How we helped a large manufacturing company to avoid a million-dollar audit claim
The unknown compliance risks of IBM license metric tool
Company: organization with 65,000 employees in the manufacturing industry
Case: help with an IBM audit
Cost savings: 950.000 euros
Many organizations that have installed the IBM License Metric Tool (ILMT) have a false sense of security when it comes to compliance. To meet IBM’s contractual conditions, ILMT must be set up correctly and maintained continuously, including monthly reports. Although the financial risks are considerable, managing ILMT after installation often falls off the radar quickly. Until an audit letter arrives which raises a red flag. This is also what happened at a large American organization in manufacturing. After the company received an audit letter from KPMG on behalf of IBM, they immediately reached out to B-lay requesting our IBM expertise and Software Audit Services. The moment the dreaded letter arrives, it’s actually already too late. We can no longer prevent the audit, but we can minimize the damage. That was in fact our assignment at this organization.
We started with an internal risk assessment to map all IBM products within the company. In collaboration with the organization’s IT staff, we gathered all the necessary information for IBM products in the license categories Processor Value Unit (PVU), Resource Value Unit (RVU) and User Value Unit (UVU). The conclusion of the assessment was that the company ran a risk of 700.000 euros on non- or under-licensed IBM software in the PVU category. For RVU and UVU products, the risk was 250.000 euros. In total, therefore, the contract arrears amounted to 950.000 euros – and these are purely based on the IBM products included in ILMT. The tool, even with the help of IBM technicians, was not implemented correctly three years earlier, so no proper reporting could be created. IBM requires its customers to report for at least the past two years, under penalty of a fine. The actual risk was therefore even higher.
Digging deeper in the systems and infrastructure we encountered a number of other issues that turned out positive for the organization. Following a number of changes in the system infrastructure, the licenses of IBM product Cognos were not correctly counted by ILMT for a year. In reality, the company needed far fewer PVU licenses than what they paid for. In addition, we found that the organization was, contrary to what ILMT indicated, compliant for Tivoli Storage Manager for Databases (now known under the new name IBM Spectum Protect for Databases). Because of an automatic facility in AIX a number of hosts that the company did not really need were rolled out. The system administrator corrected this after two months on the servers concerned and removed the installation, but the agents were not able to provide ILMT with an update. The tool therefore indicated that the organization had purchased too few licenses for this software.
Finally, the customer had migrated Tivoli Storage Manager hardware with vCenter software, resulting in incorrect record keeping of CPU usage in ILMT. Fortunately, the system administrator had kept detailed reports himself, that could be used as evidence that ILMT did indeed report incorrectly. IBM does not formally accept this type of own administration, but in this case it formed the basis for negotiations with IBM at a later stage.
Business impact and results
At the end of this exercise it was clear that the customer had too few licenses for certain IBM products and too many for others. As a result, the final risk did not exceed 100.000 euros – a significant difference compared to the nearly 1 million euros it initially seemed to be. Moreover, the organization had a long and good relationship with IBM, which helped during the negotiations and brought a substantial discount. As a result, the financial damage for the organization ended up being limited. This example demonstrates that an audit letter does not necessarily need to mean the situation is hopeless. Those who immediately take action can significantly reduce the financial consequences or even prevent them altogether.
Another positive consequence of our intervention is that managing ILMT now also has become a priority within the client organization. In the end, our analyses have not only shown that compliance risks can be minimized, but also that unnecessary spending is brought to light through proactive licensing management.
“When we installed the IBM License Metric Tool, we thought that it would spare us a lot of hassle in managing our software licenses. We couldn’t be more wrong. The moment IBM sent us an audit letter, we immediately reached out to B-lay for support – and I’m glad we did, as they helped us avoid a million-dollar audit claim.”