 3rd party Auditor fees in full. Under a Microsoft SAM Engagement, you will not have to pay for the process.
  • Clients ask if they can decline a Microsoft SAM Engagement. The simple answer is “yes”, but I stress that this is generally NOT a good idea. If you have been selected for a full-blown Microsoft Audit, you cannot decline.
  • Both the Microsoft SAM and the Microsoft Audit are huge revenue generating tools for Microsoft. While the Microsoft SAM approach tends to be softer than a full-blown Audit, the end result is often a sizable check being written to Microsoft.

The best way to prepare for a SAM Engagement or Microsoft Audit is to not face them alone. MetrixData360 specializes in helping our clients through the process while freeing up your resources.

Looking for more Information on Microsoft SAM Audits or Engagements?

What to Google When You’re Being Audited by Microsoft

What Triggers a Microsoft Audit

Negotiating a Microsoft Audit or SAM Engagement

Microsoft True Up – The Best Way to Deal With One – Video

Microsoft True Ups are an annual event for most of us. Do you know how to optimize your True Up and avoid over paying for licenses you don’t require? On this webinar MetrixData360 shares best practices to avoid overpaying on a True Up.  On this video we will show you how to interpret Microsoft’s licensing rules, examine your deployment data and understand how to reduce your True Up costs.

Join Mike Austin as he shares his insights and cuts through the confusing jargon with straight talk! Mike Austin has been involved in countless Microsoft negotiations and audits and has negotiated over $1B in software cost reductions.

 

 

Non-Disclosure Agreements in Software Audits

Software Audit? Non-Disclosure Agreements Are A Must

Non-Disclosure agreements in a software audit are one of the most important things you need to get in place if you are being audited.  With more and more software vendors utilizing third party auditors to compile the actual audits and create the Effective License Position (ELP) having a Non-Disclosure agreement in place is essential.

It’s not new news that software audits are becoming more common and aggressive.  In fact, here at MetrixData360, we’ve been beating this drum for years. One of the patterns we have seen emerge is that various vendors are utilizing third-party auditors to compile the licensing position.  These third-party auditors can be accounting firms or just partners of the software vendor.  In either case, it’s critical that you get specific non-disclosure agreements in place to protect yourself as in many cases they are incentivized to drive a licensing gap.

Software Auditors Don’t Work For You

It’s important to remember that these third-party auditors work for the vendor and are paid by them as well.  In most cases, we understand that they are rewarded for driving licensing gaps.  They will run their scripts, request various deployment data from you and present you with an ELP which shows your entitlements juxtaposed with your deployments and identifies any gaps in licensing.  It is important to note that the first few ELPs that they present to you will be error-filled and will include incorrect assumptions.  You will then present evidence and work to ensure that it is correct.  In our experience these first few ELP’s skew heavily in the vendor’s favor.  You don’t want them to assume that these early ELP’s are representative of your true licensing position.  This is where the non-disclosure agreement comes in.

Make Sure Your Data Stays Yours

The most important thing that you want to achieve in this non-disclosure agreement is to ensure that they (the third-party auditor) cannot share data with the organization that has commissioned the audit without your approval.   This seems straight forward but in our experience without a non-disclosure agreement in place, these third-party auditors will often share data before it has been signed off on by your team.  The result is that the vendor will see early, incorrect versions of the ELP.  This may include development and test environments, out-of-scope products, etc. This often will cause them to forecast purchases for you based on incorrect data and it makes it harder to get them to accept the correct data when it is ready.

The goal will be to ensure that when the ELP finally is released to the vendor it contains clean, correct data that you are comfortable with. This will help to make any negotiations smoother and eliminate misunderstandings.  If you have any questions about this process, contact us to book a free consultation

What Triggers a Microsoft Audit?

Crucial Insights: Understanding Microsoft Audit Triggers and Strategies for Minimizing Your Risk

Has it happened to you yet? You know, that terribly uncomfortable experience known as the Microsoft Audit or Software Asset Management (SAM). If you have been through an Audit before, you know they’re no fun. The entire process monopolizes a great deal of time and valuable resources. On top of that, they can be down-right expensive. Have you ever asked yourself “what triggers an audit”? The truth is that organizations are almost never told the reason(s) they are selected for and Audit/SAM. Make no mistake, there are things you can do to help you reduce your chances of appearing on Microsoft’s Audit radar. Let me break down a few key triggers for you;

1) Your Account Team Audits often start and end with your account teams, despite what they may tell you. It’s important to understand what motivates them and why they would approve an engagement.   The account team can trigger an audit for a variety of reasons ranging from ignorance of your environment to self-interest.  You need to bear in mind that all software account teams have an aggressive growth number to which they are accountable to drive in terms of sales to their accounts.  At a most basic level your account team may just be lazy and in my experience the less your account team knows about your organization the more likely you are to be audited/SAMed.

