IBM Audit Defense

Overview of IBM Audits:

• IBM Audit Stages
• IBM Audit Guide
• IBM Audit Triggers
• Audit Timing
• Auditor Errors
• Step-by-Step Audit Response Guide

Download our IBM Audit Guide for more information, including a list of the most common errors made by IBM auditors.

If you’re being audited by IBM, we’re here to help.  Miro has helped hundreds of IBM clients manage their audits over the last 20 years, saving them hundreds of millions of dollars in out-of-compliance costs. We’re so confident that we can help with your IBM audit that we provide a performance guarantee that your total cost savings will be greater than our fees.

IBM Audit Stages

No matter what stage of an IBM audit you are in, Miro Consulting can help.  The best time to your IBM audit is before you get the audit letter from IBM, but the second-best time is now.  Even if you already received your audit findings, Miro can help your organization negotiate the best outcome. IBM, like most software vendors, aggressively audits customers based on a perception of noncompliance. Gartner survey ranked IBM as the leader among software vendors in the number of audit requests.

IBM Audit Triggers

Audits represent billions of dollars in revenue for the software industry. IBM and other software vendors look for activity that may have changed an organization’s computing environment and  adherence to IBM’s Passport Advantage Agreement (IPAA):

• Mergers and acquisitions
• Change management
• Divestitures
• Change in business operations
• IBM believes the company is lax in enforcing licensing rules
• The final year of an IBM ELA

IBM Audit Timing

IBM and their auditor will schedule an audit kickoff meeting soon after the audit notification letter. During that meeting, the audit scope will be defined and a schedule will be proposed to conclude the audit in roughly three months.
Many IBM software audits take significantly longer because IBM is generally proven right that their customer has not been monitoring and recording all deployments of IBM’s intellectual property within their environment.

IBM Audit Errors

Because of various IBM software complexities, it is not unusual for draft audit results to contain errors. IBM’s auditor allows a week or two to review and respond to initial audit results before handing the result over to IBM to negotiate a settlement. When noncompliance is found, IBM’s customer is required to purchase the license shortfall and up to an additional two years of subscription and support to settle the audit.

Initial Steps to Take if you are audited by IBM

After the demand for a formal audit letter arrives, the first thing to do is validate IBM’s right to audit under IPAA, Section 1.12 Compliance Verification.   After confirming there are no contractual exceptions to prevent IBM’s audit, respond to assure IBM you are ready and willing to cooperate, subject to scope and timing negotiations.

Once you have done that, the initial steps do not differ from any other software audit:

• Negotiate and Clarify: – There is usually wiggle room to clarify and negotiate both the timing of an IBM audit, which IBM will expect you to do. The scope will include all your IBM site numbers from Passport Advantage and all IBM software. For timing, it is important to negotiate enough time to prepare before audit data collection begins.
  • Additional time may be granted for special circumstances, such as a fiscal year-end.
  • Once the scope, timing, and process are confirmed, IBM’s auditor will issue instructions for data collection of all software products that the customer indicated are still installed in their environment.
• Form your response team: – Your team should Include legal, IT, key members of the C-suite, and — ideally — an IBM expert. If you do not have someone on staff with comprehensive knowledge of IBM’s licensing and audits, hire an outside expert. An IBM expert can save money and optimize your licensing portfolio and help you navigate the intricacies of the IBM audit process after the demand letter arrives.
• Collect and review – Follow the IBM auditor instructions to collect data for specific software titles and submit them to the auditor.  In rare cases, you may have a customized legacy contract issued by IBM for software bought from a company acquired by IBM.  Eventually, these legacy contracts will be replaced with Passport Advantage (PPA) entitlements.
• Perform a self-audit – This should parallel IBM’s license compliance assessment, ideally using a Software Asset Management (SAM) program previously established.   Measure the IBM software deployments in the environment based on IBM’s licensing metrics, specific to the deployed version, to determine if enough license entitlements have been purchased.  Know where you stand!

The best way to avoid noncompliance arising from IBM audits is to utilize proactive software license management practices, including regular self-audits and the use of experts to keep you aware of the continuous changes to IBM’s licensing. Proactive management of software assets can reduce costs by avoiding both over and under-licensing. Average savings are usually about 30% the first year when a thoughtful IT asset management strategy is implemented, according to Gartner.

Conclusion

IBM audits can disrupt business activities, and the process can last well over a year. Audit settlements can cost millions of dollars. To achieve the most favorable outcome, and resolve the matter in the fastest way possible, the best strategy is to monitor your assets, licenses, and IBM’s policies. If you are unsure of your situation or have received an audit letter, contact a software license management expert as soon as possible, ideally before you respond to any audit letter.