Audit Preparation
A vendor audit is the highest-stakes use of SAM data. This page is the playbook for preparing — what to lock down, what reports to generate, what evidence to assemble, and how to defend the position you submit.
When to Start
The moment you receive an audit notice. The earliest steps (lock down the calculation date) need to happen before any further data changes obscure the position you will be defending.
If you have not received notice but want to prepare proactively (e.g., approaching the end of an audit-heavy contract), do the steps below using a hypothetical "audit window" date.
Step 1: Lock Down the Date
The audit will ask "what was your position as of date X?" Determine X — typically the date the audit notice was issued, or a vendor-specified period start.
Once you know X:
- Run Licensing → Calculate Licensing Position with End Date = X.
- Set Start Date to the start of the period the auditor will examine (often current fiscal year start, but vendor-specific).
- Wait for the calculation to complete.
After this calculation, do not recalculate until the audit is resolved. Doing so might rewrite the position you have just locked down — see Recalculation Behavior.
If routine scheduled recalculations would normally run, pause them for the audit duration.
Step 2: Generate the Compliance Reports
For audit purposes, generate the full set of compliance reports as PDFs. These are your evidence:
| Report | Why You Need It |
|---|---|
| Software Licensing Summary Report - Full | Per-product compliance, executive view |
| Software Licensing Detail Report - Full | Per-machine breakdown, per-product |
| Software Licensing Compliance Detail Report By Manufacturer - Full | Filterable to the audited vendor |
If the audit is vendor-specific, the By-Manufacturer detail is the key document — it lists every install of every product from that vendor with the covering license.
Save the PDFs with the lockdown date in the filename for the audit record.
Step 3: Assemble the Underlying Evidence
Beyond the reports, the auditor will want:
| Evidence | Source |
|---|---|
| License contracts and agreements | Software License Agreements records, your contract repository |
| Purchase records | Purchase Order records, supplier invoices |
| Discovery evidence per machine | Asset records' Software tab; export per-machine software lists |
| Assignment evidence | License records' Related Assets tab; or a SQL export of AssetDependency |
| Compliance calculation methodology | This guide; specifically the Concepts chapter |
For each license that contributes capacity, the auditor may ask "how do we know you own this?" Be ready to produce contract, invoice, or vendor portal screenshot.
Step 4: Spot-Check Before Submitting
Before sending anything to the auditor, spot-check:
- Pick 3-5 products that should be compliant. Open the Licensing Position. Confirm Outstanding = 0 for each. If not, fix before the auditor sees it.
- Pick 3-5 machines that should be covered. From each machine's Software tab, confirm the products are showing covered, with a license attached.
- Check the data quality tab. Licensing Calculation Steps should show no errors in the diagnostic queries.
- Confirm the Last Calculation Run timestamp matches your lockdown date.
Any discrepancy you find now is fixable. Discrepancies the auditor finds in the data you submit are problems.
Step 5: Document the Methodology
Auditors increasingly want to understand the methodology behind the numbers. Be ready to explain:
- How discovery gathers software data (frequency, what's included)
- How recognition classifies titles
- How the catalog maps titles to products
- How the engine allocates licenses (affinity rules, requirements)
- How downgrade rights are configured per license
Pointing to this guide (especially Concepts, Allocation, and Customizing the Calculation) gives auditors the same documentation your team uses. Most auditors are pleasantly surprised to find the methodology is documented at all.
Step 6: Defending the Position
If the auditor's findings differ from yours, common discrepancies:
| Auditor Says | Likely Cause | Defense |
|---|---|---|
| "More installs than you reported" | Auditor counts unrecognized titles or includes versions you do not | Show recognition classifications; confirm version-counting methodology |
| "Fewer licenses than you reported" | Auditor not counting downgrade rights | Show downgrade rule per license, point to contract clause that grants the right |
| "Wrong license type" | License Type on your record differs from auditor's interpretation | Show the contract; ensure your record matches |
| "Your direct assignments don't count, we only credit deployed licenses" | Some audit positions discount licenses that have not yet generated activity on the target machine | Show that the directly-assigned machine has the product installed and the grant is active in the position. Direct assignment is your contractual allocation method — the engine treats it as deployed coverage. |
For each, the audit trail (transactions persisted, contracts on file, methodology documented) is your defense.
Special Case: SQL Server Audits
SQL Server audits are common and have specific points to verify:
- Licensing is per host, not per instance. A host with two SQL Standard instances needs licensing for the host's cores once — both instances share the same per-core entitlement.
- CORE4 minimum applies per server (or VM). A 2-core VM with SQL Standard needs 4 cores of license.
- Free editions (Developer, Express) are not licensable. Confirm yours are classified as
FREEin the catalog. - Downgrade rights vary by edition. Standard is not a downgrade target for Enterprise; check carefully.
Run the SQL-specific dashboard from Licensing → Sql Server before the audit response goes out. Confirm host core counts look right and that the catalog distinguishes paid editions from free editions.
Special Case: Microsoft Audits
Microsoft audits often start with an MLS (Microsoft License Statement) reconciliation. If your licenses came from MLS imports (see Microsoft License Statement Import):
- Each license has its source statement traceable
- The agreement record provides the contractual basis
- The audit response can directly reference statement and contract
If your Microsoft licenses are not from MLS imports, expect more reconciliation work — manual mapping to contracts and statements during the audit.
After the Audit
Whether the audit resolves clean or surfaces issues:
- Document what happened. Lessons learned, particularly any data quality issues the audit revealed.
- Apply fixes. Catalog corrections, license record updates, missing assignments.
- Resume scheduled calculations. Unfreeze the routine.
- Communicate the result to management and procurement.
The post-audit period is also when proactive cleanup pays off — you have just done a thorough review; closing remaining issues now is much easier than at the next audit.
Related Reading
- Compliance Reports
- Concepts: Temporal Accounting — the methodology the audit will probe
- Concepts: Downgrade Rules
- Operations: Data Quality Checks
- Recalculation Behavior — why not to recalculate during an audit