The customer, a UK-based retail company, had a large IBM and Oracle software estate. Easy access to software and user-controlled deployment encouraged over-usage, potentially leading to a significant exposure due to under-licensing.
In 2018, the UK retailer engaged Fusion5 (formerly IntegrationWorks) to review their integration product stack, assess the existing deployments through system and integration testing, and address any licensing gaps before an official audit is organised.
Most vendor license agreements allow the right to audit their clients at any point in time. They often require the customer to prove they have been using the vendors’ approved monitoring tools and provide software usage reports to prove their compliance. IBM recommends a tool called License Metric Tool (ILMT), and it is down to the customer to install, continuously maintain it and produce the compliance reports. Oracle customers are required to run data measurement tools on their servers as well and share the resulting output logfiles with Oracle.
In 2020, IBM announced that their auditors, KPMG, were going to audit the customer. Shortly after, Oracle kicked off a licensing audit as well.
Although the client soon realised that the integration software was managed accurately and the correct information shared with the auditors, the rest of the state, which had not undergone thorough system and integration testing, was not as it’s been managed by another solution provider. Following the inaccurate information the client supplied to the auditors, a significant penalty was identified. The combined liability for the two vendors totalled £37 million. The retailer asked Fusion5 (formerly IntegrationWorks) to provide auditing advisory services to help them navigate through the audit and negotiate the crippling penalty.