Summary
A letter from Microsoft announcing an SPLA audit can put any service provider on edge. While it's a serious situation that requires careful attention, there's no reason to panic.
By understanding your rights under the SPLA agreement and taking a strategic approach, you can take control of the audit process and protect your business interests.
In this guide, I'll outline the key initial steps to take after receiving an audit notice and offer tips for a smoother experience.
Key Takeaways:
Read and understand paragraph 13 of your SPLA carefully.
Be prepared for Microsoft to potentially expand the audit scope.
Don't rush! Take your time complying with deadlines set forth in your agreement.
Create a precise diagram of your SPLA-related services.
Recognise the seriousness of an SPLA audit, but approach it with a calm and informed strategy.
Don't Panic. Review Your SPLA Agreement
You likely have a Service Provider Licensing Agreement (SPLA) with Microsoft. However, it's not uncommon for this agreement to be misplaced over time.
Your first step after receiving an audit notice is to locate your SPLA agreement and give it careful attention, focusing specifically on paragraph 13. This paragraph outlines the audit conditions and your rights as a service provider.
Understanding the Scope (Time and Agreements)
Microsoft's audit letter will often stipulate a timeframe for the audit (for example, covering the past three years). While there may be some room to negotiate this timeframe, We've rarely seen success in drastically reducing the calendar scope.
The letter will also list the SPLA agreements subject to the audit. Be aware that Microsoft, specifically its Legal and License Compliance (LLC) department, may later attempt to expand the scope of the audit. Don't get overly relieved if only a portion of your SPLA agreements is initially listed. Be prepared that all your SPLA agreements will be included in the scope.
Take Control of the Timeline
Remember, you are only required to comply with the deadlines stipulated in your SPLA agreement. While responsiveness is important, there's no need to rush your response to Microsoft.
Take your time and carefully consider your options. We've seen audits stretch out for years, but keep in mind that you'll be liable for auditor fees if you're found non-compliant. Prolonging the process should be a calculated decision. The longer it takes, the more unhappy Microsoft and the auditor, and the higher the auditor's fees will be.
Diagram Your SPLA Business
Before providing information to auditors, sit down with your team and carefully diagram your SPLA business. Understand the specific services you provide under your SPLA agreements – is it simple hosting, or do you offer more complex solutions like call centres or business process outsourcing?
It's crucial to know precisely where your SPLA obligations end. We've worked with providers who mistakenly included non-SPLA services in the scope they presented to auditors, leading to complications. If you're unsure of these boundaries, consult with an independent SPLA expert to avoid oversharing and resulting issues.
We hope this article provided clear, actionable guidance and peace of mind. If you have further questions or would like assistance preparing for your audit, please don't hesitate to contact us. Remember, as an independent advisor, our expertise at SAMexpert ensures you receive unbiased support.