202110.07
Off
0

Don’t Short-Sheet the Internal Analysis in an IBM Audit

in IBM Audits

One of the most critical steps any business faces in any software audit is conducting an internal analysis of deployments to entitlements, preferably before any audit data is shared with the auditors. That internal review serves several purposes, including (1) identifying deployments for which a company’s license documentation may be lacking, thereby giving the company an earlier opportunity to locate invoices or other purchasing records, (2) identifying deployments at risk of being counted inaccurately by auditors, and (3) giving finance teams an opportunity to set aside appropriate reserves based on estimated exposure levels.

In IBM audits, the deployment data and account records necessary for an accurate internal analysis are more voluminous and more complex than what companies may be expecting based on experience in other matters. The following list includes the information that is typically required to complete that analysis. Companies using IBM software should take the time to measure their audit readiness by determining whether they can produce the following data on demand:

Team: IT
Relevant Information:

  • Location/identity of company datacenters
  • Identity of all software-asset-management tools currently in use to monitor software deployments (including any tools, such as ILMT, used to satisfy IBM’s sub-capacity licensing restrictions)
  • If sub-capacity licensing rules are used for any servers, copies of all reports generated to demonstrate compliance with sub-capacity restrictions
  • Identity and description of any customer-facing solutions incorporating IBM products
  • Identity and hardware specifications (server name, server model, processor model, processors per server, cores per server) of all physical servers running IBM products
  • Identity and hardware specifications (server name, vCPUs per VM/LPAR, capped or uncapped) of BMC VMs/LPARs hosted on physical servers running IBM products
  • Identity of IBM products running on company servers (including any optional product add-ons or services)
  • Identity of company-internal users accessing IBM products running on company servers and, if possible, the discrete servers accessed by those users
  • Identity of customer end users accessing IBM prodcuts running on company servers and, if possible, the discrete servers accessed by those users
  • Subscription and support requirements for all IBM products deployed on company servers

Team: Finance
Relevant Information:

  • For audits under an IBM OEM or ASL agreement, copies of all quarterly reports submitted since the signing of the base agreement
  • For audits under an IBM OEM or ASL agreement, copies of all company-internal royalty reporting used to support quarterly reports to IBM
  • For audits under an IBM OEM or ASL agreement, copies of all IBM invoices based on quarterly reports
  • Copies of all invoices and/or certificates of entitlement for all IBM product licenses procured under any other license agreement(s)

Team: Procurement
Relevant Information:

  • Identity of any and all license agreements between IBM and the company including:
    • OEM/ASL
    • Passport Advantage
    • PartnerWorld
  • Copies of all signed agreements
  • (Potentially) Copies of e-mails or other communications with IBM related to the negotiation of any license agreements