SAMexpert logo
May 25, 2024

SPLA Audits Under The Microscope

SAMexpert Podcast

Today, we discuss Microsoft SPLA (Service Provider License Agreement) audits in detail. Alexander Golev (CEO) and Daryl Ullman (Chief Negotiation Officer) of SAMexpert break down the audit process, sharing their extensive experience and insider tips.

They cover everything from preparing for the audit and understanding its technical aspects to negotiating effectively with Microsoft. The goal? To help you minimise the financial impact of audits and ensure compliance.

Adding a unique perspective, a former Microsoft audit team leader joins the conversation. He offers valuable insights from the "other side," revealing how auditors think and what you can do to make the process smoother.

73.52 MB
Episode Transcript

Alexander Golev: Hello, everyone. Today, we will discuss SPLA audits—Service Provider License Agreement audits conducted by auditors on behalf of Microsoft.

Who are we? We are a company called SAMexpert. We support service providers and enterprises during audits on the client side during negotiations, after audits, or when you need to renew your agreement. We also offer other Microsoft-related services. Importantly, we don't sell licenses ourselves, so we don't care about sales. We only earn our bread and butter by helping clients defend themselves against Microsoft and optimising their budgets.

The reason why you should listen to us is that we have supported over a hundred clients in audits on the client side against the auditors and Microsoft, and we have a 100% win rate. Whatever the situation, our clients come out of audits with lower bills than they would have paid if we had not supported them.

This event is predominantly for service providers, SaaS companies, or ISV companies that host virtual machines or applications using Microsoft licenses, where there's an element of SPLA. But if you're not a service provider and if you are a regular company, you will also learn a few things about how Microsoft conducts audits and what your rights and obligations are during various phases of the audit from this event. Many things are similar between SPLA audits and regular Microsoft audits.

Today, I have Daryl Ullman with me. I will invite him to discuss negotiations. The last phase of any audit is negotiating its result. Daryl is the Chief Negotiation Officer, co-founder and partner at SAMexpert.

I hope that you can take home valuable, actionable advice. This is not a sales pitch, although you're welcome to ask for our help. You can always find us on LinkedIn or on our website,, but today is all about sharing what we know and advice that you can effectively DIY.

SPLA audits are unique

And to remind you, we're talking about SPLA audits. So, what is an SPLA audit? If you don't know yet, if you are a service provider or if you work for a service provider, Microsoft conducts compliance audits like they used to conduct with every other company in the past. Service providers, however, are in a very interesting niche. Service providers provide services with Microsoft licenses included and sometimes also allow clients to bring their own licenses to the provider's estate.

There is no entitlement, as in a usual Microsoft environment, and providers don't have licenses in a traditional sense. Providers must calculate the licenses consumed during a calendar month, submit that data to Microsoft, and pay for the consumed licenses. There are exceptional agreements where reporting can be done quarterly, but it's not a usual arrangement. Usually, every calendar month, you have to report to Microsoft what licenses your clients consumed via your reseller, and then you have to pay for it. During the SPLA audit, auditors will be trying to estimate how many licenses you were required to report in every calendar month of the audit period by looking at your current data.

They will tell you, "We will audit your compliance in the three previous years." That means they will try to extrapolate 36 months of your reporting history and compare it with what you reported and paid for. Any under-reporting, anything you did not report correctly, if you didn't follow the rules, or forgot to ask your clients about bring-your-own-license evidence, will be your penalty. They verify that you paid enough for each calendar month in the audit period.

The two main phases

The audit is basically split into two big phases. The first phase is the technical phase, during which the auditor appointed by Microsoft asks you to provide inventory data and relevant records, compares it with the reporting history, discusses your environments with you, and then produces the reports.

The auditors, during the technical phase, which is, I wouldn't say, the longest one. Sometimes negotiations take longer, but it's the most complicated part regarding steps, processes, and things you need to pay attention to. When they disengage, Microsoft comes back and starts negotiating. Rather, you begin negotiating with Microsoft. Microsoft's initial goal is to bill you for the licenses you didn't pay for based on the auditor's calculation.

So, there are two significant phases. One is with the auditor, and the second one is with Microsoft. And savings are achieved at both stages. If you neglect one of the stages, It will be a mistake. Some providers completely neglect the technical one. They come to negotiations with an inflated bill, much higher than it should have been, and they have to negotiate from a higher number. Imagine a provider that had to start negotiating from 120 million dollars of estimated non-compliance instead of 30 million of actual non-compliance.

