The annual true up and the formal audit are often confused, and the confusion is expensive. A true up is a contractual mechanism you run on your own schedule to report growth and pay for it at your agreed prices. An audit is a contractual right Microsoft exercises to verify your deployment, on its schedule, with findings priced without your negotiated discounts and frequently with back maintenance and penalty exposure attached. The same underlying gap costs far less when it surfaces in a true up you managed than when it surfaces in an audit the counterparty initiated. Knowing the difference, and steering exposure toward the mechanism you control, is itself a defense. The buyer side defense governs the true up so the audit never finds what the true up already settled, work that across the practice supports the 79% average audit exposure reduction.
Under an Enterprise Agreement, deployment growth is reconciled in two very different ways. The annual true up is a planned, contractual report of how the estate grew over the year, priced at the agreement rates the customer negotiated, paid on a known schedule. The audit, or its softer cousin the self assessment review, is Microsoft exercising the verification clause to test the deployment against the entitlement, priced without the agreement discounts and often with additional exposure layered on. Both address the same question, which is whether usage exceeds license, but they reach the answer on opposite terms. The customer who understands this steers the reconciliation toward the true up deliberately.
The difference between a true up and an audit is not the gap they measure. It is who sets the terms, the timing, and the price, and that difference decides the cost.
The same shortfall is priced very differently depending on the mechanism. In a true up, growth is added at the negotiated EA pricing the customer fought for. In an audit, findings are typically priced at undiscounted levels, can carry back maintenance for the period the gap existed, and in some agreements attach a penalty premium on top. A gap worth a modest true up at agreement rates can become a materially larger settlement once the discounts fall away and the back charges apply, which is the entire reason the counterparty prefers the audit path for anything it expects to find.
Microsoft and its appointed auditors prefer the audit route precisely because it prices higher. A customer who self reports through the true up settles at agreement rates and keeps control of the timing. A customer caught short in an audit settles at undiscounted rates with back charges, and does so under the time pressure the audit creates. The incentive structure rewards the counterparty for finding gaps through verification rather than receiving them through self reporting, which is why a passive true up posture invites the more expensive path.
The true up only protects the customer if it is accurate. An estate that under reports growth, whether from poor tracking or optimism, leaves a residual gap that the verification clause can still reach. When an audit later finds what the true up should have captured, the customer loses the agreement pricing on that portion and pays the audit premium instead. The defense is a true up built on a reconstruction as rigorous as an audit, so nothing material is left for the verification to find.
Microsoft frequently opens with a self assessment or a software inventory request rather than a formal audit. It feels lighter, but the data the customer hands over can establish the gap that justifies escalation to a full audit. Treating a self assessment casually, or answering it without the same discipline as an audit, can convert a manageable situation into a formal finding. The same data request rules apply to both.
An audit timed to land just before a renewal is a deliberate squeeze: the customer faces a compliance settlement and a renewal negotiation at once, with the audit exposure used as leverage on the renewal terms. A well governed true up, completed on the customer's schedule, removes that lever by settling growth before it can be weaponized. The timing of reconciliation is itself a negotiating variable.
The decisive variable is who controls the reconciliation. In a true up the customer controls the timing, the data, and the price, reporting growth at agreement rates on a known schedule. In an audit the counterparty controls all three. The same gap therefore settles at very different prices depending only on which mechanism reaches it first. Governing the true up so it captures real growth accurately, year after year, keeps the cheaper mechanism ahead of the expensive one. That governance is the practical core of the broader audit defense posture, where the goal is always to settle on the buyer's terms before the counterparty sets its own.
Quantifying the cost difference is what makes the choice concrete. The same shortfall, priced through a true up at negotiated rates, sits at one number; priced through an audit at undiscounted rates with back maintenance, it sits at a much higher one. Putting both numbers side by side, for the actual gap an estate carries, turns an abstract preference for the true up into a measured decision. The full anatomy of the audit price, including the back charges and premiums, is broken down under the cost of non compliance.
The defense posture is to run the true up with audit grade rigor so it captures real growth at agreement rates, leaving nothing material for a later verification to find. The estate is reconstructed before each true up, the report is built from that reconstruction, and any self assessment is handled with the same discipline as a formal audit. Keeping the cheaper, customer controlled mechanism ahead of the expensive one is the whole objective.
The reconstruction rebuilds the estate before each true up, the same way it would for an audit: the deployed population reconciled against entitlement across every product line. The true up report is then built from that reconstruction, so the growth reported is accurate and the residual gap left for any verification is negligible.
The output is a true up that settles at agreement rates and a documented position that answers any subsequent data request with the customer's own evidence, framed before the counterparty frames it.
With the true up governed, the remediation establishes the cadence: an annual reconstruction, an accurate report, and a consistent handling protocol for any self assessment or inventory request so none of it escalates by accident. The timing is managed so reconciliation never collides with a renewal.
The renewal is the moment to set the true up provisions, the pricing protections, and the audit clause terms deliberately. The EA renewal framework structures these provisions so the customer keeps control of the reconciliation through the term.
The practice runs a true up governance engagement that rebuilds the estate to audit grade rigor and builds an accurate report so the customer controlled mechanism stays ahead of any verification.
The engagement produces a documented true up position covering the reconstructed estate, the growth to report at agreement rates, the residual gap, and the handling protocol for any self assessment. The position is the basis for the annual cadence and the foundation for the contractual provisions at the next renewal.
Three questions that recur once the governance work begins.
No. They measure the same gap but on opposite terms. The true up is a contractual mechanism the customer runs on a known schedule, reporting growth at the negotiated agreement rates. The audit is a verification right Microsoft exercises on its own timing, with findings priced without those discounts and often with back maintenance attached. The mechanism, not the gap, decides the price, which is why steering reconciliation toward the true up matters.
Yes. The audit right exists regardless of how diligently you true up. But an accurate true up built on a real reconstruction leaves almost nothing material for an audit to find, so the verification confirms the position rather than uncovering a gap. The risk is the under reported true up, where a residual gap remains for the audit to reach at the higher price. Audit grade rigor in the true up is what neutralizes the audit.
Treat it with the same discipline as a formal audit. A self assessment or software inventory request feels lighter, but the data you provide can establish the gap that justifies escalation to a full audit. Answering casually can convert a manageable situation into a formal finding. The same data request rules apply: provide what is required, framed by your own reconstruction, and nothing that hands the counterparty an unframed number.
The worksheet the practice uses to build an audit grade true up, with the reconstruction steps, agreement rate pricing, and self assessment protocol built in.
Two analyst calls. We rebuild the estate to audit grade rigor, build an accurate true up at agreement rates, and keep the customer controlled mechanism ahead of any verification. Full audit defense practice.