When the audit report arrives it carries the weight of authority: a third party firm, pages of methodology, a confident total at the bottom. That presentation is part of the position. The report is a reconciliation built on the data the auditor was able to gather and the assumptions it made where the data ran out, and both of those are open to challenge. Treating the report as the opening of a negotiation, rather than the close of the audit, is the single most important shift a buyer can make at this stage.
This article shows how to read a findings report critically, where Microsoft and SPLA reports tend to be soft, and how to negotiate the number down line by line before anything is signed. It is part of the negotiation and settlement cluster and pairs with the Microsoft audit survival guide, which sets out the full defence end to end.
The report is a draft, not a verdict
For an end customer the audit produces an Effective License Position, the reconciliation of deployment against entitlement. The ELP is not the final sentence. It is the number that gets negotiated after the report, and it reflects the auditor's counting choices, not an immovable fact. For a hoster the report reconstructs what should have been reported each month across the 36 month lookback against what was reported, and that reconstruction rests on assumptions about peak counts, customer mapping, and product versions. In both cases the total at the bottom is the product of choices that can be tested.
A confident total at the bottom of a report is a claim, not a fact. Every line above it was a choice, and choices can be argued.
Where reports are soft
Findings reports tend to be weakest in the same places, because those are the places where the auditor had to assume rather than observe. Reading for these is how you find the ground worth contesting.
- Counting methodology, where the auditor's method differs from the metric the product licence actually uses
- Credits and entitlements omitted, including downgrade rights, inherited licences, and unused purchases the auditor did not net off
- Assumed peaks, where a high water mark is treated as the steady state across a whole period
- Edition and version assumptions, where a richer edition is assumed than what was deployed
- Double counting, where the same deployment is captured by more than one rule
For end customers there is a specific trap to watch. SAM tool output is not audit defense, because Microsoft uses its own counting methodology and its own data from Azure, Microsoft 365, and management tooling, and Microsoft's calculation governs. A report that leans on Microsoft's telemetry may diverge from what a clean internal tool showed, and the divergence is exactly where the customer's own reconciliation earns its place.
Take the number apart
A finding is never one block, and the negotiation works differently on each part. Separating them is the first practical step.
| Track | Fixed once quantity is agreed | Where the negotiation lives |
|---|---|---|
| End customer | License price on genuine unlicensed use, at 125 percent if the 5 percent clause triggers | The counted quantity, the credits applied, and whether the gap stays under 5 percent |
| Hoster | Back fees at the price file rate on under reported consumption | The reconstructed quantity per month and the penalty uplift of 25 to 125 percent |
For the end customer the 5 percent clause is the hinge. If unlicensed use is 5 percent or more of total use, the customer reimburses verification costs and acquires licences at 125 percent of the current price. Where the evidence honestly supports it, keeping the verified gap below that threshold removes the uplift and the cost reimbursement at once, which can matter more than any single line item. For the hoster, the price file rate is fixed but the quantity it applies to comes straight from the monthly reconstruction, and the uplift is a judgment that a reporting mechanics error pushes toward the lower end of the band. These figures are indicative and depend on the facts of each audit.
How to run the negotiation
A report is negotiated with evidence, in sequence, and in writing. The order matters because conceding the count before contesting the methodology gives away the ground the rest of the argument stands on.
Throughout, the tone stays calm, precise, and relentless on the evidence. The auditor is doing a job and the position is the adversary, not the person. Disputing a line with a record rather than indignation moves the settlement faster and signals that the buyer knows its own estate better than the auditor does.
The buyer side view
A findings report is a starting position dressed as a conclusion, and the buyer who reads it that way recovers most of the room that exists. We set the report against your own reconciliation, challenge the methodology before the quantities, apply every credit the report left out, and argue the uplift or the threshold where the evidence supports it, settling only in writing on the corrected basis. Our guarantee stands behind the work: we reduce your exposure or we reimburse our service fee, and gainshare means you pay only from verified savings, with no risk to you. To see the full defence from report to settlement, download the guide below.
When the exposure is real, we work the penalty math through our penalty mitigation engagement.