IBM CVA – Customer Verification Activity
Compliance disguised as collaboration, but you still pay for the audit.
THE IBM promotes the Customer Verification Activity program (CVA) as a modern, collaborative alternative to traditional audits. It promises 'audit protection', 'continuous optimization' and 'proactive compliance'. But here's the cold hard truth: A CVA is still an audit, and most importantly, you're the one funding it.
Let's get to the facts
IBM presents CVA as a security measure for audits. In practice, it is a continuous inspection, conducted by only four authorized companies globally. In other words:
- No competition;
- No price pressure;
- No real incentive to reduce costs or optimize contracts.
These companies were hired to monitor usage and protect IBM's revenue, not your organization's IT budget.
“You typically pay between 2% and 5% of IBM’s annual maintenance fee to participate, often for services that deliver no real savings or strategic optimization.”
The most worrying thing: you pay to participate, often for services that do not deliver real savings. And the worst part: your company is still responsible for operating and maintaining the ILMT, including all the technical and operational complexity involved
IBM presents the CVA as a safeguard for audits. In practice, it is a continuous inspection, conducted not by IBM itself, but by just four globally authorized companies: Anglepoint, Deloitte, EY or KPMG.
About ILMT and BigFix and the IBM CVA
Even with the CVA, your company remains responsible for operating and maintaining the ILMT or BigFix including all the technical and operational complexity involved such as:
- Ensure the health of ILMT agents in distributed environments;
- Manage server discovery and inventory scheduling;
- Handle exceptions and unsupported topologies;
- Working with product bundling;
- Ensure subcapacity reports are accurate and submitted on time.
In many cases, BigFix is the underlying tool for ILMT to collect data, and its correct configuration and maintenance are crucial to the accuracy of reports.
Need support for ILMT within the IBM CVA? This is charged separately, because it is not included by default.
What we have seen in practice:
We work with clients under the CVA model and review their compliance reports. The pattern repeats itself:
-
Companies declared “in compliance” were with 30% of excess licenses;
-
“Optimization” reports focus on validation of use, not in cost reduction;
-
So-called “proactive” services often boil down to periodic inventories, without a clear financial strategy.
The CVA model does not eliminate audits, it just extends them throughout the year, packaged as a service.
And it doesn't generate savings, it just ensures that IBM and its partners are paid.
With only four authorized suppliers globally, your company is locked into a process and pricing model that you don’t control.
Who really benefits from the CVA?
Why should you pay to have IBM-selected representatives inspect your environment under the guise of “collaboration”?
Why your organization should bear the costs of IBM compliance, and yet be responsible for the entire technical operation of the tools?
The truth is: there is a smarter way.
You can achieve compliance, cost control, and license optimization on your own terms, with independent visibility, market competition, and a partner that has your interests at heart, not IBM’s.
Yes, there are specific cases in which CVA may make sense — such as in merger, acquisition or major restructuring processes — but these are exceptions. Not the rule.
Final Reflection on IBM CVA
Before accepting CVA as the only alternative, ask yourself:
-
This service is really protecting my business?
-
Or is it just protecting IBM?
If you are already on IBM CVA, or are being pressured to join, talk to one of our experts. There is a more effective way to manage IBM licensing risks and costs.