Don't neglect the technical stage. It needs to be driven through correctly. I don't like the word "navigated". Thanks, ChatGPT. It must be navigated through properly, meticulously, and with attention to detail.

Magic happens during the negotiation phase. It's when you present your business case, your business excuses, your situation, and you negotiate with Microsoft. You negotiate the outcome, sometimes reducing the bill from what the auditors calculated, and sometimes finding a different resolution. I would put it this way because it varies depending on your scenario.

Audit notice

It all begins with Microsoft sending you a notice. I encourage everybody to read your contract, please. I encourage you to find your SPLA and MBSA. Those are the two documents stipulating the terms for SPLA audits. Read them carefully. Pay attention to detail. If you don't understand it, ask your legal. If your legal doesn't understand it—I wouldn't be surprised if they don't—send them to us.

Microsoft is obliged contractually to send you a notice 30 days before the audit, so they give you a 30-day warning. And by the way, if they try to insist on an audit to start in one or two weeks, that's against their own rules. They have to give you a 30-day notice.

The audit is supposed to start after that 30-day notice. You have a kickoff call, a meeting, and a handshake with the auditors. However, you can also do other things at this stage if you want to.

There's an NDA phase when you may want to sign an additional NDA with the auditor. Or, as we recently learned, some companies insist on signing a special agreement with the auditor for the conduct of the audit itself, and they succeed at that.

Sometimes, we are asked whether an audit could be entirely cancelled. We may imagine how, but we've never seen it. You are contractually obliged to respond to the notice. If you have ideas of how you may cancel your audit, by all means, you may attempt to do so. When you signed the agreement, you agreed that Microsoft may send you an auditor. This is your contractual responsibility, at least to react to it. Never ignore the notice.

You've got your notice. You're probably sweating. You don't know where to start. You're not necessarily ready, even if you have tools and everything. And the worst thing in the very beginning is being nervous and being agitated. So our advice to everybody is just to calm down. Nothing terrible has happened yet and may not even occur. Take a deep breath, and talk to somebody who knows about audits and how to go through them. Make sure your house is in order; we'll explain what it means: house is in order. Then, set up the kickoff call and be calm. It's vital to have peace of mind. Otherwise, if you're nervous, you'll make mistakes.

Additional NDA

You may insist on the auditor signing a special NDA with you. It is absolutely up to you. As the MBSA, Microsoft Business and Services Agreement, says, there is already an NDA in place between Microsoft and its auditor. However, most of our clients, sometimes advised by us, sometimes on their own, ask the auditors to sign an additional NDA for additional peace of mind.

Please pay attention to the following. If you've been to our previous live events and webinars, we used to say there's no time limit on the NDA. There is a form of the MBSA, and you need to check your own MBSA, which says that you only have 14 days to complete that process. So if your MBSA sets that limit, it's not in every MBSA, then you must comply. You only have 14 days to execute an NDA with the auditor. And you may not use that to prevent an audit.

However, if that's a concern, you need to know that Microsoft does not receive raw data. Raw data stays between you and the auditor, and for some of you, it may be very important. The raw data, the inventory, with server names, IP addresses, and usernames, if you disclose it, if you don't obfuscate it, does not reach Microsoft. Microsoft gets a summary. Microsoft gets the result.

Kickoff meeting

Next, you have a kickoff meeting. So you've signed all the NDAs and have a kickoff meeting. It is essentially just the auditors walking you through the process, answering your questions, and asking you initial questions. And the advice here is simple. Ask every question you want to ask and listen. We advise not to disclose information at this stage, even basic information. You may say you have five data centres and then give data from only four during the audit. It will be recorded that you have five data centres. You will have to explain the difference between the declaration and the data. So don't say anything at this stage at all because even silly mistakes could be devastating.

They will try to impose a specific project plan and timeline for the audit. You don't have to comply with it. Don't sign it. You may tentatively agree because you need to somehow agree on how this will go, but remember that it's not your legal obligation to follow a specific project plan that a hypothetical auditor of Microsoft wants the project to follow. You don't have to agree to those particular dates and time frames. Agree tentatively, but remember that you control the timeline. There are only two contractual dates at the beginning of the audit. One is 30 days from the notice letter. The other one is 14 days - It may or may not be in your MBSA - to sign an NDA.

