Q: How long does the audit process usually take?

A: The IBM audit process can take a few months to a year or more, depending on the size of the network or products and services used by the company being audited by IBM. While IBM likes to say that its audit process is not disruptive to a company’s business operations, the audit process can be extremely expensive and use significant resources. Hiring experienced legal counsel can help minimize business interruptions due to IBM’s audit process.

Q: How long can IBM audit a company after a transaction document expires or is terminated? ?

A: In most contracts, IBM includes an audit clause that requires a company to keep records of its system and tools for an independent auditor to verify compliance with its licensing rules. IBM requires compliance during the time of the agreement and while the customer continues to use the IBM products. For example, in some instances in IBM contracts, the duty to comply with licensing obligations remains in effect for up to 2 years after the contract has been completed or terminated and the products are no longer in use.

Q: Why am I being audited now?

A: IBM has an aggressive auditing department and strives to audit each of its customers at some point during the professional relationship. IBM seems to prioritize certain cases where it believes that there likely is a compliance gap between what its customers own and what they have installed.

Q: Can I ignore IBM’s audit request?

A: It is not advisable for you to ignore the request. Most IBM license agreements give IBM the right to audit an organization that has its products deployed. Failure to allow the audit to proceed may jeopardize an IBM user’s right to continue using the products.

Q: If I am audited by IBM, can I negotiate the timing and scope of the audit?

A: In many cases, it is possible and advisable to negotiate the scope and timing of a requested audit before proceeding with any data collection or other audit steps. It is important to have a clear understanding of the products, lines of business and locations to be included in an audit. Where appropriate, it is also important to break the audit into phases in order to make the process more manageable.

Q: The auditors are requesting an in-person meeting. Should I proceed with the meeting?

A: IBM’s auditors typically request on-site inspections as part of the process. However, in some instances, the auditors will consent to a verification process that is conducted remotely.

Q: Is there anything my company should do before allowing the auditors access to information?

A: It is always a good idea to require IBM’s auditor to sign a confidentiality agreement protecting the secrecy of the raw data to be collected.

Q: I am confident that my company has all the licenses it needs, and I just want to get this resolved as quickly as possible. Should I give IBM and its auditors all the information they are requesting?

A: It is important for an organization to understand the potential financial impact of the audit materials prior to submitting. Additionally, if there is someone who is unfamiliar with IBM’s process, the materials could be submitted incorrectly, potentially increasing the financial exposure.

Q: What are the benefits of an attorney-conducted software audit?

A: Unlike internal audits and IT-vendor audits, attorney-conducted audits are protected by the attorney-work-product and attorney-client privileges. This means that the audit results typically are exempt from disclosure in the event of litigation and therefore cannot be used against you or your company in court.

Q: I submitted my audit results, and IBM now is demanding that my company pays millions of dollars in licensing fees to resolve the matter. What should I do?

A: First, it is vital to carefully review the audit findings in detail. IBM's customers often do not receive all the license credit they are entitlted to, and IBM typically will agree to modify its initial demands if there is a mistake in the calucations. Sometimes, IBM’s compliance teams often do not have a complete file of all license agreements that an audited company may have signed. In many cases, the negotiated terms of a license agreement can include alternative counting rules or other variables that change the way license requirements are determined for certain products. If the auditors are unaware of those terms, then the calculated audit discrepancies likely will be inflated and erroneous.