IBM

IBM Audit – What You Need to Know to take control in 2024

An IBM software audit is:

  • Compliance Check: A formal review by IBM to ensure customers comply with software licensing terms.
  • Verification Process: Involves verifying the number of installations and licenses in use.
  • External Audit: Often conducted by a third-party firm on behalf of IBM.
  • Frequency: Can occur every one to three years or triggered by specific events.

Understanding IBM Audit

ibm audit

IBM software audits are comprehensive reviews conducted by IBM or a third-party auditor to verify that an organization’s use of IBM software complies with the licensing agreements.

These audits can be triggered by various factors, such as the end of a licensing agreement, a significant change in the organization’s infrastructure, or a routine compliance check.

Why IBM Software License Audit is Different

IBM software license audits differ from other software compliance audits for several reasons. Firstly, IBM conducts audits approximately once every four years, often using third parties like Deloitte and KPMG.

Secondly, the complexity of IBM’s products and licensing metrics and the diversity of contracts make IBM software license management challenging.

These factors increase the possibility of non-compliance, making IBM audits feel different from those of other software vendors.

Common IBM Contracts

Common IBM Contracts

IBM offers several contracts, but the most common are the Passport Advantage (PA) and the Enterprise Software & Services Offering (ESSO).

  • Passport Advantage (PA) Contract: This is IBM’s standard contract. Under a PA contract, a customer can purchase a license entitlement to use a product and/or optional maintenance, which must be renewed annually on the total purchased licenses.
  • Enterprise Software & Services Offering (ESSO) Contract: This contract is sometimes used as a global contract framing several contracts of the same group.

IBM’s Main Licensing Metrics

IBM uses various licensing metrics, broadly categorized into hardware and user-related metrics.

  • Hardware Metrics: These include metrics like Processor Value Unit (PVU), which is based on the number of cores of a server multiplied by a coefficient according to the type of processor, and Storage Capacity Unit (SCU), which differentiates three classes of storage.
  • User-related Metrics: These include Authorized User, which is related to the number of people who can access the solution, and Floating User, which depends on the number of users connected simultaneously.
ibm licensing metrics

Strategic IBM Software Audit Defense

ibm software audit

When facing an IBM software audit, strategic defense is crucial.

There are two modes of audit, depending on the size of the company and the products used:

  • Self-declaration: In this mode, the client declares its use and right of use to IBM.
  • Full Audit: In this mode, IBM conducts all audit stages.

Preparing for an IBM Audit

Upon receipt of the audit notification letter, it’s advisable to appoint a team to oversee the audit to ensure it’s running smoothly. This team should include stakeholders from purchasing, deployment, and legal experts.

Preparing for an IBM audit involves a structured approach:

  • Assemble a Dedicated Audit Team: This team should include members from various departments:
    • Purchasing: To provide insights into the licenses bought.
    • Deployment: To understand where and how IBM software is used.
    • Legal: To navigate the legal aspects of licensing agreements and compliance.
  • Conduct a Comprehensive Review:
    • Inventory Assessment: Conduct a detailed inventory of all IBM software installations within your organization.
    • Data Verification: Ensure the data on software usage is accurate and complete. This step is crucial before any information is shared with IBM, as it forms the basis of the audit.

Common Reasons for Non-compliance

ibm licensing compliance risks

Non-compliance during an IBM audit can occur due to several reasons:

  • Misunderstanding of Licensing Models: IBM’s licensing models can be complex, and misunderstanding these models can lead to non-compliance.
  • Inaccurate Record Keeping: Inaccurate or incomplete record-keeping can result in discrepancies during the audit, leading to non-compliance.
  • Inadequate Management of Product Deployment: Improper management of product deployment can lead to unauthorized use of software, resulting in non-compliance.

