IBM License Verifications: How to Avoid Unpleasant Surprises
IBM License Verifications: How to Avoid Unpleasant Surprises
16 August 2022
5 minutes to read
For over 15 years, IBM has been one of the most active software publishers in performing license verification activities. After a small break (due to the global Covid pandemic), the license verifications started again at full throttle. In addition, with the introduction of IBM’s Cloud Paks, the governance for the end-user organizations became even more complex due to the new container licensing model based on product ratios and Virtual Processor Core (VPC) metric. If you’re an IBM user, what are your options when it comes to license verifications?
IBM follows three different procedures to conduct a license verification:
Self-assessment – A self-assessment is initiated by IBM and the software publisher relies on the data provided/declared by you as an end-user. The “testing” activities (e.g.: a sample test on the whole IT environment and data completeness checks) are typically not part of the “self-assessment”. Usually, this type of verification is conducted on small-sized end-users or done for reduced product scope (e.g.: where IBM expects that there is a lack of governance on a specific software program). Depending on how the self-assessment is progressing, IBM may decide to turn the self-assessment into an official standard audit.
Standard audit – A standard audit is conducted by IBM and a Third-Party Auditor (Deloitte or KPMG). The audit is invoked through the “Compliance Verification” clause included in the Passport Advantage Agreement and is the most “invasive” verification. Invasive because the auditor will analyze the deployment and use of the IBM programs from the last 2 years and will require end-users to run scripts, conduct (positive and negative) sample testing and it typically also includes an onsite visit (which can be done remotely as well if need be). As a rule of thumb, each IBM customer is audited every 2-4 years.
IBM Authorized SAM Provider Program (IASP) – This program is an IBM Partner assisted self-reporting program, in which details and how IBM consumption reporting is managed is very strictly defined by IBM. In this program, an end-user signs up for the IBM services with one of a very select few IBM approved partners (Anglepoint, KPMG, EY, or Deloitte) to become their IASP Service provider. The benefits presented to the end-users include the limitations of receiving a formal IBM audit and optimization of the contract if the customer remains active on this program. In practice, end-users are however on a “continuous audit” and perceive this service as not delivering value to the IASP partner is required to share the deployment and usage data obtained to IBM and does not have the sole interest of the end-user at heart.
More details on IBM’s Verification practices can be found here.
What Do All of These Verifications Have in Common?
All the above verifications procedures have a few aspects in common. First of all, they are mainly conducted by Big 4 auditors who are being contracted and paid by IBM to provide this kind of service. Would this fully ensure that end-users gain the best outcome from a governance and cost-optimization perspective? Or does an end-user have the feeling that all these verification initiatives, including the IASP, would be conducted for the benefit of IBM only? Secondly, as for any other software publishers, audit activities always end with a commercial resolution between the two parties which typically will not result in a reduced IBM spend and associated annual S&S costs.
How To Be Prepared and Ensure Any License Verification Program Works in Your Favor
During a license verification there are multiple aspects that an end-user organization needs to take into account before engaging with it:
Timing: License verifications typically come at an unexpected moment in time, although it should be noted that no license verification can ever interfere with your normal business operations. If you do encounter high pressure from the auditors, keep in mind that you can discuss and agree on an appropriate timing that works for your organization. Of course, it is in the interest of IBM and the third-party auditor to complete the activities in the quickest possible way, with the objective to maximize the revenue outcome from the License Verifications program.
Methodology: Keep in mind that you have the right to agree on the process and data collection methodology you will follow, respecting the contractual terms and conditions agreed. Make sure you only share information that is relevant for the agreed scope and validate first what the (performance/security) impact of the external scripts you are requested to execute is. Who is financially liable for any performance issues and/or outages on your most business critical systems if these scripts are causing such issue? What is the audit firm willing to agree upon about this topic, from a financial liability perspective?
Alternative options: Keep in mind that there are SAM programs in place which are conducted by license experts using the same data-driven methodology as the auditors, but with a cost-saving orientation for the exclusive benefit of you as end-user (and most importantly without having the publisher involved in the process).
How Can SoftwareONE Support You?
SoftwareONE’s Publisher Advisory Services team operates as an independent provider and trusted advisor with the only purpose to operate for the exclusive benefit of the customer.
Our IBM Advisory Services have been specifically developed to provide visibility, support, value and results from investments in IBM products and services, helping you to realize potential cost savings and value through the application of recommendations based on data and actual facts.
Our IBM experts will support you to:
Obtain a complete and accurate license position of your IBM estate.
Stay in line with the licensing terms & conditions and mitigate any potential financial risk.
Optimize your contract and get the most valuable outcome from a negotiation.
Be prepared for an audit and go through that in a professional and efficient manner possible.
The tech world is such a rapidly developing field that it can sometimes be hard to stay up to date. With our monthly IT insights, you’ll stay in the know. Read SoftwareONE’s November news, vendor insights and trending topics.
The tech world is such a rapidly developing field that it can sometimes be hard to stay up to date. With our monthly IT insights, you’ll stay in the know. Read SoftwareONE’s October news, vendor insights and trending topics.