Microsoft can audit any service provider they choose at any time. But there are some things that could increase your risks for getting an SPLA audit, including:
In general, there are 3 different types of audits:
This is typically conducted by KPMG, Deloitte, E&Y etc. appointed by Microsoft
An independent audit is time-consuming, frequently adversarial and in most cases expensive.
The reason for this is that the auditor, even though they are independent, in many cases, will making assumptions that favored Microsoft to the detriment of the service provider.
The internal hourly spend on an independent audit is often in the hundreds and sometimes even higher.
This audit type allows the service provider to choose between 2 options of certifications:
The internally hourly spend on a self-certification depends on the internal processes, level of automation and historic documentation, etc.
This audit type shares components from both the independent audit and the self-certification audit.
As with the independent audit, a vendor coordinates the audit, including:
But as with the self-certification it is the service provider that is responsible for the data collection, and delivering this to the auditor/vendor.
The internally hourly spend on a self-certification depends on the internal processes, level of automation and historic documentation, etc.
It is worth noting, that in some SPLA agreements it is stated that an audit must be performed by an independent auditor. A vendor conducting a VSA may not be an independent auditor, but may have a closer relationship to Microsoft. Typically, these can be identified by their email address, which contains a “v-“, like: “v-“name”@microsoft.com“.
Rule number 1: Respond to the auditor and their requests in a timely and professional manner – Provide the requested information but nothing more. If the auditor perceives you to be uncooperative, they will most like assume you are trying to avoid the audit or mislead them on specific things.
Rule number 2: Be careful when accepting timelines/deadlines suggested by the auditor, providing data is often more time-consuming that you might think and you will benefit from having the time to deliver the right data.
Rule number 3: License rules can often be interpreted differently and not everything is clearly described. The auditor’s interpretation may not be satisfying for you – Seek advice, if in doubt.
These 2 statements may seem a bit harsh, but look a bit deeper into what they mean for your business, especially the second it means “If you are not in control of:
Then you are not fully prepared for an audit or self-assessment.
Your best defense for audit purposes is documentation – as described above – and this is a key feature in the SPLA manager application.
Even though Microsoft appoints the auditor, it is the auditor that chooses the tools and processes for the audit?
Getting audited is not a random lottery? Even though some say it is, your chances of getting audited relates to several factors, like:
You don’t have to go through the audit on your own? You can seek advice from your SPLA reseller/distributor or engage with a SAM expert, like Scott & Scott, splalicensing.com or others.
Vantaarnsvej 77, 3rd. floor
DK-2860 Soeborg, Copenhagen
sales@licensewatch.com
+45 24 46 66 08
3943 Irvine Boulevard, Suite 250
Irvine, CA 92602
sales.americas@licensewatch.com
+1 949 293 6698