2) The Vendor’s internal Audit/SAM team has flagged you based on Analytics Often the software vendor’s audit/SAM team will approach the account team to ask if they can audit a specific account.   The SAM team will present a case for why the account should be audited and it will be up to the account team to make the final decision.   Often this can all come down to how well your account team understands their client.   If the account team understands how their client uses their technology they may see obvious gaps in the SAM team’s logic and deny the request.   An example of this is a SAM team that wants to audit a company based on lower than expected purchases of Windows Servers.   However, if the account team knows that the client is an industrial manufacturer who has an environment which is largely UNIX based (which accounts for the low Windows footprint) they may deny the audit.  They may also see a situation in your license statements in which they see a relationship between server and Client Access License(CAL) purchases which may make it appear that you are out of compliance.

3) Merger and Acquisition Behavior Beyond your account team, merger and acquisition behavior is one of the biggest audit triggers we see.  If you have recently been involved in this sort of activity, it will often cause you to pop to the top of the audit/SAM list for many software vendors.  The rational is in the aftermath of a merger/acquisition there is a period of confusion as systems are rationalized and some institutional knowledge may be lost.   In addition, inevitably both organizations will frequently have different levels of Asset Management maturity and there is the possibility that they have very different levels of software standards.  Publicly traded companies should know that their account teams are likely reading through their annual reports carefully.   They will be looking for signs of rapid growth in terms of revenue and head counts.  They will then be looking to see if these organization growth numbers correspond to the sales numbers they are seeing from the company.

4) They Truly Do Suspect that Your Organization is out of Compliance Sometimes your organization is flagged for an Audit/SAM engagement because the software vendor truly believes that you are non-compliant.  These are often the result of conversations between the vendor and your staff from various departments.   Usually it’s an innocent conversation but something was said (usually inadvertently) which made the vendor suspicious.  It can also be the result of possible festering ill will from something that happened in the past.

5) Zero Sum True Ups If you have a Microsoft Enterprise Agreement (EA) you are required to go through a True Up exercise on an annual basis.  The purpose of this is to account for growth that occurred during the previous twelve months.   If you have no growth, then you submit a form to Microsoft called a Zero Sum True Up form which indicates that no purchases need to be made.   The issue is that it appears that the submission of a Zero Sum True Up will quickly cause your organization to be examined and there is a high likelihood that you will receive a letter or a call requesting an audit/SAM engagement.

6) Audits are a huge revenue generating tool for Microsoft It’s all comes down to dollars and cents. You may have done all your due diligence and still get hit with an Audit letter. Audits drive huge revenue for software vendors, and they know it. It has become common place to see a company get audited at least once during their Enterprise Agreement.  In fact, you can count on it. As you can see, there are some common triggers for an Audit. You may also be selected for Audit for reasons outside your control. When the time does come for you to be Audited (the time IS coming), make sure you have a team of Licensing Experts on your side to help navigate the difficult process, reduce any potential gaps and ultimately drive down your licensing spend. If you’re being Audited, let MetrixData360 be your ace in the hole.

Find out more at www.metrixdata360.com. CLICK HERE TO BOOK A FREE CONSULTATION

Microsoft Audit: 10 Powerful Tips to Help You Take Back Control

If you have ever been involved in any aspect of enterprise licensing for your company, you may have faced the uncomfortable reality of the Microsoft Audit.

Not only can Microsoft’s Audits seem extremely invasive, it also requires a huge amount of your company’s time and energy to complete. The fact of the matter is, Microsoft Audits are not going away since they serve as a huge revenue-generating tool for Microsoft.

These audits might be presented in a variety of diverse ways; they might be called by a softer name, like Software Asset Management (SAM) engagements or reviews, and they might act like a friendly opportunity to optimize your licensing, calculate your annual true up, or navigate a license metric change (like processors to cores).

Always remember the goal of the software vendor though – they’re less interested in compliance and more interested in driving sales and revenue.

The amount of data required for a Microsoft Audit – in order to determine the licenses that you own, what products you have deployed, and how many licenses you actually require – can be overwhelming. Companies that are facing an audit can often be paralyzed by the massive volume of data presented.

As a business, you need to be proactive in managing the audit experience.

