Microsoft Audit Roadmap
Microsoft offers an array of software licensing options for its business customers. However, during an audit, the timing and course of the project typically follows a fairly well-worn path:
1. Kickoff meeting At this step, Microsoft’s hired auditors (typically PriceWaterhouse Coopers, Deloitte & Touche, KPMG, Ernst & Young or Unified Logic) will schedule a meeting to discuss their agenda and timing goals for the review. The timing goals typically are aggressive, and companies should be prepared to push back if they would produce a burden to business operations.
2. Data collection During this phase, the audited company will gather information regarding its hardware, the Microsoft products installed on that hardware, and the users accessing those products. This phase typically requires the most time to complete and can last anywhere from two weeks to two months or more.
3. Follow-up data requests Following the initial data submission, Microsoft’s auditors often have follow-up data requests to fill in any holes that it believes to exist in the original submissions.
4. Data validation At this stage, the auditors will want to schedule a meeting to test the data previously submitted against samples collected in real time. The purpose of the meeting is to confirm the accuracy and completeness of the inventory data. The validation sessions sometimes are conducted via remote conferencing, though most auditors’ preference is for an in-person meeting.
5. Draft audit report After the validation meeting, the auditors will take some one to two weeks to prepare a report comparing the software deployments reflected in the data against the entitlements reflected in Microsoft’s volume licensing data an in any supplemental entitlement documentation provided by the audited business. The draft report typically includes only the license position, without any monetary exposure estimates.
6. Reviewing and revising draft report The auditors usually will give the audited business some time (often, not enough time) to review the draft report, to identify any errors or discrepancies, and to request corrections or notes conveying any objections to the findings.
7. Audit hand-off call with Microsoft Once the report is complete, the auditors will schedule a three-way call with Microsoft and the audited business. During that call, the auditors will describe the findings and will answer any questions regarding the report. After that, the auditors typically drop out of the picture, leaving the company to negotiate a resolution with Microsoft.
The negotiations phase is the most variable in terms of both timing and process. In some instances, Microsoft may be willing to offer concessions on the findings in an effort to facilitate a quicker resolution. However, depending on its priorities for a particular matter, it may dig in its heels and refuse to engage in any meaningful negotiations. Under those circumstances, companies should work closely with legal counsel to evaluate all available business and legal options to resolve the matter.