How to Survive an IBM Software License Audit
While many software vendors run software license audits on customers, there are some key differences customers should be mindful of when it comes to IBM, according to a new report from advisory firm Miro Consulting.
Wed, January 15, 2014
IDG News Service (Boston Bureau) — While many software vendors run software license audits on customers, there are some key differences customers should be mindful of when it comes to IBM, according to a new report from advisory firm Miro Consulting.
While it's not true that IBM wants to audit every software customer it has, like most it "aggressively pursues audits of customers based on its perception of potential noncompliance," according to Miro's report, "Managing and Minimizing the Impact of an IBM Audit." Miro offers software asset management, audit and contract negotiation services.
One big difference in IBM's auditing practices is its use of outside firms such as Deloitte to perform the work. "From a cost perspective, this means that an audit by IBM is a significant undertaking by IBM as well as the audit firm and the enterprise being audited," Miro CEO Scott Rosenberg and senior analyst Sharon Trembley wrote.
While IBM therefore has an incentive to get an audit done as quickly as possible, it can still take some months for one to begin after the vendor gives a customer notice, according to the report.
If a customer is found to be out of compliance, IBM asks them to buy the right licenses and pay two years of retroactive maintenance fees, according to Miro.
One thing customers shouldn't do is take the audit process personally, as the "universal reason" for them "is simple -- to capture more legitimate revenue," the report states.
Vendors look at events in a customer's business that may have had an impact on software licensing, such as a merger or acquisition, when deciding on whether to pursue an audit. Other "triggers" include the final stretch of long-term enterprise license agreements companies have with IBM. "This is good timing for IBM because a typical IBM audit -- depending on the environment and number of IBM products in use -- takes from 12 to 18 months to complete."
Customers who get an audit letter have a few ways to minimize their pain. One is to make sure that what IBM wants to audit is allowed by terms and conditions in ELAs, according to Miro.
There's also "usually wiggle room to clarify and negotiate both the scope and timing of an IBM audit, which IBM will expect you to do," the report adds.
Customers could also perform a "self-audit" in order to gauge their level of compliance before the actual audit.
Another matter to consider is that IBM audits often initially have errors, thanks to the company's "bewildering array of software products and licensing options," Miro said. "It's up to you to notice if initial audit results are based on wrong inventories, or overlooked special terms and conditions in the ELA."