Set your timelines with some flexibility. Make it easy for you. They will be chasing you. They will send you letters saying, "You need to complete this in the next ten days". You don't have to. By all means, maintain a good relationship. But you don't have to. You need to remember that. Many people are scared of auditors and Microsoft and rush the data. They rush the results. Never rush the results. Do not, though, disappear. Maintain some sort of a heartbeat relationship. Send emails saying, "This is where we are; this is the progress". Be honest. But you don't have to rush. Unfortunately, we have to tell it almost every day. Currently, we support ten providers, and all of them are uncomfortable pushing back on the auditors and Microsoft, and they absolutely shouldn't be.

Data gathering

After the initial meeting, they'll give you a questionnaire to fill out first, and they'll give you scripts to run. That's the data-gathering stage. The questionnaire is essentially just basic questions from where you provide services, what kinds of services, what clusters you have, which are co-located, and which are SPLA clusters. From October 2022, you can have a 100% BYOL cluster. Don't forget to mention that if you have such clusters.

That is what they're asking you. We suggest you answer those questions. as fully as possible and double and triple-check them. If you're unsure, ask a good independent advisor how to respond. And by the way, if you need guidance for an audit, we have it on our website, Secondly, if you'd like to have slides, contact me. You can message me, Alexander Golev. Most of you will be connected to me already. DM me, and I'll send you the slides with all the advice we're discussing.

One of the most crucial things at this phase is to not overshare and make sure you only tell them about the actual SPLA scope.

If you have colo clusters and colo data centres, don't even tell the auditor about them. We will never advise you to hide anything. But if a part of your estate is outside of the scope of SPLA, and you are sure it's outside of the scope of SPLA, don't even mention it.

It happened at least three times in the last year. If you give them inventory from out-of-scope clusters with the virtual machines and whatever's running in those virtual machines, the clusters will be added to the report. And now, you need to ask the auditor to remove them. And they're very hesitant to do so. They will ask you, "Show us the evidence that this environment is out of scope".

So, if something is out of scope, don't even mention it. It's very important to be vigilant about what you provide. You must be certain about cases when you have full collocation or only provide operating system licenses in a certain cluster, or if you run your own web applications that may be licensed with self-hosted licenses instead of SPLA. You need complete clarity.

If you are unsure, ask an expert in Microsoft licensing for providers because it's complicated. SPLA is simple. Overall, licensing for providers is probably the most complex thing after Windows 11 licensing.

If you want to share a story with the auditor during the data gathering, share it. Share it at this stage. And here's an example. If you upgraded processors a year ago, and it's not evident from the current VMware data that processors were different, and that's why you started reporting more. Tell them that story. At least mention those facts at this phase before you find the evidence. Tell them, "By the way, in the data, you will see that all of our hosts have 56 cores. They used to have 40 cores, but we upgraded the processors last year. Please advise us what sort of information you require to prove it." If there is a story that defends you, tell that story upfront. Again, if you have an advisor, run it past them.

You may need to find additional evidence and data, and you will be asked to. They will probably want to see your customer contracts, especially when you claim that you're not responsible for licenses. That happens in every infrastructure provider. Outsourcing companies have different arrangements, but when we're talking about infrastructure hosting or IaaS, there's lots of BYOL, and usually, the best evidence is contractual records.

In addition, you may be asked to provide change records. If something was migrated or deployed on a specific date, and you don't show a relevant change record to the auditor, they will assume it's always been there. Therefore, even if you were compliant in previous months, you'll look non-compliant. So, gather the necessary change records and anything relevant to changes in license reporting.

Then, there are License Verification Forms. Fortunately, Microsoft effectively made License Verification Forms redundant in October 2022. However, you must still collect them if you're still a License Mobility Partner. It's a contractual requirement. And for the period before October 2022, the forms are still required. If you had clients with BYOL at the time, you should have collected those forms. Find them.

Your reporting history. The easiest way to gather it is to ask your reseller. Or you may download it from their portal. Download all your reports and invoices for the period mentioned in the notice letter. Sometimes, there are discrepancies between what you reported through your reseller and what Microsoft sees in its internal database. I'm not going to blame anyone today, but it happens. People make mistakes. People may receive a report for September and attribute it to October. Microsoft won't see that. They will see double numbers. They won't accept them without an explanation. So you need to find your reporting history, your reports for all the months mentioned, and all the details around it. Don't neglect it.

Again, do not overshare. Only give what is necessary. Don't talk too much. Everything you say may be used against you.

