When first contacted by IBM for a "compliance review" (read: software audit), many business owners simply assume that the scope of the requested audit is within IBM’s rights under applicable licensing agreements. Alternatively, if they do request that IBM identify the basis for the audit demand, they take it at its word that those rights are described accurately in the current, standard-form license agreements. This is a mistake.

The very first step that a business owner should take after being contacted by IBM for an audit (other than calling the company’s attorney) is to collect and read the various license agreements that the company signed with IBM. Admittedly, in many cases, this is no easy task. Many businesses rely and have relied on software published by IBM for mission-critical business operations for years or even decades. Those agreements may have been signed either directly with IBM or with one of the numerous, smaller competitors that IBM has acquired through the years. The resulting "document soup" can be a difficult meal to digest.

However, that contract-review process is vital. IBM’s current, standard-form agreements give the company immensely broad audit and compliance-resolution rights that border on being punitive for companies found to have overdeployed IBM software on their computers. By contrast, earlier agreements, if they included audit rights at all, often were much more limited in terms of scope or in terms of remedies for non-compliance. As long as IBM did not have the unilateral right to amend those agreements without the licensee’s consent, and as long as the licensee did not subsequently agree in writing to more onerous audit language, then in some cases it may be possible to significantly mitigate the exposure related to a requested IBM audit by demanding that the audit conform to the scope of rights included in the written agreements.

Knowledgeable counsel can help both to interpret the effect and significance of license agreements and to advise regarding the implications of insisting on compliance with those agreements.