While many software vendors run software license audits on customers, there are some key differences customers should be mindful of when it comes to IBM, according to a new report from advisory firm Miro Consulting.
While it's not true that IBM wants to audit every software customer it has, like most it "aggressively pursues audits of customers based on its perception of potential noncompliance," according to Miro's report, "Managing and Minimizing the Impact of an IBM Audit." Miro offers software asset management, audit and contract negotiation services.
One big difference in IBM's auditing practices is its use of outside firms such as Deloitte to perform the work. "From a cost perspective, this means that an audit by IBM is a significant undertaking by IBM as well as the audit firm and the enterprise being audited," Miro CEO Scott Rosenberg and senior analyst Sharon Trembley wrote.
While IBM therefore has an incentive to get an audit done as quickly as possible, it can still take some months for one to begin after the vendor gives a customer notice, according to the report.
If a customer is found to be out of compliance, IBM asks them to buy the right licenses and pay two years of retroactive maintenance fees, according to Miro.
One thing customers shouldn't do is take the audit process personally, as the "universal reason" for them "is simple -- to capture more legitimate revenue," the report states.
Vendors look at events in a customer's business that may have had an impact on software licensing, such as a merger or acquisition, when deciding on whether to pursue an audit. Other "triggers" include the final stretch of long-term enterprise license agreements companies have with IBM. "This is good timing for IBM because a typical IBM audit -- depending on the environment and number of IBM products in use -- takes from 12 to 18 months to complete."
Customers who get an audit letter have a few ways to minimize their pain. One is to make sure that what IBM wants to audit is allowed by terms and conditions in ELAs, according to Miro.
There's also "usually wiggle room to clarify and negotiate both the scope and timing of an IBM audit, which IBM will expect you to do," the report adds.
Customers could also perform a "self-audit" in order to gauge their level of compliance before the actual audit.
Another matter to consider is that IBM audits often initially have errors, thanks to the company's "bewildering array of software products and licensing options," Miro said. "It's up to you to notice if initial audit results are based on wrong inventories, or overlooked special terms and conditions in the ELA."
When it comes to IBM, the process of tracking each license and its related paperwork can be a tricky task for customers, the report adds.
For example, third-party software a customer has may include embedded IBM software. During an audit, customers will have to prove they already paid for it.
Other tricky areas include the rules IBM uses for software running on standby, as well as "misidentified hardware," the report states. "A lot of IBM software is licensed according to the hardware it runs on."
Overall, software vendors are justified in doing audits, since they protect intellectual property and collect money to which they're entitled, Forrester Research analyst Duncan Jones said this week via email.
"But sometimes the pressure on an individual salesperson to deliver results can drive them to creative interpretation of gray areas and over-enthusiastic enforcement of small print," Jones added. "My advice to clients is therefore to recognize an individual's motivation and be quick to escalate within the vendor organization if they believe that individual is being unfair or unreasonable. "
Like Miro's report, Jones recommended that customers implement software license tools. "Most compliance groups' main target is companies who are deliberately or recklessly under-licensed, so an audit will be much smoother if you can show you've been diligent," he said. "It will also strengthen your case should you need to escalate an issue created by an over-enthusiastic rep."
An IBM spokeswoman didn't respond to a request for comment on the company's auditing practices.
Chris Kanaracus covers enterprise software and general technology breaking news for The IDG News Service. Chris' email address is Chris_Kanaracus@idg.com
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.