Unless self executed, ‘audit’ is never a good word. Many software vendors including Adobe, IBM, and Oracle conduct audits on licensing products, including Microsoft. In fact, 58% of surveyed executives reported that they had been audited by Microsoft in the last 12 months. If your company has been or is the subject of an audit or licensing compliance review, you should weigh heavily which system attributes need to be prepared for the audit.
Microsoft may initiate an audit in several ways including a letter or email to the company requesting that it do a self-audit and reply via email verifying that it believes it is compliant, a letter or email from the US SAM team requesting the company go through a formal SAM engagement, or a letter or email from Microsoft Legal and Corporate Affairs or the Licensing, Contract, and Compliance team. Audits can be somewhat time consuming and Microsoft generally gives between 15-30 days to complete the process. It is common for Microsoft to approach you as a customer requesting that you initially conduct a self-audit. The self-audits can consist of the following:
- Determining what software you actually own- i.e. License Entitlements
- Reports of software actually deployed
- The License Entitlements assigned to these deployments.
The best way to approach a compliance review is to treat it as an ongoing rather than single event. In other words, companies should create a process for ongoing software asset management which would involve not only the IT department but also a number of other departments including purchasing. In particular, it may be helpful to pull a Microsoft Volume Licensing (MLS) statement to recognize areas of non-compliance.