IBM CVA – Customer Verification Activity
Continuous auditing and yet your company bears the costs
THE IBM promotes the Customer Verification Activity program (CVA) as a modern, collaborative alternative to traditional audits. It promises 'audit protection', 'continuous optimization' and 'proactive compliance'. But here's the cold hard truth:
- CVA remains an audit.
- And most relevant: It's your company that finances everything.
Let's get to the facts
IBM presents the CVA as a safeguard for audits. In practice, it is a continuous inspection, conducted not by IBM itself, but by just four globally authorized companies: Anglepoint, Deloitte, EY or KPMG.
I.e:
- No competition;
- No price pressure;
- No real incentive to reduce costs or optimize contracts.
These companies were hired to monitor usage and protect IBM's revenue, not your organization's IT budget.
“You typically pay between 2% and 5% of IBM’s annual maintenance fee to participate, often for services that deliver no real savings or strategic optimization.”
The most worrying thing: your company pays to participate, often for services that do not deliver real savings. And the worst part: you are still responsible for operating and maintaining the ILMT.
About ILMT and BigFix and the IBM CVA
Even with the CVA, you are still responsible for operating and maintaining the ILMT or BigFix, including all the technical and operational complexity involved, such as:
- Ensure the health of ILMT agents in distributed environments;
- Manage server discovery and inventory scheduling;
- Handle exceptions and unsupported topologies;
- Working with product bundling;
- Ensure subcapacity reports are accurate and submitted on time.
In many cases, BigFix is the optional tool to ILMT for data collection, and its correct configuration and maintenance are as complex as ILMT and crucial for the accuracy of reports.
Need support for ILMT within the IBM CVA? This is charged separately, as it is not included by default.
What we have seen in practice:
We work with clients under the CVA model and review their compliance reports. The pattern repeats itself:
- Companies declared “in compliance” were with 30% of excess licenses;
- “Optimization” reports focus on validation of use, not in cost reduction;
- So-called “proactive” services often boil down to periodic inventories, without a clear financial strategy.
The CVA model does not eliminate audits, it just extends them throughout the year, packaged as a service.
And it doesn't generate savings, it just ensures that IBM and its partners are paid.
With only four authorized suppliers globally, your company is locked into a process and pricing model that you don’t control.
Who really benefits from the CVA?
Why should you pay to have IBM-selected representatives inspect your environment under the guise of “collaboration”?
Why your organization should bear the costs of IBM compliance, and yet be responsible for the entire technical operation of the tools?
The truth is: there is a smarter way.
You can achieve compliance, cost control, and license optimization on your own terms, with independent visibility, market competition, and a partner that has your interests at heart, not IBM’s.
Yes, there are specific cases in which CVA may make sense, such as in merger, acquisition or major restructuring processes, but these are exceptions. Not the rule.
Final Reflection on IBM CVA
Before accepting CVA as the only alternative, ask yourself:
- This service is really protecting my business?
- Or is it just protecting IBM?
If you are already on IBM CVA, or are being pressured to join, talk to one of our experts. There is a more effective way to manage IBM licensing risks and costs.