Who Audits Microsoft? What is a Microsoft audit about?

Who Audits Microsoft? What is a Microsoft audit? The annual audit instills confidence in the financial statements and the capital markets, something nobody misses until it’s too late – like in the early 2000’s. Yet investors rarely pay attention to the audit’s clearly stated cost, because audit fees don’t create waves that upset earnings forecasts.

Another reason investors care little about fees is the auditor’s opinion itself. The auditor’s opinion is the financial reporting equivalent of a horseshoe crab – a living fossil, hardly changed since prehistoric days. Basically a rubber stamp, the audit opinion says nothing about the work and thinking behind it. The proxy statement gives investors the amount of audit and other fees paid, along with sanitary assurances of propriety by the audit committee. Mildly reassuring, the disclosures are often boilerplate and convey little beyond the audit committee declaring, “We did our job.” Investors crave information, but this isn’t information they crave.

Table of Contents

Who Audits Microsoft?

As an IT manager, you can be subject, at any time, to a Microsoft audit request. The Microsoft EULA (End User License Agreement) you agree to every time you install Microsoft software means you accept the terms of its use and allow Microsoft to audit the use of any Microsoft software licenses installed on your network.

The Microsoft audit team periodically focuses on auditing particular industries and regions by running widespread audit requests. They’re looking to match what licenses a company has paid for to what they’re using. Of course, you don’t want to be the IT manager caught with unpaid licenses.

By using a tool to automatically update your software inventory and manage software licenses, you can help reduce the risk of paying for unused software licenses and better prepare for a potential Microsoft license audit. When you implement SolarWinds® Service Desk, you can automatically record and manage your entire PC inventory, including your Microsoft services. Service Desk is built to help you more easily manage your IT environment by bringing hardware, software.

READ How to use Microsoft Authenticator app? What is this about?

What is a Microsoft audit?

A Microsoft audit is a way to ensure you follow the rules and guidelines set by your agreement with Microsoft, such as the Enterprise Agreement or an alternative licensing program like CSP, Open, MPSA, or Select.

The initiation of an audit starts with an email/formal letter that the primary contact within your company receives. It is followed by a request for a formal kick-off call with Microsoft and the auditor. After that, the auditor takes full responsibility for the process, with Microsoft moving to the backend until the auditor submits the final results.

Microsoft only invites certain companies, called “independent auditors,” to perform software audits. These companies are usually part of the “Big Four” accounting firms: EY, PwC, KPMG, or Deloitte.

The entire idea of a volume license audit is to gather information regarding your installed software regardless of its use and compare it to your licensing records, thus establishing your “license compliance”. It is as simple as that (or maybe not, as we will see in the following guide).

Once the auditor provides you with a final effective licensing position report (ELP or LPR), Microsoft re-engages and moves to close the audit. The closure process is your second chance to mitigate the results provided by the auditor and fight off any errors and potential costs and fines accompanying the software audit process.

Why does Microsoft have the power to do an audit?

By signing one of the Microsoft agreements, such as MBSA, CSP, MPSA, Enterprise Agreement, or any other, you have agreed to the terms giving Microsoft the right to conduct an audit.

For example, this is what the MBSA – Microsoft Business and Services Agreement – includes:

Microsoft’s right to verify compliance,
Your responsibility to give the chosen independent auditor access to data and systems,
The requirement of 30 days’ notice before an audit,
Your right to have a confidentiality agreement with the auditor,
“Remedies for non-compliance” stipulating the audit penalties and the 30-day payment term,
The threshold for non-compliance, which is usually 5%,
Stipulations for when Microsoft may ask you to conduct self-audits.

READ What is Outlook 365? How can it help businesses grow?

What is the difference between a SAM Assessment and a formal audit?

A “Software Asset Management (SAM) Assessment” is a formal request by Microsoft for you to perform a “self-assessment” of your current licensing position. They would ask you to run tools or scripts – usually the Microsoft MAP tool application – and compare the results to your licensing purchases – perpetual, subscription, and Microsoft 365 licenses – and provide Microsoft with an official report using their online portal and templates. This report must be signed off by an executive team member and provided within a set timeframe.

A failure to cooperate usually ends in a formal audit by an “independent auditor” of Microsoft’s choosing.

The upside is that it is non-intrusive to your daily business. Plus, the final results do not carry penalties or the “independent auditor” cost that can reach fifty thousand dollars.

The official audit letter

Microsoft will email the official audit letter to the contact on the Microsoft contract from the Microsoft License Contract and Compliance Group (LCC). It will say something like the following: “Microsoft selected your company for a formal license compliance review.”

If you have never done this before, your adrenalin level will rise. It’s never the right time. You won’t know where to start. The advice we give every client is to relax. Nothing terrible has happened yet. Study their email calmly, casually, but carefully.

When you receive the notice, be sure to pay attention to the important details it contains, for example:

Your company’s name (legal entity) and its associated MBSA number.
If your company is part of a larger group of companies, keep in mind that Microsoft may only choose to audit a specific entity within that group. The audit should not affect the entire group.

READ What is Microsoft Ignite? Microsoft Ignite Spotlights?

Ensure the contract referenced in the notice is the one your legal entity actually signed.

The letter will refer to the 30-day notice period, which is a contractual obligation. According to the same agreement terms, your acknowledgement is not required.

You will have 30 days to communicate with the auditors for the first time, starting from the date of the notice letter. Please do not be concerned about this time constraint because:

The 30-day time frame is the only hard deadline specified throughout the audit process, apart from the 30 days to pay any penalties that may apply at the end of the audit.
The audit process will begin with a “kick-off” period, during which you can and should take control of the audit schedule.

What happens during the kick-off meeting?

The active phase of the audit process typically starts with a kick-off meeting. During this meeting, you will typically only meet with the auditors. However, Microsoft may also request to be involved. You have the right to express your preference to have Microsoft on the call.

When the auditors arrive for the kick-off meeting, they will provide you with the following materials:

A presentation deck that will provide an overview of the audit process, including the steps that will be taken, the data that will be required, the expected outcomes, and any other relevant information.
Questionnaires that you will need to fill out with information about your company, infrastructure, and use of Microsoft software.
Scripts to run on your devices, servers, and virtual machines.
Instructions on how to properly run the scripts are provided.

The auditors will also present you with a project plan outlining the desired timeline for the audit process. They may ask you general questions about your infrastructure and network. They will also inquire about the individuals or teams who will be your point of contact and stakeholders throughout the audit process.

Above is information about Who Audits Microsoft? What is a Microsoft audit about? that we have compiled. Hopefully, through the above content, you have a more detailed understanding of Who Audits Microsoft. Thank you for reading our post.