When an organization receives notice of an IBM audit the wording is generic. This is intentional as the auditor doesn’t know what you have and will want as much latitude as possible to search for compliance gaps.
It is in the interest of the organization being audited to develop a project scope statement and negotiate what is included in that statement. Time spent on this can significantly reduce the effort and final settlement costs with IBM later.
Outlined below are a list of areas you should consider when developing you scope statement for an IBM license audit. You may not get all the concessions, but you won’t know until you ask.
Entities under Review
A list of the legal entities being audited should be defined. You may be able to make an argument to exclude an entity from the audit. If it has only recently been acquired or divested. Or it had recently undergone an audit.
Locations or Geographies included in audit
All countries in which you are trading are included by default in an IBM audit. You may be able to exclude certain locations if you can argue they are covered by a separate IBM agreement. E.g. Japan.
You may also be able to exclude certain locations if it will be particularly difficult to collect the required information or there was a recent audit carried out locally.
Passport Advantage Sites
Ask the auditor to provide a list of the Passport Advantage (PA) site numbers that will be included in the audit. This determines the products and license entitlement they auditor will be focused on. It is not unusual for PA site to be missing from the list. It will be a decision for you if you want to include them or not.
IBM Products in scope for audit
An IBM auditor will say all products deployed (not just in use) by the client. You will want to turn this into a specific list of products. It is usually acceptable to the auditor the products listed in your PA sites are the ones in scope. You will want to make it clear that unless a product is specifically listed it is not in scope for audit.
Products measured by ILMT
You may be able to reduce the IBM products in scope for an audit even further by negotiating with the auditor to focus on products that can be measured by ILMT.
ILMT tracks the deployment and usage of products with a PVU, RVU or similar core-based metric. They are usually the products with the highest risk due to sub-capacity license rules. They are also considerably easier to collect deployment information on than user-based products. Where time or resources are an issue an auditor (with agreement of IBM) may make this concession.
Specific Enterprise Applications
You may be able to exclude certain enterprise applications from a standard license audit. Common reasons include:
- Unusually complex license metric
- Specialist skills required but not available to prepare evidence
- Low risk of compliance gap
- Sold by a different business unit in IBM
Products to exclude by default
Unless there is a very compelling reason you should look to exclude these product categories from the audit to save everyone time and resources
- SaaS Products
- Artificial Intelligence Products
- Hardware, Systems and Appliance Products
- Red Hat Products
It is in the interest of the organisation getting the IBM license audit that they document the scope. Very often you can negotiate with the auditor to reduce scope once documented. This will reduce the effort for all concerned. It also may remove a product you are under licensed for.