Control 4.8: Cost Allocation and License Optimization — Verification & Testing

Test cases and evidence collection procedures for Copilot cost allocation and license optimization.

Test Cases

Objective: Verify that PAYG Copilot charges are tied to the correct billing policy and reconciled to internal records
Steps:
Run Script 1 from the PowerShell Setup guide to retrieve PAYG billing data from Azure Commerce for the current month.
Review the billing policy configuration in Billing > Pay-as-you-go services and confirm the intended users or groups are covered.
Download the Azure invoice or cost export and confirm the PAYG Copilot line item matches Script 1 output.
Reconcile the total PAYG cost to the internal cost owner or department assigned to the billing policy.
Confirm the connected service and policy coverage match the approved scope.
Expected Result: PAYG billing data matches the billing-policy scope, reconciles to invoice or cost-management records, and is attributable to the correct cost owner.
Evidence: Script 1 output CSV; billing policy screenshot; invoice or Cost Management export.

Objective: Confirm that PAYG billing policies have budgets and notification routing configured appropriately
Steps:
Navigate to Billing > Pay-as-you-go services and review the active billing policies.
Verify each active billing policy has a budget configured.
Confirm alert recipients are set to the approved business and IT finance owners.
If prior notifications exist, confirm they were received and handled appropriately.
Run Script 2 from the PowerShell Setup guide to review budget configuration programmatically.
Expected Result: Budgets and notification routing are in place for all active billing policies.
Evidence: Screenshot of billing policy settings or budget configuration; notification records or email confirmation.

Objective: Verify that PAYG costs are correctly allocated to departments or cost owners through billing policy governance
Steps:
In Cost Management, filter by the Copilot service covered by PAYG.
Compare the costs with the billing policy owner and covered user or group list.
Identify any costs that cannot be mapped to an approved billing policy and investigate their source.
Compare the output with the internal finance cost center mapping to confirm alignment.
Expected Result: PAYG costs are attributable to approved billing policies and mapped to the correct cost owners.
Evidence: Cost Management export; billing policy inventory; comparison with finance cost center report.

Objective: Verify that the license inventory report matches the actual license state in the tenant
Steps:
Run the license inventory script.
Compare the script output with the M365 Admin Center Billing > Licenses page.
Verify total purchased, assigned, and available counts match.
Confirm the per-user cost matches the contracted price.
Expected Result: Script output matches Admin Center data exactly.
Evidence: Side-by-side comparison of script output and Admin Center screenshot.

Objective: Confirm that group-based licensing correctly assigns and removes licenses
Steps:
Add a test user to a Copilot license group.
Wait for the license to be assigned (up to 24 hours).
Verify the user has a Copilot license in their profile.
Remove the user from the group and verify the license is removed.
Expected Result: Licenses are automatically assigned and removed based on group membership.
Evidence: Screenshots showing group membership change and license status.

Objective: Validate that department chargeback calculations correctly allocate costs
Steps:
Run the department chargeback report.
Manually verify 3 departments by counting their licensed users.
Confirm the cost calculation uses the correct per-user rate.
Verify the total across all departments equals the total license cost.
Expected Result: Chargeback allocations are mathematically correct and total matches overall spend.
Evidence: Chargeback report with manual verification notes.

Objective: Confirm that inactive license detection correctly identifies underutilized licenses
Steps:
Run the underutilization detection script.
Manually verify 5 identified inactive users actually have no recent activity.
Cross-reference with the M365 usage report for the same period.
Confirm no active users are incorrectly flagged as inactive.
Expected Result: Detection correctly identifies truly inactive users with no false positives.
Evidence: Verification report comparing detection results with usage data.

Evidence Item	Source	Format	Retention
PAYG billing accuracy report	Script 1 + Azure invoice	CSV + Screenshot	Monthly archive; 7-year for regulated
Billing policy and budget configuration	Admin Center + Script 2	Screenshot + Script output	With control documentation
PAYG cost allocation by department	Cost Management export + billing policy inventory	CSV	Monthly archive
License inventory	PowerShell/Admin Center	CSV	Monthly archive
Chargeback report (per-seat)	Script 5	CSV	Monthly archive
Underutilization report	Script 6	CSV	Monthly archive
Group licensing config	Entra Admin Center	Screenshot	With control documentation

Regulation	Requirement	How This Control Helps
SOX Section 404 (15 U.S.C. § 7262)	IT general controls over financial reporting — material technology expenditure authorization	PAYG budget authorization controls, billing-policy review, and per-seat license tracking support IT asset management control requirements
FFIEC Management Booklet, Section II.D	IT investment governance — cost-benefit analysis and ongoing cost monitoring	Per-seat versus PAYG documentation and monthly billing review help satisfy this expectation
OCC Heightened Standards (12 CFR Part 30, Appendix D)	Operational risk governance framework — technology cost management	Billing-policy review, anomaly detection, and monthly PAYG reporting demonstrate responsive cost governance