An Audit by Another Name: IBM’s new IASP Program

in IBM Audits

This year, IBM announced that it was going to present certain customers with the opportunity to participate in its new IBM Authorized SAM Partner Services (“IASP”). In a recent webinar that it co-0presented with KPMG, one of its approved IASP partners, IBM described the opportunity as an “alternative to an IBM audit.” For IBM customers that qualify for the program, which is currently by invitation only, IBM will allow the customer to work with the approved IASP partner to continuously monitor IBM usage. IBM previously had an LMO program that offered similar services, but that program has been discontinued and is no longer available to IBM customers.

Here’s how it is designed to work. IBM will take recommendations from their IASP vendors for customers that might benefit from the program. Customers can also request inclusion into the program. Selected customers will enter into and IASP agreement with IBM, which allows the customers to forgo any license compliance verification activities initiated by IBM during the term of the IASP agreement. The customer will hire then an approved vendor, like KPMG or Anglepoint, to perform services related to licensing review. A typical term for an IASP agreement is three years.

The customer and IASP vendor will develop a statement of work for these services. The vendor will utilize IBM’s license metric tool (“ILMT”) or other approved tools to identify IBM installations that are licensed on either a PVU or a non-PVU basis. The vendor will compare the installations to the customer’s license entitlements and identify any compliance issues based on the customer’s license agreement with IBM. The vendor will produce compliance reports on a quarterly basis for PVU-based licenses and annually for non-PVU-based licenses. While the customer will have the opportunity to review the reports to identify any inaccuracies, the customer does not appear to have the option of refusing to provide the reports to IBM on the scheduled basis.

If a license shortfall is identified by the vendor, IBM says that it will allow the customer to purchase licenses at the customer’s historically discounted rates through IBM directly or through a preferred business partner. The customer will not be able to purchase licenses from the IASP vendor. IBM also claims that it will waive any payments for back maintenance associated with the license purchased by the customers.

In the presentation, KPMG touted its qualifications for assisting customers with installation, configuration, and troubleshooting of ILMT in the IASP-participant’s environment. KPMG also indicated that IASP participants are “free to negotiate” resolutions for shortfalls identified in the IASP program. KPMG did not provide any details about how customers would negotiate resolutions for any identified compliance gaps.

Many customers who are considering the IASP program have recognized that the primary benefits of the program include having more confidence that the IBM environment is properly licensed, having a review conducted by a third party who has experience conducting IBM’s license reviews, and avoiding costly and unexpected license compliance reviews that may be initiated at inconvenient times. In other words, instead of being surprised by an unexpected audit, the customer can schedule audit that occurs over the course of three years at quarterly intervals.

Other customers have concerns with the program. Initially, there is no guarantee that IBM would otherwise conduct an audit during the term of the IASP agreement. Customers who are not already being audited by IBM are exchanging the chance for an audit at some indeterminate time in the future which guaranteed compliance reporting several times each year. Moreover, customers are concerned that the vendors are not independent, those vendors receive instructions from IBM. Finally, some customers were concerned that IBM would have too much insight into corporate strategies, e.g., whether the customer was considering eliminating some or all of IBM’s products from its environment. Those customers indicated that they might prefer to hire one of the approved vendors independently, rather than through the IASP program so that the customer, not IBM, would control access to the reporting.

The new program has many potential benefits, and customers who are considering participation in the IASP program should carefully review and revise the IASP agreement with IBM and the SOW with the vendor to help minimize the risk of unpleasant surprises during the project. Working with experienced counsel to help evaluate the program’s potential benefits and memorialize the agreements can help reduce those risks significantly.