Any kind of activity within the IT world with the word “audit” in the name sounds about as much fun as pulling teeth. Such is the case with software audits which are generally performed by large software companies such as Microsoft, Oracle and SAP.
Microsoft tends to lead the conversation when it comes to software audits given their vast of products with numerous licensing models which may overwhelm even the most seasoned IT professionals. While an audit is something that should be taken very seriously it isn’t really something that we should be scared of if you’re well prepared.
Diaxion would like to highlight the various kinds of Microsoft audits that can be carried out and cover a few of the best practices you may use when preparing for an audit or true up exercise. We’ll work under the assumption that everyone desires to honestly purchase the particular software they are using. In the case when uncertainty is present, this would be the ideal time to start asking questions, with a view to quickly moving in the direction of compliance.
Types of Microsoft Software Audits
Microsoft commonly performs two types of audits: Software Assessment Management (SAM) and Legal Contracts and Compliance (LLC).
SAM: This is most likely the first type of audit you’ll receive. A SAM audit is Microsoft’s method of saying, “Let’s take a look to make sure you’re in compliance. If not, we’ll work with you to help bring your software licensing into compliance.” SAM is often known as a “self-audit” because you’ll be asked to complete forms detailing the Microsoft software components you’re using and then provide a comparison to what you have already purchased, commonly through a licensing provider.
This is often considered as Microsoft extending an olive branch. A number of companies have been offered deals or new licensing agreements to assist in facilitating them into compliance. Those that have gone through a SAM say Microsoft will usually be helpful as long as you are making an honest attempt to become compliant.
Microsoft will commonly pay for a SAM audit which usually is performed by a partner. Although participation in a SAM is voluntary, it should be understood that if you decline, you can expect to be presented with the next type of audit.
LLC: Microsoft will issue an LLC when the customer refuses a SAM. These are usually not voluntary and could mean that someone has accused your company of intentional software piracy. When you have been issued an LLC audit it may be best to consult a licencing specialist.
One of the points we make clear straight away is that this will be a serious matter, and that the penalties allowed by law are in the order of $150, 000 per named infringement.
Best Practices
Don’t Leave It – You don’t want the process to snowball on you. If you think your company may be out of compliance it’s best to get it taken care of as soon as possible. Microsoft will be a lot more understanding when they know you’re serious about becoming compliant.
Don’t Assume Legitimacy – Unfortunately, you will find dishonest resellers out there taking advantage of businesses by selling them fake software. What’s worse is that many companies do not realise they are using fake software until an audit uncovers the reality. Your best course of action is to work with a trusted certified reseller.
Keep All Receipts – You will be asked to prove you purchased that laptop running a copy of Windows 8 or even Office 2013. If it’s running Microsoft software you will need to prove that you legally purchased it, and that includes just about all OEM and Retail licenses.
Keep Current Inventory associated with All Software (not just the primary Microsoft suites) – This should seem like a no-brainer, but, by default or through organic growth and change you might have walked into a situation where it’s not really clear what software is being used within the organisation or a business you work together with. In this particular case, one of the first things you should do is perform a baseline inventory of all installed software. This will enable you to spot gaps in compliance. Microsoft provides a free Assessment and Planning Toolkit for this very purpose, and a number of vendors provide full asset management product suites.
Work together with your Supplier – There’s a good chance you won’t end up being 100% compliant for each listed item of software in your company. That’s perfectly normal, and Microsoft expects this. Microsoft also expects you to work reasonably quickly to become compliant, which will involve working with your licencing vendor to determine what is required and at what it will cost to become compliant. Management is usually going to want that number so it’s best to understand the costs as soon as possible.
Microsoft customers with an Enterprise Agreement (EA) or some other Microsoft Volume Licensing agreement are considered to be compliant, as long as the organisation has met the annual true-up requirements. Most audits are issued to customers under Open or Select type licencing contracts, which are used mainly by small and mid-sized companies.
According to a survey by IDC, almost 75% of software vendors believe their customers do not manage software license entitlements correctly.
If you’re running Microsoft software, there’s a good chance you’ll be asked to take part in a SAM audit at some point within the next year or so.
You could save yourself a lot of time and hassle by working towards becoming compliant instead of waiting for the notice to arrive!!!!