IBM License Audit Process

ibm license audit process
  1. Audit Initiation: IBM initiates the audit process by sending a notification letter to the customer. This letter outlines the scope of the audit, the target legal entity, and the auditor’s name. The customer needs to verify that their existing license agreements authorize the scope of the audit.
  2. Data Collection: The customer must gather information about their IBM software installations and licenses. This includes data about hardware, software, users, and other relevant information. IBM provides instructions for this data collection process.
  3. Audit Execution: The audit is conducted either through a self-declaration process, where the customer declares their software usage and rights of use, or a full audit, where IBM conducts all audit stages. This is typically determined by the size of the company and the products used.
  4. Audit Report: IBM will provide a draft of the audit report after the audit. This report reflects IBM’s perspective and may not consider all mitigating factors. Customers must review these findings carefully and object to anything they disagree with.
  5. Settlement Negotiation: If non-compliance is found, IBM may propose a monetary settlement, including retroactive maintenance fees and license costs. The customer has the right to negotiate this settlement. Customers who believe their license costs are too high can consult an IBM expert for guidance.
  6. Resolution: Once the audit findings are agreed upon, the customer may need to purchase additional licenses to cover any shortfalls, extend their subscription further, or pay any penalties imposed. The final resolution will depend on the specific circumstances of the audit.
  7. Post-Audit: After the audit, it’s recommended that the customer continue monitoring their IBM software usage and maintain accurate records to ensure ongoing compliance and readiness for any future audits.

Negotiating IBM Audit Settlement

Negotiating IBM Audit Settlement

If non-compliance is found during an audit, the next step is to negotiate an IBM audit settlement with IBM. This process can be complex and requires a clear understanding of IBM’s licensing models and negotiation strategies.

  • Factors to Consider: When negotiating a settlement, consider factors such as the extent of the non-compliance, the reasons for the non-compliance, and the potential financial impact.
  • Tips for Successful Negotiation: Successful negotiation requires understanding your rights and obligations under the licensing agreement.

IBM License Audit Help: 4 Key Reasons to Seek External Assistance

Facing an IBM license audit can be daunting for any organization. Here’s why getting independent help is crucial:

  1. Expertise: External advisors know about IBM’s licensing models and audit processes. Their expertise can navigate the complexities, ensuring compliance and potentially uncovering areas for cost savings.
  2. Negotiation Leverage: Experienced consultants can offer significant leverage during negotiations, advocating on your behalf to achieve more favorable terms and avoid potential penalties.
  3. Risk Mitigation: An independent audit review can identify and rectify compliance risks before they escalate, protecting your organization from costly non-compliance fees.
  4. Strategic Planning: Advisors can help align your IBM software usage with business needs, optimizing your license portfolio for efficiency and cost-effectiveness.

Leveraging external help for an IBM license audit safeguards against compliance risks and ensures that your licensing strategy supports your organization’s long-term goals.

FAQs on IBM Audits

What is an IBM software audit?

An IBM software audit is a comprehensive review conducted by IBM or a third-party auditor to verify that an organization’s use of IBM software complies with the licensing agreements.

Why are IBM software audits different from other software compliance audits?

IBM software audits are different due to their frequency, the complexity of IBM’s products and licensing metrics, and the diversity of contracts, which makes IBM software license management challenging.

What triggers an IBM software audit?

Triggers can include substantial business growth, organizational restructuring, IT infrastructure changes, investment stagnation or decline in IBM technologies, cancellation of an IBM product-related project, inadequate ILMT deployment or maintenance, support request for an unregistered IBM product, change in IBM account manager, termination of an IBM Enterprise License Agreement (ELA), and high-risk IBM products.

What are the standard IBM contracts?

The most common IBM contracts are the Passport Advantage (PA) and Enterprise Software & Services Offering (ESSO) Contracts.

What are IBM’s main licensing metrics?

IBM uses various licensing metrics, broadly categorized into hardware and user-related metrics.

What is the role of the IBM License Metric Tool (ILMT)?

The IBM License Metric Tool (ILMT) helps organizations maintain an inventory of their IBM software and measure the Processor Value Unit (PVU) consumption for eligible products.

What factors should be considered when negotiating an IBM audit settlement?

Factors to consider when negotiating are the non-compliance, the reasons for the non-compliance, and the potential financial impact.

What is the importance of proper IBM software audit defense?

IBM software audit defense is crucial to ensure ongoing compliance and avoid potential non-compliance issues.

What is the Passport Advantage (PA) Contract?

The Passport Advantage (PA) Contract is IBM’s standard contract. In it, a customer can purchase a license entitlement to use a product and optional maintenance.

Extended FAQs

  1. Q: How can organizations track their IBM software usage over time to ensure compliance?

    A: Organizations can use software asset management tools, including IBM’s License Metric Tool (ILMT), to monitor and manage their software usage and ensure compliance with licensing terms.
  2. Q: What specific organizational roles should be involved in the audit defense team?

