In software licensing, IBM audit have become increasingly common. These audits are critical to IBM’s strategy to ensure compliance with their software licensing agreements.

Understanding these audits, why they are different, and how to effectively navigate them is essential for any organization using IBM software.

Understanding IBM Audit

IBM software audits are comprehensive reviews conducted by IBM or a third-party auditor to verify that an organization’s use of IBM software complies with the licensing agreements.

These audits can be triggered by various factors, such as the end of a licensing agreement, a significant change in the organization’s infrastructure, or a routine compliance check.

Why IBM Audit are Different

IBM software audits differ from other software compliance audits for several reasons. Firstly, IBM conducts audits approximately once every four years, often using third parties like Deloitte and KPMG.

Secondly, the complexity of IBM’s products and licensing metrics and the diversity of contracts make IBM software license management challenging. These factors increase the possibility of non-compliance, making IBM audits feel different from those of other software vendors.

Common IBM Contracts

IBM offers several contracts, but the most common are the Passport Advantage (PA) and the Enterprise Software & Services Offering (ESSO).

• Passport Advantage (PA) Contract: This is IBM’s standard contract. Under a PA contract, a customer can purchase a license entitlement to use a product and/or optional maintenance, which must be renewed annually on the total purchased licenses.
• Enterprise Software & Services Offering (ESSO) Contract: This contract is sometimes used as a global contract framing several contracts of the same group.

IBM’s Main Licensing Metrics

IBM uses a wide range of licensing metrics, broadly categorized into hardware and user-related metrics.

• Hardware Metrics: These include metrics like Processor Value Unit (PVU), which is based on the number of cores of a server multiplied by a coefficient according to the type of processor, and Storage Capacity Unit (SCU), which differentiates three classes of storage.
• User-related Metrics: These include Authorized User, related to the number of people who can access the solution, and Floating User, which depends on the number of users connected simultaneously.

Top 10 triggers for IBM audits

1. Substantial Business Growth: If your business experiences significant growth, IBM will expect you to invest more in its products, including purchasing additional licenses for existing and new offerings. If this doesn’t happen, an audit may be initiated.
   
   
2. Organizational Restructuring: Significant organizational changes, such as mergers, acquisitions, or divestitures, can create license compliance risks. License agreements often need adjustments during these transitions, and gaps in entitlements may arise between entities.
   
   
3. IT Infrastructure Changes: Major IT infrastructure changes can attract IBM’s attention, as they may introduce compliance risks for products with a PVU license metric. Upgrading hardware, adding nodes, and increasing virtual machines can create a need for additional licenses.
   
   
4. Investment Stagnation or Decline in IBM Technologies: IBM expects a 3-5% annual growth in revenue from all accounts, typically achieved through increasing annual S&S. If the overall investment doesn’t improve or declines due to support cancellation, the risk of an audit escalates.
   
   
5. Cancellation of an IBM Product-Related Project: The sudden cancellation of a project involving a substantial investment in IBM products increases the risk of an audit.
   
   
6. Inadequate ILMT Deployment or Maintenance: IBM may audit you if they suspect poor management of their product deployment. The most common indicator is the absence of ILMT deployment or outdated ILMT.
   
   
7. Support Request for an Unregistered IBM Product: If your technical team tries to open a support ticket for a product IBM has no record of you purchasing, your account manager will be notified.
   
   
8. Change in IBM Account Manager: A new Account Manager may review all accounts to generate business leads, disregarding previous relationships established with former account managers.
   
   
9. Termination of an IBM Enterprise License Agreement (ELA): If you choose not to renew your IBM ELA, expect an audit within 12 months.
   
   
10. High-Risk IBM Products: IBM recognizes that certain products carry a high compliance risk, increasing the chances of generating new revenue from an audit. This includes most PVU licenses (e.g., WebSphere, DB2) and user-based licenses with challenging user permission management, such as Cognos and Maximo. Like many Tivoli products, products with complex license models are also often primary audit targets.

Strategic IBM Software Audit Defense

When facing an IBM software audit, strategic defense is crucial. There are two modes of audit, depending on the size of the company and the products used:

• Self-declaration: In this mode, the client declares its use and right of use to IBM.
  
  
• Full Audit: In this mode, IBM conducts all audit stages.

Preparing for an IBM Audit

Upon receipt of the audit notification letter, it’s advisable to appoint a team in charge of the audit to ensure its smooth running. This team should include stakeholders from purchasing, deployment, and legal experts.

Before sharing data with IBM, it’s essential to have a clear view of IBM installations and to verify that the data is accurate and complete.

Common Reasons for Non-compliance

Non-compliance during an IBM audit can occur due to several reasons:

• Misunderstanding of Licensing Models: IBM’s licensing models can be complex, and a misunderstanding of these models can lead to non-compliance.
  
  
• Inaccurate Record Keeping: Inaccurate or incomplete record-keeping can result in discrepancies during the audit, leading to non-compliance.
  
