Regarding IBM Audit

[sunosoft]

Hi All,

anybody having idea on how IBM does audit ?

Did anybody here face IBM' audit ? If yes please share your thoughts.

As an administrator what are the things that someone should be ready with for IBM's audit.

[bdbits]

It takes forever, and you need to argue with them a lot. ;-)

They will probably install on one of your servers a licensing compliance tool they have developed. It will scan your Cognos installs, and pull out a bunch of information on your configuration. Then they will throw out a lot of questions to try and get you to agree you owe them more money. Know how you are licensed and why you made the settings changes you did. Answer them honestly, but stand your ground as they will try and elevate usage to the highest (i.e. most expensive) level they can to extract additional dollars. If you can make a good argument why you did something they don't like, you may get them to back off a little. In the end, you are likely to pay something since even IBM people have trouble deciding how to interpret the license agreements, so it is almost impossible to be 100% compliant. That is my opinion anyway.

Good luck. It's a long, tedious, annoying process.

[sunosoft]

Thanks a lot dbbits. You gave very good information.

Will they inform before coming for Audit ?

[bdbits]

They did here, though I do not think it was much advance notice and I am not too sure that they have to notify you in advance. I should note am not an admin here and he knew more what was happening than I did, but we talk a lot and I had to answer some of the questions that came from the auditors.

[sunosoft]

ohh ok.

Thanks a lot for sharing your experience.

[MFGF]

I am pretty certain the SLR (Software License Review) people from IBM will always provide notification before any review takes place. They need to have access to the relevant infrastructure and people in your organization, so it wouldn't make sense for them to turn up unannounced.

Cheers!

MF.

[sunosoft]

Hmm. Thanks for the reply MF

[simon.hodgkiss]

IBM contracted KPMG PWC to run the audit at my organisation in August 2013.  Results were finalised in December I believe.

In our case, there was some back and forth between Auditor and Auditee over the findings, as both parties tried to understand the results of the audit.  Personally I think there is a fair bit of art as well as science that goes into the process.

The tool that KPMG asked us to use as part of the audit was the MotioPI product.  You may wish to take a look, if it helps.  Presumably IBM had approved its use for this purpose.

http://www.motio.com/content/motiopi-cognos-administration-tools

Simon

[Suraj]

IBM doesn't audit themselves most of the time.
They do give notification ahead but don't do something to hide knowingly to avoid license fees otherwise you'll be in more trouble.
If there is wrong configuration, sure fix it but if you are using licenses that you are have to have for business, just pay for it.
We had 3rd party for audit and it was a mess mostly because of poor knowledgeable team of that vendor.

[sunosoft]

Hi Suraj, simon

Many thanks for your reply.