A. IBM has an aggressive auditing department and strives to audit each of its customers at some point during the professional relationship. IBM seems to prioritize certain cases where it believes that there likely is a compliance gap between what its customers own and what they have installed.
A. It is not advisable for you to ignore the request. Most IBM license agreements give IBM the right to audit an organization that has its products deployed. Failure to allow the audit to proceed may jeopardize an IBM user’s right to continue using the products.
A. In many cases, it is possible and advisable to negotiate the scope and timing of a requested audit before proceeding with any data collection or other audit steps. It is important to have a clear understanding of the products, lines of business and locations to be included in an audit. Where appropriate, it is also important to break the audit into phases in order to make the process more manageable.
A. IBM’s auditors typically request on-site inspections as part of the process. However, in some instances, the auditors will consent to a verification process that is conducted remotely.
A. It is always a good idea to require IBM’s auditor to sign a confidentiality agreement protecting the secrecy of the raw data to be collected.
A. It is important for an organization to understand the potential financial impact of the audit materials prior to submitting. Additionally, if there is someone who is unfamiliar with IBM’s process, the materials could be submitted incorrectly, potentially increasing the financial exposure.
A. Unlike internal audits and IT-vendor audits, attorney-conducted audits are protected by the attorney-work-product and attorney-client privileges. This means that the audit results typically are exempt from disclosure in the event of litigation and therefore cannot be used against you or your company in court.
A. First, it is vital to carefully review the audit findings in detail. IBM's customers often do not receive all the license credit they are entitlted to, and IBM typically will agree to modify its initial demands if there is a mistake in the calucations. Sometimes, IBM’s compliance teams often do not have a complete file of all license agreements that an audited company may have signed. In many cases, the negotiated terms of a license agreement can include alternative counting rules or other variables that change the way license requirements are determined for certain products. If the auditors are unaware of those terms, then the calculated audit discrepancies likely will be inflated and erroneous.