Here’s an example of an unsuccessful audit and what this Company could have done differently. True story. Don’t waste a failure. 

Customer A

Background

The Company reports roughly 75,000 USD a month in SPLA revenue. At one point, it was almost double that amount, but over the years, they moved workloads away from SPLA and into Azure. Although their SPLA has decreased, their CSP spend has increased significantly.

Five years ago, Company A went through an audit. They owed a small amount of money but were not nearly as large as now. Most of their growth has come by the way of acquisitions. Last year, Company A received another audit notification.   They were not as worried about the audit because they expected the same outcome as the previous one. 

The Process

The CEO received an audit notification specifying the audit process. A kick-off meeting would outline the requirements and what information they (auditors) would need to complete the project. This was conducted by a third-party audit firm, not Microsoft directly. Once the kick-off meeting was completed, they would move on to the data collection phase. They ran a scan of their entire infrastructure using the MAP tool and produced a raw data report. Once received, the auditors will compare Company A’s past usage reports and what was discovered during the audit. Whatever the delta is, ultimately, is what they would owe. 

The Outcome

This process was completely different than the original audit several years ago. Company A worked directly with Microsoft, not an audit firm. It was easier and completed on time. This new audit took a long time to complete. More assets (Servers/VMs) to uncover resulted in a longer time to perform the analysis. The longer it dragged out, the more uncomfortable senior management became. The Board wanted to move past this audit quickly to budget for the upcoming fiscal year. The auditors obliged; they didn’t want to spend too much time on the audit either. So, the auditors delivered a settlement letter with the total amount owed. The CEO was shocked. They initially thought they might owe about a month’s worth of licensing, but they owe well into seven figures. Completely unbudgeted, heads were going to roll. They pleaded with Microsoft, but the only option was to inquire about financing. Company A settled at the direction of their Board. Audit complete.

What did Company A do right?

They were responsive to the auditor’s request. I think this is a good thing. You shouldn’t ignore them, and your response is always appreciated.

What did Company A do wrong?

Everything outside of being responsive. Here’s what they should have done differently.

They have worked on their timeline, not the auditors. Company A should have taken a deep breath to respond but not rushed into something they were unprepared for. They knew their licensing wasn’t 100% accurate. They should have performed their risk assessment to understand their exposure.

Hired a consultant such as SPLA Man. You need to interpret and translate the data into a SPLA licensing report. This is also a great way to identify software you may have installed but never turned off or removed access. It’s good to get this information before the kick-off call.

They barely negotiated. The best Company A came up with is financing. When you negotiate with a major publisher, they must keep the conversation sales-oriented. When you don’t, it becomes very black and white. The product terms are the product terms, and you can’t change them. But leverage what you do have. In this example, Company A has a lot of CSP spend, leverage that. They also moved workloads to Azure. Guess what’s a top priority at Microsoft? Yes, Azure. 

They need a go-forward strategy. Maybe find a tool such as Octopus. Cloud to help manage installations more efficiently. Find your risk before it becomes a risk.

The key thing to remember is not only did Company A have to spend seven figures on an audit, but it also tells me they are not charging their customers accurately either. That’s the more significant issue, in my opinion.

So there you have it. What am I missing? Have a question? Going through an audit? Email info@splaicensing.com, and we can help.

Thanks for reading,

SPLA Man