Staying Out of Jail: IBM Licence Auditing Process – Part 2
How An IBM Licence Audit Works
IBM does not audit every customer. Like many software vendors they look for triggers. These include:
- Previous Audit
- Audit by Another Vendor
- Merger & Acquisitions
- Customer Organisation Change or Difficulties
- Analytics, e.g. low licences for company size
- Complex Licence Types, e.g. IBM Complete Enterprise Option (CEO)
- Vendor Rep Suggests an Audit (the most common reason)
One difference with IBM Licence audits is its use of major consultants, such as Deloitte or KPMG, to perform the work. Due to the cost of this IBM do not undertake them lightly but they still audit over 40% of enterprise customers every year.
The initial approach will be in the form of an IBM Audit Letter. It can take months for the audit to begin after IBM gives a customer notice. These audits last between 6 and 18 months, depending on the size of the IT environment.
After the customer receives the letter and the kick-off takes place, the auditor will send questionnaires which focus on the software which customers have deployed within their company, requesting them to execute commands/statements or provide screen shots. This is a self-assessment, so the customer determines their own licensing needs and the auditor ensures they receive those licences. The goal of these questionnaires is for the auditor to get the right information to calculate the licence need.
After the customer delivers all the relevant licensing information, the auditor checks the accuracy of the data during an onsite visit (or possibly online), including random checks of unreported systems. It is easy for software to be found in places you didn’t think it was installed.
Then a Draft Licence Entitlement Position will be provided. This draft will be reviewed and approved by the customer before the auditing company provides the final Entitlement Licence Position to IBM. Then it is up to the customer to complete the audit with IBM, agree on an outcome and address possible licensing gaps.
If you are found to be out of compliance, IBM usually asks you to buy the correct licences and retrospectively to pay two years of maintenance.
What You Should Do If IBM Calls
When IBM requests a licence compliance engagement, there’s nothing you can do but agree and then do what you can to minimise your costs.
Firstly, make sure that what IBM wants to audit is allowed by terms and conditions in ELAs. It is usually possible to negotiate both the scope and timing of an IBM audit. If you haven’t prepared in advance then you should perform a self-audit to assess your level of compliance in advance.
Remember that IBM Licence audits often have initial errors, thanks to their broad range of software products and licensing options.
The process of tracking each IBM licence and its related paperwork can be a tricky. For example, you may have third-party software which includes embedded IBM software so you will have to prove you have already paid for it. Other tricky areas include the rules IBM uses for software running in stand-by mode. Also, much IBM software is based on Processor Value Unit (PVU) licensing and if you have upgraded or changed your server hardware then extra licences may be required.
Engage a third-party IBM licensing expert or IBM Business Partner to provide relevant knowledge and experience in the negotiations.
Saving Time & Money
Sometimes the use of proper SAM procedures and licensing tools can actually save you money. It may be that you no longer need the original number of licences which you purchased and so you can cancel maintenance on the excess.
If you have involved a consultant then they may be able to advise on alternative licensing options.
With a proper Software Asset Management (SAM) practice in place you can significantly reduce the impact of an audit and possibly save yourself some money.
If you have been affected by any of the issues raised in this posting then Typex consultants may be able to provide reassurance and support.