Settlement Structuring for IBM Audits

By 
Scott & Scott LLP

IBM sign

Image by Patrick

Software-compliance audits initiated by IBM can be extremely burdensome and time-consuming and can force companies to face challenges that are somewhat unique among major-publisher audits. For one example, a significant component of IBM’s business model is the acquisition of other software vendors and the integration of those vendors into IBM’s product portfolio, which can complicate the task of identifying the appropriate license metrics and entitlements owned. For another example, companies seeking to license IBM products based on processor resources in virtualized environments must use IBM’s License Metric Tool (ILMT) in order to avoid licensing the products based on the full capacity of the host infrastructure. The ILMT question can become a significant satellite issue to explore during an audit, and failure to demonstrate compliance can yield substantial licensing exposure.

However, once all of the data-collection and license-reconciliation tasks have been addressed, IBM’s auditors will generate a final audit report, and IBM will prepare a proposal to resolve the audit findings. At this stage, companies will need to turn their attention on structuring an appropriate settlement framework that definitively resolves all calculated license shortfalls as well as all, underlying licensing concerns that may have contributed to an imperfect outcome.

Here are some important subjects to keep in mind when negotiating the resolution with IBM:

• Fair Purchasing Options

IBM’s default audit resolution typically will incorporate a requirement to purchase licenses equal in kind and quantity to any license shortfalls calculated during the audit. Thus, if a company was found to be over-deployed for WebSphere Application Server (WAS) by 1,000 Processor Value Units (PVUs), IBM will require the company to purchase 1,000 PVU license for WAS. In addition, IBM also usually will require the company to purchase two years of retroactive support for the shortfall license quantity. However, there often are a number of opportunities to maximize the value of the audit resolution:

(1) Minimize Retroactive Support.

If the company can demonstrate that product installations associated with license shortfalls were deployed within the two years prior to the audit, then that information should be discussed in order to reduce the amount demanded for retroactive support.

(2) Reduced or Compromise Purchase Quantities.

Audited companies should not hesitate to request compromises associated with inadvertent licensing shortfalls. For example, if a compliance problem resulted from the company’s failure to deploy and use ILMT, then the company should seek to reduce the number of licenses to be purchased for the product in question, provided either that the products are re-deployed or that ILMT is installed following settlement. These arguments sometimes are more compelling when the company can demonstrate unsuccessful attempts to satisfy the licensing requirements prior to the audit. Furthermore, they can be especially compelling when the company can demonstrate that IBM had an opportunity to advise the company regarding the compliance concern prior to the audit – and failed to do so – or that IBM had an affirmative obligation to satisfy the licensing requirement (such as through a statement of work for implementation services).

(3) Substitute Products & Services.

Whenever a quantity of licenses included in an audit settlement demand would address calculated shortfalls without providing prospective value to the company (for example, because the software either can be re-deployed or uninstalled following settlement), the audited company should seek to substitute those purchase quantities with alternative purchases consistent with the company’s go-forward needs. This approach typically is easiest for IBM to accommodate when licenses for one product are to be substituted with licenses for another product that was not found to be a compliance problem during the audit. IBM also has a strong desire to transition business to a cloud-services model, and it also may be willing to substitute those services in place of a perpetual-license demand. However, IBM’s hardware and professional-services offerings usually are not accepted as substitute purchases.

(4) Strategic Pricing Discounts.

Never underestimate the power of direct negotiations between business teams. IBM may be willing to offer further discounts if it perceives an opportunity to become a strategic vendor for the audited company. This can be especially true for companies willing to commit to subscription or other ongoing service-delivery relationships with IBM.

• Post-Settlement Compliance Obligations

Any product-specific compliance problems outside of license shortfalls that were identified during the audit need to be definitively resolved through the audit settlement.

The most obvious item falling within this category would be a prospective need to deploy ILMT. Large organizations especially may be unable to install and configure the tool quickly following settlement of an audit. Therefore, the audit close letter or settlement agreement needs to define the post-settlement ILMT deployment obligation, providing for sufficient time to complete the project. It also may be advisable to seek IBM’s commitment to support the ILMT implementation and to allow for additional time to complete the project, provided that the company has made reasonable progress toward completion.