Initial report

When you provide all the data to the auditors, they will go away. For two to four weeks, sometimes longer, they will go away and calculate your first Effective Licensing Position, your first report. ELP stands for Effective Licensing Position. Usually, the initial draft ELP will have quite a few assumptions.

By the way, I should have mentioned that the auditor may ask you to provide additional information and clarify certain things even before providing you with the ELP. That's a normal part of the process. Collaborate. Provide all the necessary information. Again, be careful with what you say and how you formulate it because anything you say can be used against you.

You also need to remember that the auditor works for Microsoft. Don't take it wrong; they work for Microsoft, and the report will be one-sided. It will only reflect Microsoft's point of view on what you should have paid them and what you need to pay them to cover the non-compliance gap. However, we see that the auditor teams are typically helpful. They won't tell you how to fix your errors. They won't tell you all the secrets. But if you ask the right questions, they usually help. They're not your friends. It must be apparent. They're not your enemies, either. They're just there to perform what they're contracted to perform.

So they've given you the first report. What's your goal now? What's your task here? It's the report's validation. Validate everything because many things can go wrong. People make mistakes. There are still no fully automated ways to produce a report like that. So there's always a human behind it. And if it's a senior auditor, then typically, there's not much to validate in terms of formulas, errors, and misinterpretations. If there's a junior on the project, we see gaps and omissions and sometimes people taking shortcuts.

So what do you do? You push back. You analyse meticulously, sometimes line by line, every single thing. You may remember something you forgot to tell. They may have overlooked something you already discussed or made a mistake in a formula. If you find the formulas incorrect, ask them, "Can you please fix it?" And they will fix it. Do not just accept the report at face value. Never. Not the first edition, at least.

Additional data gathering

You may have to provide additional evidence. You may have to provide additional change records, something that you postponed, for example, asking your clients for proof that your clients are responsible for licensing. It is the phase and the time when it's most important that you have a clear picture of who is responsible for that particular SQL Server or who is supposed to provide licenses for the Microsoft Office installed in a terminal server. The auditors will take this into account. Even when they don't like the evidence, they may consider it a shortfall, but it will be attributed to the client. Make that very clear at this stage.

There will be a validation call. It used to be an on-site visit when auditors would come on-site, sit with you in a meeting room, and ask, "Could you kindly log in to this server?" And they would give you the names of the randomly picked servers. "Could you kindly login to this server, run the SQL Server Management Studio and run this command so we can verify that the edition is correct? Could you please demonstrate that your clusters indeed have nine hosts and not 11?" It's an audit. The auditor is there to verify the data you provided, and it's a normal part of the process.

Very importantly, you may not simply declare anything. Everything needs to be evidenced. If there's a discrepancy, it raises questions. If you give them a list of hypothetical 8000 virtual machines, but during the on-site visit, they see 8500 virtual machines, you need to be ready to answer why. It is a validation call. Now it happens over Teams or Zoom or whatever other communication platform of your preference. But I would assume it could still be an on-site visit in certain scenarios. So be ready for that as well.

From then on, it's all about chiselling off things that should not be in ELP and ensuring that the technical position looks the best way possible. What you can't do at this stage at all is argue about a business case, about things that are outside of the auditor's remit and that you need to discuss with Microsoft.

When you get to the point where there's not much to discuss and all the measures to improve the position are exhausted, the auditors will ask you to sign the final report. Don't legally accept the results. You'll have some back-and-forth with the auditors because they need you to accept the results legally. You don't want to accept the results legally. Find a formula that satisfies both parties. And say, "Thank you, dear auditor. Thank you for your work. We'll take it from here."

The final summary is sent to Microsoft. Microsoft may sometimes be involved midway through the audit when there's an impasse or things that require involving Microsoft, but typically, Microsoft engages when the auditor disengages.


And that's when you start negotiating.

Daryl, I'd like you to take over and discuss the negotiating phase if you can.

Daryl Ullman: I want to emphasise some things before I start talking about the second stage—the move from the technical evaluation to the commercial negotiation. Alexander pointed it out, but I want to repeat that whatever you don't finalise from a technical perspective will be difficult to mitigate during the commercial discussions. I want to emphasise that the number of technical errors we have often seen during the technical audit phase is substantial.

And I'm not a very politically correct person, so I'll say this out straight. Auditors make mistakes. It's not intentional, but they make mistakes. They make formula mistakes and misinterpret the data. And they work rigidly around Microsoft's framework. And that's not always the correct framework. It might be Microsoft or a prestigious auditor, but again, the framework is not always in favour of the provider. And that's something you need to keep in mind throughout that process. So, you need to be vigilant. You need to be aware. You need to challenge every single assumption.

