Defending IBM Licensing Audits
If IBM informs you that you have been selected for a license compliance review or a software audit, you need to start thinking about how to prepare the best IBM audit defense to protect your organization from potentially hefty costs associated with non-compliance.
Compliance issues related to IBM software licensing are relatively common – and many organizations get themselves into problems due to failure to fully understand licensing agreements (particularly sub-capacity licensing and IBM’s License Metric Tool (“ILMT”)), exert enough control over employees who download software, or keep adequate software purchase records.
Whether the non-compliance is intentional or unintentional, you will likely be treated the same by IBM.
To help prepare your organization for an imminent audit, it is important to understand what the audit process entails and then take steps through the experienced lawyers, like the ones at Scott & Scott, LLP, to prepare your defense.
We’ve helped many organizations of all sizes reduce the risks related to software licensing following an IBM audit.
Read More → Key Components of Software Audit Response Policies
Read More → How to Conduct a Software Audit
IBM software audits: the basics
IBM regularly tells its customers that it is its policy to audit all licensees worldwide. Accordingly, if your organization has not yet been audited by IBM, it is likely that an audit is on the horizon.
Some organizations are surprised to learn that IBM has the contractual ability to audit its customers once each year. Even if you’ve recently settled an audit, another may be just around the corner.
The secret to successfully defending yourself against an IBM audit is to be adequately prepared. Firstly, you need to fully understand the terms in the license agreement.
Common IBM contracts
IBM has many different license agreements, including the International Program License Agreement (“IPLA”), the Passport Advantage Agreement (“PAA”), and occasionally Enterprise License Agreement (“ELA”).
As a licensee governed by the terms of one of these contracts, you may have the right to use the product and/or optional maintenance
In the event that maintenance is not renewed for all products in the same product family, during an audit after a year, you will be forced to buy “reinstate support” for all the licenses in the same product family.
The IBM audit process
IBM’s regularly retains the services of large auditing firms such as Deloitte and KPMG to perform the audits.
A team from one of these large accounting firms will often ask to conduct a portion of the audit on-site at the licensee’s facilities, which potentially increases costs for you as well as for IBM (particularly if it is a lengthy and complex audit).
At the beginning of the audit, you will likely receive written notification of an audit. At the outset, IBM and the auditors will likely schedule a phone call to “kick-off” the audit.
Although audits may have been triggered by a merger or acquisition, company expansion, cancellation of maintenance, because IBM regularly audits all of its customers world-wide, there may be no particular trigger.
Be sure to take the notification seriously. Remember that the primary purpose of the audit will be to see if the licensee has failed to pay all possible license fees and to determine whether IBM can generate more revenue from you. The audits do not generally go away if you ignore them.
First, check that the IBM proposed audit scope and framework are permitted by the terms and conditions you signed the relevant licensing agreement(s). Then, clarify the scope and timing of the audit with IBM.
During the audit, the audit team will request several types of data to determine the number of IBM installations on your network and the number of IBM licenses you own, including serial numbers.
Be aware that if IBM finds that the licensee is not in compliance with the terms of the license agreement, it may propose a monetary and non-monetary settlement that could include licenses costs as well as future and retroactive maintenance and support fees.
However, to ensure that IBM and its auditors have not made mistakes or overreached in terms of compliance findings, it is always important to review and confirm the accuracy of the findings and object in writing to any findings that are inappropriate or inaccurate.
It will help to have experienced counsel from Scott & Scott to advise you, guide you through the complex audit process, and liaise with the audit team.
Read More → IBM’s Standard Audit Clause is a Time Bomb
What are IBM’s main Licensing Metrics?
IBM’s main licensing metrics are both hardware-based and user-related.
The main hardware metrics are:
- Storage Capacity Unit (SCU)
- Processor Value Unit (PVU)
- Resource Value Unit (RVU)
The main user-related metrics are:
- Authorized users
- User Value Units
- Floating users, concurrent users
- Simultaneous sessions
IBM’s License Metric Tool
IBM’s License Metric Tool (ILMT) is a software asset management tool that could help licensees to:
- Keep track of your software inventory
- Take advantage of IBM’s sub-capacity software
- Monitor license usage
- Maintain compliance
- Keep a list of hardware
If you have not deployed and properly configured ILMT, or if you have not generated the required periodic ILMT reports, you CANNOT take advantage of sub-capacity licensing. That means, IBM will require you to license all products based on the full capacity of the physical hosts.
Deploying an up-to-date version of ILMT correctly will can help reduce the risks of non-compliance, but it is difficult, or in some cases impossible, to get ILMT installed and running correctly and producing accurate reports, which can lead to other compliance issues.
How can we help with an IBM Audit defense?
IBM will hire an experienced team, typically from a large accounting firm, to represent it in the audit The auditors are not acting independently, as they will resolve all disputes in IBM’s favor. Our attorneys have handled IBM audits involving businesses of all sizes are can help protect your rights as a licensee and reduce the risks associated with non-compliance.
Scott & Scott has a dedicated practice group focused on defending companies accused of software license violations by IBM.
Our communications are protected by the attorney-client and work-product privileges and are protected from disclosure in court.
Schedule a free 30-minute call to consider the best IBM audit defense strategy for your organization.