    A: The audit defense team should include IT managers, software asset managers, legal advisors, procurement officers, and potentially external consultants with expertise in IBM licensing.
  3. Q: How does virtualization affect IBM software licensing and audit processes?

    A: Virtualization can complicate licensing due to the dynamic allocation of resources. Organizations must understand how their virtualized environments impact their licensing requirements, particularly with IBM’s Processor Value Unit (PVU) licensing.
  4. Q: Are there any common pitfalls in interpreting IBM’s licensing metrics that organizations should be aware of?

    A: Yes, misunderstandings often arise regarding defining users in Authorized User licensing or calculating PVUs in virtualized environments, leading to non-compliance.
  5. Q: How should organizations prepare for an IBM audit if they use third-party management tools for their IBM software?

    A: They should ensure that any third-party tools accurately track and report IBM software usage according to IBM’s licensing terms and be prepared to validate the data these tools provide during an audit.
  6. Q: Can IBM software deployed in cloud environments affect the audit process?

    A: Yes, deploying IBM software in cloud environments can affect licensing, particularly regarding how licenses are counted and managed. Organizations should clearly understand the implications of cloud deployments on their IBM licensing compliance.
  7. Q: What strategies can organizations employ to minimize financial impacts in case of non-compliance findings?

    A: Strategies include negotiating with IBM regarding the findings, exploring options for license optimization before the audit conclusion, and seeking expert advice to challenge or mitigate the audit findings.
  8. Q: How does the IBM License Metric Tool (ILMT) help in audit defense?

    A: ILMT helps organizations maintain an up-to-date inventory of their IBM software usage, which is crucial for proving compliance during an audit.
  9. Q: What are the implications of not clearly understanding IBM’s Sub-Capacity licensing terms?

    A: Organizations may overestimate their compliance position without a clear understanding, leading to unexpected non-compliance issues and potential financial penalties.
  10. Q: How often should organizations audit their IBM software usage internally?

    A: Organizations should conduct internal audits at least annually or whenever significant changes in their IT environment occur to ensure ongoing compliance.
  11. Q: What role does documentation play in the IBM audit process?

    A: Comprehensive documentation of licenses, deployments, and usage is critical for validating compliance claims and defending against audit findings.
  12. Q: Can changes in business operations trigger an IBM audit?

    A: Yes, significant changes such as mergers, acquisitions, or divestitures can trigger an audit due to the potential impact on licensing requirements and compliance status.
  13. Q: How should organizations handle discrepancies found during the IBM audit process?

    A: They should thoroughly review discrepancies, provide clear explanations or documentation to resolve misunderstandings, and negotiate with IBM to address genuine non-compliance issues.
  14. Q: What preventive measures can organizations take to avoid non-compliance with IBM’s licensing terms?

    A: Preventive measures include implementing robust software asset management practices, regularly training staff on licensing terms, and using tools like ILMT to monitor software usage.
  15. Q: How can organizations leverage IBM audits to optimize their software licensing and reduce costs?

    A: Audits can be an opportunity to review and optimize software deployments, renegotiate contracts, and eliminate unused or underutilized licenses, potentially leading to cost savings.

IBM license audit service

  • Strategic Audit Management: Provides a shield against aggressive IBM auditing tactics, ensuring audits are fair and in line with contractual agreements.
  • Expert Licensing Analysis: This service offers an in-depth analysis of IBM’s complex licensing terms, protecting clients from potential misunderstandings and non-compliance risks.
  • Comprehensive Documentation Review: Rigorously examines and organizes all relevant software usage and license documents, fortifying against any unwarranted compliance claims from IBM.
  • Negotiation Support: Equips clients with strategic negotiation insights and support to minimize the financial and operational impacts of IBM audits.

This service is designed to offer a robust defense against IBM audits, often seen as intrusive and demanding, by ensuring that the client’s rights are protected and their business operations are minimally disrupted.

Contact us to get help with your IBM Audit.

Author

  • Fredrik Filipsson

    Fredrik Filipsson brings two decades of Oracle license management experience, including a nine-year tenure at Oracle and 11 years in Oracle license consulting. His expertise extends across leading IT corporations like IBM, enriching his profile with a broad spectrum of software and cloud projects. Filipsson's proficiency encompasses IBM, SAP, Microsoft, and Salesforce platforms, alongside significant involvement in Microsoft Copilot and AI initiatives, enhancing organizational efficiency.