Maintaining your software is important – a good software management strategy can help you minimize costs, optimize your software expenses, and align your software purchases with business needs. The fact is, most people who are not in the IT industry don’t think much about software compliance- at least until someone pops up wanting to verify your legal compliance. Nobody is exempt, and the process can be scary so let’s take a closer look at the Microsoft licensing audit program.
Most everyone using Microsoft software will eventually be asked to participate in a voluntary audit. Right now, it’s just once every few years. That hasn’t always been the case, but it’s the trend we are seeing. Your purchase history, technology updates, or even a disgruntled ex-employee can trigger an audit.
Microsoft performs two types of audits: Software Assessment Management (SAM) and Legal Contracts and Compliance (LLC).
A SAM audit is Microsoft’s way of saying, “Let’s make sure you’re in compliance. If not, we’ll help bring you into compliance” SAM is called a “self-audit” because you fill out forms detailing the Microsoft software you’re currently using and compare your list with Microsoft’s purchase records.
Microsoft pays a third-party audit partner to engage you in the SAM audit. Don’t be too alarmed if you are working with somebody that is not a Microsoft employee but representing Microsoft. As always, be cautious, as there are definitely some scammers posing as SAM auditors. If they ask you for money, it’s likely a scam. A list of authorized audit partners can be found on the Microsoft SAM website.
Your participation in a SAM audit is voluntary, but understand that if you ignore or decline the SAM audit, you can expect to be presented with a Legal Contracts and Compliance audit.
Microsoft will issue an LLC when a customer refuses a SAM or if they have reason to believe you are misusing software. These are not voluntary. If you’ve been issued an LLC audit, it may be best to consult a software licensing attorney. LLC audits are handled by the Business Software Alliance (BSA). The BSA is the largest anti-piracy group in existence and is hired by nearly every large software company to perform this more invasive audit.
It’s safe to say that a proactive approach towards compliance is best. Keep your licensing current, maintain accurate records, and so long as the owned licenses match the number of installations, you never have a problem.
Where a business purchases their software is important too. Unintentional purchases of pirated software can happen sometimes. If you find that one vendor is selling software a lot cheaper than others, chances are it’s not legitimate, and you’re going to end up buying it twice and spending more in the end.
If you are audited, it's always best to comply with the voluntary audit. Without a doubt, the review is time-consuming and distracting from main your mission. I’ve completed two for Keystone in the last several years, and I’d guess they take me about 10 to 15 hours to collect and report plus several weeks of back and forth with the audit partner. (Keystone has a total of about 15 workstations and servers). The audit process is more straightforward than it once was, but plan on spending time rounding up proof of purchase documents.
If you feel your company may be out of compliance, it’s best to get it taken care of as soon as possible. Microsoft is more understanding and even helpful when they know you’re serious about fixing issues and becoming compliant.
There’s a good chance you won’t be 100% compliant, and Microsoft knows it. Microsoft also expects you to work quickly to correct any issues and become compliant. The copyright law is on their side, so it’s easier to comply than resist.
Avoid the LLC audit - if the BSA becomes involved, you’re going to spend the same money on software as you would in a SAM audit PLUS penalties and legal fees. The penalties allowed by law are up to $150,000 per title infringed.
If you have additional questions or have been selected for an audit, we can help. Keystone has completed quite a few audits for our customers in addition to our own SAM audit. We’re a great resource and we can help you navigate the process.