If the auditor doesn't have information that they see as critical, they will assume and extrapolate. Extrapolation is detrimental to you because extrapolation uses a particular assumption that might not be correct when you look back three years. And we've seen audits go back five years. And if you start extrapolating going back, the discrepancy can be huge.

Challenge any extrapolation. Challenge any assumption. Bring evidence. That is your responsibility. Don't look to the auditor or to Microsoft to do your job. They will not dig for information and evidence in your favour. You need to dig for evidence.

It's just like being in court. You need to provide that underlining, hardcore evidence, be it data, maybe even contractual agreements with your end customers, emails between yourself and your reseller, or emails between yourself and Microsoft. That's all evidence. The auditor might not be able to use every single piece of that evidence because it's not in the process or methodology determined by Microsoft, but it will be noted, and you will be able to use that information, that evidence, in the commercial negotiations with Microsoft. That's how important it is.

Everything leads up to the commercial stage. Part of the data gathering is building up a really good story. Truthful, yet it needs to be a well-organised, logical story. Every commercial negotiation has a story behind it. Why did you reach the point that you reached? Why do you have a particular licensing gap? There is a reason behind it. Previous people in the organisation could have made errors. There could have been an underlying reason. You thought a specific license came bundled with a third-party application you were hosting, and you assumed you had licenses. You might've assumed that your end customer intended – or it was agreed upon – that they provide the bring-your-own license with their enterprise agreement contract.

You must dig up the reasoning behind any potential gaps the auditor finds. And there might be more than one story. It might be on a per-customer basis; it might be on a per-application basis. It's a lot of history gathering. It takes a lot of time and effort. Don't underestimate the resources and time required. The more time and resources you put into this, the better prepared you'll be. Like any negotiation, you need to prepare.

It is not just about jumping on a call with Microsoft, waiting for them to present the auditor's results and saying, "Okay, you need to pay a million euros or dollars". It's about you preparing for that initial call with Microsoft. That's already a part of the negotiation.

Negotiations have already started with the auditor. That's the way I perceive negotiations. I negotiate day in and day out on behalf of our customers. I am part of the early stage technical discussions when Alexander and his team initiate the process. I am part of that. I am silent. But I listen very carefully and read between the lines. Where are the gaps? Where are the cracks? Why did things happen? How did they become what they were? How does a provider doing a million euros of business with Microsoft on SPLA a year have a 10 million commercial debt to Microsoft or 20 million or even higher? How does that come about?

In most cases, gaps exist not because customers are trying to short Microsoft on what they should pay. I've done hundreds of audits. I've never seen a case where a customer is intentionally short-paying Microsoft. That's not the case. Errors and mistakes were made. And you, as the hosting provider or as the application hoster, didn't benefit commercially from it. You did not see revenue, and Microsoft was shorthanded. That's a story.

So please, when you enter the negotiation stage, prepare for it. There are multiple stages that you need to go through in that preparation. Understand who you're talking with on the Microsoft side. Who is the commercial negotiator? Who is that licensing executive that you are talking to? What is his experience and tenure at Microsoft? Who is he reporting to? It's good to understand the connections behind the lines. You need to plan out your strategy like any other negotiation.

You need to set your targets, red lines, and timeline. You want to drive the commercial negotiations. Don't be in a situation where Microsoft is driving the commercial negotiations. You want to be in the driver's seat. You want to set the tone of the negotiations from the start. It's not about you being aggressive. It's about you being attentive and prepared for that stage.

I just want to go back one step. When you hand over the final licensing positioning report, or when the auditor hands over that final licensing positioning report to Microsoft, you have the right to ask to add notes, clarifications, and evidence to that report. Ensure it's not just handed over to Microsoft as a black-and-white Excel sheet. You want to add additional colour. You want to keep it as a live document where, for every line item you wish to discuss with Microsoft or challenge, you want to have an underlying reason for your disagreement. You want an underlying layer of evidence so that when that report is delivered to Microsoft, you start the discussions with everything on the table. Ensure that you have your side of the story already presented. That doesn't mean Microsoft's going to accept it. That is when the negotiations start.

I want to leave you with the most important understanding of this process: There is a commercial negotiation phase. You need to come prepared and do your internal due diligence. You need to have the right people on the call. You need an experienced negotiator from your team who can lead the process. You need to have your licensing manager on the call.