Another item to keep in mind here would be any compliance concerns that may have resulted from IBM’s acquisition of a vendor from which the audited company previously may have purchased licenses. If there were any licensing allowances granted by that vendor prior to the acquisition, then the audit close letter should address whether and to what extent those allowances will be carried forward, either to facilitate the company’s continued use of pre-acquisition versions of the software in question, or to transition to post-acquisition versions of that software.

• Release, Forbearance and Other Legal Terms

Finally, it is critical to ensure that the audit settlement really is a complete settlement of all issues reviewed through the audit process. This means including a strong release of past liability in the audit close letter or settlement agreement that includes all audited products and business operations. It also means seeking a reasonable period of audit forbearance following the audit, so that the company has time to adjust its software-asset management procedures in preparation of the next licensing review. In addition, if any licenses need to be assigned from one organization to another within the company’s enterprise in order to ensure co-forward compliance, those issues also should be resolved with the audit settlement.



Are Artificial-Intelligence Software Audits Around the Corner?

By Christopher Barnett
Scott & Scott LLP

Recent weeks have seen a number of news reports and announcements indicating that the Next Big Thing for audits – financial audits, at least, for the time being – is the use of artificial intelligence technologies to facilitate the analysis of large volumes of data in the context of audit-related activities. KPMG’s recent announcement was particularly noteworthy from my perspective, because it indicated that the audit firm would be deploying IBM’s Watson “cognitive computing technology” to KPMG’s professional services offerings. According to the announcement:

One current initiative is focused on employing supervised cognitive capabilities to analyze much larger volumes of structured and unstructured data related to a company’s financial information, as auditors ‘teach’ the technology how to fine-tune assessments over time. This enables audit teams to have faster access to increasingly precise measurements that help them analyze anomalies and assess whether additional steps are necessary.

IBM is, of course, one of KPMG’s biggest software-auditing clients. Big Blue regularly entrusts enterprise-level audit projects to the firm for project-management, data-collection and data-analysis responsibilities.

All of these recent reports mention that the AI technologies currently are being contemplated for use in connection with financial audits. However, it is not at all difficult to imagine the same or similar tools being put into use in connection with software audits, which for larger organizations also can require auditors to process vast quantities of deployment and usage information. In that context, KPMG’s and IBM’s announcement is potentially troubling.

Auditors like KPMG and Deloitte typically characterize their roles in software audits as being independent collectors and analyzers of data. From this writer’s past experience, such assurances do not always seem to align with the standard operating procedures for many audits, where doubts of all degrees almost always are resolved in favor of the software publishers paying the auditors’ bills. However, that concern would be compounded if, in the future, auditors were to merely feed deployment data into an AI tool developed by the publisher of the products being audited and to then transmit the output to IBM. Under those circumstances, the auditors arguably would be nothing more than project planners and button-pushers.

Furthermore, we increasingly are seeing auditors insist on broad rights to “access” their customers’ computers during audits, and we also have started to see indications that some publishers may be moving toward requiring the use of specific tools to measure usage during audits. Companies need to realize that any such access or tool-deployment rights in publishers’ favor almost certainly would run counter to licensees’ best interests. Such terms must be avoided at all costs.

It will be very interesting to see in coming years how new developments in technology change the scope of software audits and processes they entail.



Legal Risks of IBM Licensing – Webinar

Scott & Scott Intellectual PropertyIn a Scott & Scott webinar, partner Julie Machal-Fulks will discuss some of the challenges that organizations encounter when trying to ensure compliance with their IBM license agreements. The one-hour event will be Wednesday, Jan. 20, 2016, beginning at 11 a.m. CST.

Because IBM products like WebSphere, DB2, Tivoli, Informix, and Lotus Notes are expensive, and companies cannot easily or quickly verify compliance, the risks associated with IBM licensing can be severe, the firm says. For example, if a company is trying to license under IBM’s Sub-Capacity license rules and fails to adhere to all of the requirements, IBM often demands enough licenses to cover the full capacity of the computers on which the software is installed.

In some instances, the costs associated with non-compliance can be tens of millions of dollars. Proper licensing is critical to avoid unexpected liabilities.

The following topics will be covered in the webinar:

  • Licensing obligations for IBM software
  • Determining what agreements govern the relationship
  • Sub-Capacity Licensing
  • ILMT
  • Virtualization and Load Balancing
  • How IBM acquisitions affect licensing
  • Audits

Register for the webinar.