KPMG Audit Checklist For Microsoft

KPMG is one of the Big Four professional services firms and uses cutting-edge technologies, industry expertise, and established excellence to assist companies with complex global business issues.

The SEC order states that KPMG audit professionals who had failed training exams distributed exam answers and sought help from colleagues for passing scores, in violation of PCAOB documentation and quality control standards.

1. Scope of the audit
Auditor will want to gain more information about your infrastructure and network, in addition to asking general inquiries about the company and its operations. During this process, it is vital that you remain professional. By providing as much information as possible during an audit, more accurate will be its results.

KPMG offers several auditing services, with its most frequently used being SAM Assessments that assess licensing compliance as a point-in-time audit with results being valid up to five years later. However, their scope can change throughout a contract’s lifespan.

The SEC order found that KPMG partner Brian Sweet shared confidential information from a former PCAOB employee with other members of his firm prior to an inspection by the PCAOB, breaching both Sarbanes-Oxley and PCAOB regulations and failing to properly oversee his engagement team and document its work; these actions violated PCAOB standards as well as duty of reasonable care and skill which may result in sanctions from both authorities.

2. Identify key stakeholders
KPMG takes great care to safeguard client confidentiality. This commitment can be seen through its internal controls, policies and procedures – such as restricting access to confidential data and requiring employees to sign nondisclosure agreements; KPMG work papers are secured when stored securely so only authorized personnel have access.

The SEC found in its order that certain KPMG Colombia audit professionals improperly shared answers from training exams with colleagues and solicited such answers from peers. Furthermore, certain KPMG Colombia personnel altered audit documentation prior to PCAOB inspections in preparation of these inspections; then provided such altered documents directly to PCAOB inspectors for inspection purposes.

The MBSA and CSP contracts contain language enabling Microsoft to conduct audits on customers or subcontractors of customers or request self-audits by customers. It’s essential to be familiar with these contracts, their terms and impacts if an audit occurs in your business; should any audit notice come your way it would be wise to contact legal advice immediately.

3. Conduct a risk assessment
Audit risk evaluation is a key element of audit planning, providing auditors with an in-depth knowledge of their client’s internal control system and an understanding of any material misstatement risks that might exist, so as to design tailored procedures accordingly.

Example: Companies at high risk for theft will require the auditor to spend additional time counting inventory; in contrast, businesses with effective internal control tend to face lower risks associated with their inventory.

PCAOB issued two disciplinary orders (PDFs). One found Lakhani violated PCAOB documentation and supervision standards and failed to act with integrity during KPMG’s issuer audit work; in another order KPMG Resource Centre Private Limited (“KPMG India”) violated quality control standards.

4. Prepare for the audit
An MBSA audit’s purpose is to assess licensing compliance at one point in time (unlike an SPLA audit, which evaluates monthly compliance backdating up to five years). Auditors may hire an external auditor or ask you to perform one yourself; either way, you must give access to any systems running products under review as well as provide any documents requested by auditors with due regard for nondisclosure obligations.

Audit kick-off meetings usually consist of just auditors, but you could ask Microsoft to be present as well. At these meetings, questionnaires and inventory tool data will likely be requested of you – too much data might lead the auditors to count it against your volume licensing debt so limit how much user and server installation data you share at once.

Be ready to explain your compliance management processes and the basis for providing data. Do not discuss business arguments directly with auditors as that is Microsoft’s right.