You need somebody from legal and finance because you're not only looking at potentially paying the audit fees. They are usually substantial, but they can be reduced by double-digit percentage points. You also have potential fines, and you also have the auditor's fees.

Read through your SPLA contract, and as Alexander recommended, I also highly recommend that you actually read through your contracts today, not when you get the audit. Understand that there are penalties for under-licensing. In addition, and that is not in the contract but may be part of your settlement, you might be exposed to an additional audit within a period of 12 to 24 months to validate that you've corrected errors and omissions. It can potentially become an ongoing audit cycle, and you definitely don't want to be there.

Auditor's fees are also potentially negotiable with Microsoft. There are a lot of negotiables that can be put on the table. It's all a question of presenting them in the right context with the right story and evidence.

The Microsoft's perspective

Alexander Golev: Thank you, Daryl. I'd like to invite my old friend, Dmitry, to speak.

Dmitry Beresnev: Hello, everybody. Hello, Alexander. Hello, Daryl. Thanks for inviting me. My name is Dmitry Berestnev. I was the guy leading the audit efforts for Microsoft for a big region for many years. We were on the opposite sides of the fence with the guys. But I wanted to join out of respect for their professionalism and give a couple of advice from the kind of Microsoft, ex-Microsoft guy. I'm no longer with the company.

For many managers, both in the auditor company and in Microsoft, it is just a job and not the most pleasant one. As you can imagine, not all the clients are polite and cheerful. The first advice is to be polite and be responsive. Most managers are tasked with reporting progress and appreciate a professional, humane attitude from the client. That would really help you to establish a good rapport. Even if the real progress of the audit is zero, but you are constantly in contact, that goes a long way.

Second, be genuine; tell the truth. That's not the right situation to exercise your imagination. Just don't. It's not a fair game for you to try to say something untrue to the person who has been doing this every day for many years. That's doesn't bring you any value.

Alexander Golev: Sorry for interrupting; you're saying, "We know all the tricks. Just be honest and tell your story how it is."

Dmitry Beresnev: You're still not in a court. Maybe my third point will explain this.

The third point is to be elegant. What I mean by that is that if the negotiations are conducted amicably, if you have good explanations for everything, if it can be validated with the data, if you are in dialogue, especially if someone is helping you professionally to check whether what you are saying is is valid, then, I've seen examples of technical discussions leading to more than 50 per cent reduction in the gap and business discussions leading to, more than 80 per cent reductions.

Have a good story that is not fiction and can be verified. Friendly, positive, beautiful negotiations are something that people on the opposite side of the audit see very rarely. And believe me; they value it very much because if you have ten shitty negotiations every day with the same scenario of lies and impolite attitude, and then suddenly you see someone being able to tell their story to explain why they want to reduce the amounts and what are the steps than they would expect of both the auditor and Microsoft, that goes a long way and gives you really a huge advantage.

Those are the three things I would share as a former leader of the team doing the audits.

Alexander Golev: Dmitry, thank you very much. We absolutely agree that, on average, a good technical discussion shaves off 50% of the assumptive draft report, and then the commercial negotiations can save you, on average again, 80% of the report because Microsoft will listen. I would also agree entirely with being professional during the negotiations. You get a much better response; you get smoother negotiations. Sometimes, auditors send an email to the client with whom we work, thanking them for their professional conduct during the audit. It really goes a long way, being that professional, answering the questions with the correct language and having the right attitude,

Daryl Ullman: I want to comment on one of the things that Dimitri said, and I couldn't agree more. Don't come with a bullshit story. The auditors and Microsoft have heard everything. Be genuine. Build your story based on evidence. If there is a good reason that something happened and you made a genuine error, support your point with evidence and a good story. We have found that presenting it in a professional way, based on evidence, goes a long way in the process. Prepare. Be genuine.

You don't have to disclose everything—this is not a legal discussion—but be able to back it up with evidence. It goes a long way compared to just throwing things out there that have no substance and can be dismissed really quickly.

I want to thank Dmitry because there were some critical points I advise everybody to take home and implement in the next audit.

Alexander Golev: Thank you, everybody. I would like to remind you that we have another SPLA-related event. It concerns your initial preparation phases when you gather everything for the start of the audit. We'll go more in-depth on the initial steps that, if done properly, can save up to 30 per cent of the audit fees.

Thanks again. Have a great rest of the day. We'll see you soon. Goodbye.