  
• Inadequate Management of Product Deployment: Improper management of product deployment can lead to unauthorized use of software, resulting in non-compliance.

IBM License Management

Proper license management is critical to maintaining compliance during an IBM audit. This involves understanding usage rights, managing licensing and maintenance contracts, and controlling the deployments of bundles.

The Role of IBM License Metric Tool (ILMT)

The IBM License Metric Tool (ILMT) is crucial in managing IBM licenses. ILMT helps organizations maintain an inventory of their IBM software and measure the Processor Value Unit (PVU) consumption for eligible products.

• Understanding ILMT: ILMT is a free software tool provided by IBM that helps organizations track and manage their IBM software assets. It provides detailed reports on software usage, which can be invaluable during an audit.
  
  
• Importance of Proper ILMT Deployment: Proper deployment and configuration of ILMT are essential for accurate software usage reporting. Failure to correctly deploy ILMT can lead to inaccurate reports and potential non-compliance during an audit.

IBM License Audit Process

1. Audit Initiation: IBM initiates the audit process by sending a notification letter to the customer. This letter outlines the scope of the audit, the target legal entity, and the auditor’s name. The customer needs to verify that their existing license agreements authorize the scope of the audit.
   
   
2. Data Collection: The customer is then required to gather information about all of their IBM software installations and licenses. This includes data about hardware, software, users, and other relevant information. IBM provides instructions for this data collection process.
   
   
3. Audit Execution: The audit is conducted either through a self-declaration process, where the customer declares their software usage and rights of use, or a full audit, where IBM conducts all audit stages. This is typically determined by the size of the company and the products used.
   
   
4. Audit Report: After the audit, IBM provides a draft audit report. This report reflects IBM’s perspective and may not consider all mitigating factors. It’s crucial for the customer to review these findings carefully and object to anything they disagree with.
   
   
5. Settlement Negotiation: If non-compliance is found, IBM may propose a monetary settlement, which could include retroactive maintenance fees and license costs. The customer has the right to negotiate this settlement. If the customer believes their license costs are too high, they can consult an IBM expert for guidance.
   
   
6. Resolution: Once the audit findings are agreed upon, the customer may need to purchase additional licenses to cover any shortfalls, extend their subscription for a further period, or pay any penalties imposed. The final resolution will depend on the specific circumstances of the audit.
   
   
7. Post-Audit: After the audit, it’s recommended that the customer continue monitoring their IBM software usage and maintain accurate records to ensure ongoing compliance and readiness for any future audits.

Negotiating IBM Audit Settlement

If non-compliance is found during an audit, the next step is negotiating a settlement with IBM. This process can be complex and requires a clear understanding of IBM’s licensing models and negotiation strategies.

• Factors to Consider: When negotiating a settlement, consider factors such as the extent of the non-compliance, the reasons for the non-compliance, and the potential financial impact.
  
  
• Tips for Successful Negotiation: Successful negotiation requires a clear understanding of your rights and obligations under the licensing agreement.

Case Study: Successful IBM Audit Defense

To illustrate the importance of proper IBM software audit defense, let’s consider a real-life example of a successful IBM audit defense. A large multinational corporation faced a potential non-compliance issue during an IBM audit.

The company clearly understood its IBM software usage, had properly deployed ILMT, and had kept accurate records of its software deployments. During the audit, the company demonstrated compliance with the licensing agreements, resulting in a successful audit outcome.

Conclusion

IBM software audits can be complex and challenging, but with a clear understanding of IBM’s licensing models, effective license management, and strategic audit defense, organizations can successfully navigate these audits.

It’s essential for businesses to continually improve their IBM software audit defense strategies to ensure ongoing compliance and avoid potential non-compliance issues.

In the ever-evolving world of software licensing, staying informed and prepared is critical. Remember, the goal of IBM software audits is not to catch organizations out but to ensure fair and equitable use of IBM’s software products.

By understanding and adhering to IBM’s licensing models, organizations can achieve compliance and optimize their software investments.

Call to Action

If you found this article helpful, please share it with others who might benefit. If you have any questions or need further information on IBM software audits, don’t hesitate to get in touch. We’re here to help you navigate the complexities of software licensing and achieve successful audit outcomes.

FAQs on IBM Audits

How Redress can help if you are audited by IBM

• Comprehensive audit preparation: We help you thoroughly prepare for an IBM audit by understanding your current IBM software usage and licensing agreements.
  
  
• License optimization: Our team will analyze your existing licenses and usage, identifying opportunities to optimize your licensing and reduce costs.
  
  
• Audit support: We provide guidance and assistance during the audit process, helping you navigate the complexities and challenges that may arise.
  
  
• Compliance gap identification: We pinpoint compliance gaps and assist in creating a plan to address them before the audit takes place.
  
  
• Negotiation assistance: We offer support in negotiating with IBM to minimize penalties and ensure the best possible outcome.
  
  
• Customized audit defense strategy: We develop a tailored audit defense strategy based on your organization’s unique needs and situation.