Voted Best Answer
Jan 20, 2017 - 03:25 AM
IBM stated in its Passport Advantage agreement (Clause 1.14 Verification) that it will use an "Independent Auditor" to verify the customer's use of its software - many other vendors don't use the "i" word (often "third-party auditor", "public accountant", "CPA", "Selected Partner") so indeed this backfires on IBM very oftenly.
However I am sure in a lawyer's eyes "independence" has its context and boundries. After Enron which brought Big Five down to Big Four today - most accountancy firms deploy rigrous conflict verifictaion exercise to ensure that their status of independence for each engagement meets their primary regulator's independence requirements (e.g. ICAEW - Institute of chartered accountants england and wales).
The grey is often between the regulated level of independence, and the percieved / expected level of independence from general public and clients.
In reality, we would only advice client to object a licence audit requst from IBM on the basis of CoI if its selected licence auditor actively holds external (statutory) audit or internal audit relationship with the client, and in most cases IBM will revert back to its alternative auditor. There are cases where both IBM's licence auditors were engaged with a target client in external / internal audit activities - and the outcome (whether to continue the licence audit) vary between countries depend on local regulation and legal requirements.
I will also be interested to see your view on the other major vendor's auditing practice - as far as I know - Oracle and SAP have always used internal teams to conduct audits, with Microsoft using a mixture of internal / external resources. Most of these audit teams are rewarded based on how much they can find (while IBM claims its auditors are rewarded on a T&M basis with no association to findings).