Let’s face some facts everyone. You’re going to undergo a software publisher audit(s) and most likely one of those publishers will be IBM. It’s also highly likely that some non-compliance issues will be found, resulting in unbudgeted expenditure for additional licenses and/or fees – but does that have to be the case? As a former auditor, I wanted to share a few of the common mistakes that I witnessed in almost every IBM Audit with which I was involved.

#1 Not having ILMT installed or being unaware of the contractual terms around ILMT. Stop me if you’ve heard this before, but if you are going to take advantage of IBM’s Sub Capacity Pricing Model (licensing the virtual machine versus the full physical server), you will need to install IBM’s License Metric Tool (ILMT). What some organizations do not seem to be aware of is this is a requirement, not something that is optional! Whether you knew it or not, on a recent software purchase or software renewal, you agreed to IBM’s Passport Advantage Terms and Conditions, which included the usage of ILMT. Too many times I have heard that the customer has never heard of ILMT and that no one was notified of this requirement. Well, the reality is this is not true – a notification went to someone that was specified in Passport Advantage to receive these types of communications.  It may have been sent to someone who truly didn’t understand the implications and did nothing with it, but it was sent. IBM keeps a record of these contacts and communications and they can, and will, provide this to you upon request.

Unfortunately, ignorance is not an excuse when it comes to an audit.

Yes, the idea of installing, configuring, maintaining and validating the data is a daunting task and does not come without a price. However, the cost of this should be recouped in the first year or two depending on how much IBM software you are using.

Fortunately, if you do not have the necessary resources internally to install, configure, maintain and validate the data, there are qualified companies like Siwel that you can reach out to for assistance.

#2 Configuring your Cognos environment incorrectly.  Another issue that I observed consistently was a Cognos environment that was not installed and configured correctly from the get go. Unfortunately, checking off a wrong box here or there often resulted in large compliance exposures, intentional or not. Many of IBM’s customers may not be knowledgeable or may be confused as to how to license Cognos - which is done according to the modules each user has access to. All too often a group of users from Active Directory were given access to modules they did not need. If IBM did the initial configuration of your Cognos environment, it is a good practice to keep that documentation, as IBM may have been at fault in this situation. Recently, IBM has tried to create fewer licensing options, but the confusion remains.

Most IBM customers are unaware that Cognos version 10 has built-in audit functionality. This can be installed so that your Software Asset Manager can review and validate usage for Cognos throughout its useful lifecycle. Learn about it, install it and love it.

#3 Not having a software discovery tool in place.  Many organizations didn’t have a software discovery tool, or the right tool, in place prior to the publisher audit. While ILMT (if installed) covers Processor Value Unit and some Resource Value Unit licensing, what about the other license models?

This resulted in only a couple of options available to the customer:

  1. Complete the data request manually
  2. Utilize the auditor’s discovery scripts

Obviously, option #1 is not favorable as it comes with many potential issues such as human error, missing installations completely and its laborious nature.

Option #2 is not much better as this involves somewhat intrusive auditor scripts that discover the whole installed software stack and usually are run across the entire server environment; especially if you do not know exactly where your IBM software is installed, which is likely if you do not have a software discovery tool already in place.

I hope you can take my experiences, learn from them, be prepared for and survive your next software publisher audit!