IBM is one the software publishers which has always been very active with audits. The COVID-19 situation changed this drastically. During the summer of 2020 no new audits were announced in most regions. By the end of 2020 IBM started up the audit practice again and they are mostly doing this with the relatively new RISE program.
RISE stands for Remote IBM Software Evaluation. As the term suggests these reviews are done completely remote which enables IBM to continue auditing during the COVID-19 crisis. With this program IBM is also able to progress rapidly through the audits and spend less time on each individual audit. To realize this, IBM doesn’t need to include all IBM products a customer has in scope, but only the high-risk products. The official IBM auditors, Deloitte and KPMG, have both developed a portal which acts as a central hub for the data collection phase in the audit. The instructions and the required information per product are also presented in the portal. This means the whole process can be executed remotely and partially automated, enabling IBM to go through an audit very quick. Deadlines for these software evaluations are often very tight resulting in settlements within a month of announcing an audit.
This way of working also makes the whole process cheaper which means that “smaller” customers are a more likely target as well. We are already seeing an increase with these companies which haven’t been audited before.
Another observation is that customers are being audited more frequently. Before, IBM usually audited the larger customers every three years. With the RISE program we’ve already seen shorter time-spans between audits. This is further supported by the fact that IBM doesn’t add a three year “no audit clause” to settlement letters anymore.
All the more reason to always be prepared for an audit and make sure you always have control of your IBM software assets compliancy.