At MetrixData360, we’ve helped many clients through such a trial, so we know exactly what you need to do to prepare for any Microsoft audits that might be approaching.

Here are our top 11 tips and observations to help you successfully navigate the muddy waters of a Microsoft Audit.

Top 11 Tips on How to Handle A Microsoft Audit

  • Don’t Go Dark on the Software Auditor

If you are confronted with a SAM review, it is technically an optional engagement that you can decline, however refusing a SAM review will often result in you receiving a full legal audit.

Ignoring a software audit, on the other hand, can leave you in breach of your contract and Microsoft can take you to court. The financial and reputation damage that can ensue from such an event can be costly. So whatever you decide to do about your SAM engagement or audit, you should never just ignore it.

  • Define the Scope and Get a Non-Disclosure Agreement in Place

You can actually negotiate what data will be shared in advance of the audit by defining the scope of the audit.

Keep in mind what the auditors are here for — your money. By leaving the scope undefined, the auditors will keep searching through your data until they find something that meets their estimated return on investment.

You will also need to get an NDA in place with the third-party auditor that the software vendor may hire stating that no data will be shared with the software vendor without your explicit and written permission.

  • Data Is the Key – Get the Facts and Know Them Inside and Out

Have a strong understanding of your software in terms of deployment and licensing long before the auditors arrive. Not only will this lower the chance of an over-inflated compliance gap, it will also reduce the likelihood of being audited again by the same vendor.

Microsoft is more likely to come after you if they see you as a potential target for revenue. So, conducting an audit in an organized fashion that effectively captures what you actually owe will make you less worth the effort to audit a second time.

You should also perform internal audits regularly to maintain a strong knowledge of your internal environments, even if you are not currently being audited.

  • Be Prepared to Put In the Time

Whether it’s your own SAM team or a hired expert, the audit process is going to be time- and resource-consuming. Do not treat this audit like a side-project that is tossed at Procurement or a junior IT staff member.

If the auditors tell you that the audit will take no more than four weeks, take their word with a grain of salt since the average software audit or SAM engagement, from our experience, can take anywhere from six months to over a year.

  • Understand Your License Position

The Estimated License Position (ELP) takes all of the deployment data (inventory counts) and provides a view of the number of each product and version deployed then it will compare that against the number of licenses you own (simple to understand in theory, more complicated in practice).

If you are in a software audit, the third-party auditors hired by the software vendor to review your data will make their own licensing position for you. Any mistake they make will only inflate your compliance gap, which means more money for them. Do it yourself, creating your own ELP will give you something to challenge the auditor’s findings with and it will make sure it accurately reflects your usage.

  • Prepare to Explain Your Deployment Data

You need to know the numbers better than they do, so that you can make a proper defense for yourself during the settlement.

Do not allow external sources to make assumptions based on their limited knowledge of your software deployments and usage. They will always pick the worst-case scenario that results in the largest penalty possible for you.

  • Negotiate Before the Auditor’s Findings are Handed Off to Microsoft.

Ensure the ELP truly represents your environment prior to signing off to be released to Microsoft. If you have an NDA in place, you’ll be able to do this effectively.

  • Prepare to Respond to Unreasonable Requests.

You need to be confident in how your numbers are represented in your ELP, or your company’s IT budget will suffer from an over inflated compliance gap. If you don’t know what the software vendor is asking for, you could very easily help the vendor build a case against you.

  • Know Your Escalation Paths

Do not be afraid to escalate when and where it makes sense. Many businesses make the mistake of not offering a counteroffer to the auditor’s initial settlement price. They see it as set in stone but data can be interpreted differently and through negotiations, your penalty has the potential of being greatly reduced.

  • Don’t Let Them Play the “Us Versus Them” Game.

Don’t fall into the mindset of Microsoft License Specialist or SAM Teams vs your Account Team and don’t let finger pointing back and forth get in the way of you getting a concession

  • Engage an Outside Expert Like MetrixData 360

MetrixData360 has the experience, know-how and proven ability to speak the language of the software vendor to represent your interest in the most effective way possible. We can ensure you do not overpay millions of dollars just to settle a Microsoft License Audit. Our goal is to make sure you only pay the vendors what you owe them.

We will also free up your time and resources. Let the MetrixData360 team of experts guide you to manage the audit process to achieve the best results, for you! For more information, check out our Software Audit Defense and Self Assessment.

What You Google When You’re Being Audited by Microsoft

Facing a Microsoft Audit? Here’s What You Might Be Searching for on Google!

Have you received an audit letter from Microsoft? Here’s a glimpse of what you may search for on Google!

Metrixdata360.com