Microsoft can audit any service provider they choose at any time. But there are some things that could increase your risks for getting an SPLA audit, including:
- Mergers and acquisitions – especially purchasing another company
- Hosting software from a third-party
- Higher or lower SPLA reporting
- Discrepancies on related products (Office/RDS, SharePoint/SQL, etc.)
- Forgetting/missing or avoiding a SPLA report
- Reporting minimal usage despite advertising hosting offerings
- Provide solutions on Microsoft Software as a Service without a SPLA agreement
What to do in relation to an audit and how to prepare.
Rule number 1:
Respond to the auditor and their requests in a timely and professional manner – Provide the requested information but nothing more. If the auditor perceives you to be uncooperative, they will most like assume you are trying to avoid the audit or mislead them on specific things.
Rule number 2:
Be careful when accepting timelines/deadlines suggested by the auditor, providing data is often more time-consuming that you might think and you will benefit from having the time to deliver the right data.
Rule number 3:
License rules can often be interpreted differently and not everything is clearly described. The auditor’s interpretation may not be satisfying for you – Seek advice, if in doubt.
2 simple statements in relation to preparation:
- First of all, changing the past for audit purposes is a fraud.
- Secondly, you should run your daily business as you expect to get audited tomorrow.
These 2 statements may seem a bit harsh, but look a bit deeper into what they mean for your business, especially the second it means “If you are not in control of:
- What is installed,
- Who has access during the reporting month,
- Which changes were influencing licensing in each reporting month,
- How did you calculate the licenses needed, and
- Documentation on all of the above.
Then you are not fully prepared for an audit or self-assessment.
Your best defense for audit purposes is documentation – as described above – and this is a key feature in the SPLA manager application.
Did you know…?
Even though Microsoft appoints the auditor, it is the auditor that chooses the tools and processes for the audit?
Getting audited is not a random lottery? Even though some say it is, your chances of getting audited relates to several factors, like:
- Everybody should expect to get audited every 3rd year (even though some have not been audited in 7 or 8 years).
- The indications mentioned earlier on this page will also increase the chance of an audit,
- If you have been audited and it became costly for you, someone might check up on you to validate if you are in better control – after 2-3 years.