Oracle is not the only software company accused of using predatory audit tactics to drive sales of its software products. In 2013 an IBM employee named Paul A. Cimino filed a whistleblower suit under the False Claims Act alleging that IBM used an audit of its customer the Internal Revenue Service ("IRS") to fabricate alleged areas of non-compliance. In 2018 the Complaint was unsealed, and IBM moved quickly to dismiss the Complaint. Unfortunately, the District Court bought IBM's argument that the Complaint did not adequately plead fraud in the inducement, and dismissed the lawsuit. Mr. Cimino appealed to the D.C. Circuit Court of Appeals and the appeal appears to now be fully briefed. I am rooting for Mr. Cimino and his lawyers and truly hope that this injustice can be rectified, if the facts as pleaded are true. Until software companies using predatory and unfair audit tactics to drive software sales are held to account in a court of law, the bad behavior will only get worse.
The facts alleged in the Complaint about IBM's conduct are appalling. According to the Complaint:
Each day we see cases where software companies vastly inflate audit findings in a transparent attempt to obtain leverage over their customers, and force a large software purchase. There are strategies that can be employed before and during the audit to mitigate the risk of such excessive findings. Unfortunately many companies are "penny wise and pound foolish" and don't seek professional help before or during the audit, but instead wait till the issuance of the final audit report. This is a mistake.
Enterprise software customers really need to be proactive in managing their licenses well before the audit notice arrives. And do not let software companies use the audit as a tool to force your company to give up older and perhaps more favorable licenses. In our experience, enterprise software companies sometimes use audits to try to push their customers to migrate from older, more favorable licenses to ones that are better for the licensor. Companies buy perpetual licenses for a reason and should be skeptical of software vendors using inflated audit findings to force a customer to give up valuable contractual rights.
If a software company tells you that they are going to conduct a friendly audit to right size your IT footprint and to optimize your licenses, this should be an immediate red flag. Enterprise software companies are not out to help you, but only to sell more software. Plaintiff here alleges that IBM tried this very trick with the IRS. The IRS also made the mistake of telling IBM too much about its future plans, including that the IRS planned to move off IBM. According to the Complaint, IBM then used this knowledge against the IRS to force it into a new and more expensive contract.
Sometimes software vendors will hire third parties to conduct the audit. And that is what apparently happened here, with IBM hiring Deloitte as the auditor. Oracle on the other hand usually likes to conduct its own audits, through its License Management Services ("LMS") Group.
Before the audit is commenced, the licensee should hammer out the scope of the audit and set some ground rules. Be proactive, take control and most importantly, stand strong. Software vendors do not like squeaky wheels, and prefer easy targets. The more you push back and the harder you make it for the software company, the less likely the software vendor will be to target you in the future.
The Cimino Complaint alleges that the initial audit results found very little in terms of non-compliance. Plaintiff then alleges that IBM "suppressed" these results and "began to look for ways to artificially inflate them". Remember this is an IBM employee who worked on the software deal with the IRS who is making these allegations. According to the Complaint:
We also have observed software companies employing similar tactics during audits. In fact, it is our opinion that this is why Oracle usually comes up with a huge shock number in its Final Audit Report. Oracle does not quantify the shock number in the Final Report but just identifies the number of licenses Oracle claims the customer is under licensed. Oracle leaves it to the licensee to "do the math". In our opinion, this is all part of the Oracle playbook to create leverage for the follow-up by the Oracle Sales Team, which works hand in hand with the Oracle auditors.
The Complaint alleges that in order to avoid paying these penalties, the IRS agreed to enter into a new five-year deal with IBM, at a total cost to the government of $265 million. As a taxpayer and citizen this should be offensive to everyone, if true.
Cimino asserts that the IRS agreed to a new deal with IBM in order to get out from under the audit penalties and the fraudulent audit findings. We see this all the time in our practice. Enterprise software customers will enter into new deals with the software vendor to get out from under the huge "shock and awe" compliance gap. How about an Oracle ULA, anyone? In fact, technical consultants in the industry see the same fact pattern so often that they write extensively about it. Not just private companies fall for this trap. Municipalities and other government agencies also are extremely vulnerable to such tactics.
But in dismissing Cimino's Complaint, the Judge did not find it credible that the IRS would enter into a new and more expensive contract with IBM just to get out from under the audit penalties. Unfortunately the district court judge doesn't understand how these software companies work their customers over during audits. The entire process is designed to strike fear and uncertainty in the hearts of the software customer, and to rush the company into a quick sale to resolve the audit. Also by entering into the new contract with IBM in exchange for having the audit penalties waived, IRS management could basically bury the alleged non-compliance from public view. The penalties would be waived and the IRS would simply be entering into a new enterprise agreement. In other words, nothing to see here and the responsible parties within the IRS would not need to explain to others higher up in the organization or in the federal government why they were allegedly non-compliant. Who in IRS management could predict that an honest employee within the IBM organization itself would be so troubled by the predatory audit practices that he would blow the whistle and file a False Claims Act lawsuit against his employer IBM?
According to the Court, Relator (Cimino) failed to plead causation and to show that the fraudulent audit findings was what induced the IRS to enter into the new contract. As a result, the Court dismissed the Complaint:
Well Judge, you may not believe it, but I do. I think that the Court is wrong here. The Complaint pleads that it was the fraudulent audit findings and the desire to get out from under the audit findings and related penalties that drove the IRS to enter into the new contract. The IRS believed that it was non-compliant in reliance on what IBM and Deloitte were telling them. This is pled clearly in the Complaint. The government in its brief agrees:
In my view, this extremely important whistleblower suit should never have been dismissed at the pleading stage. Cimino should be given the opportunity to take discovery and go forward with his case. Cimino's brief says it best here:
Victims do not always admit they have been defrauded. That rings so true. Give Mr. Cimino his day in court and the chance to prove up his case.
Whether you are a Fortune 500 company or a municipality or governmental entity, you can be a victim of predatory audit practices by aggressive software vendors. We help companies and governmental agencies to fight back against such tactics.
The case is Paul A. Cimino v. International Business Machines Corporation, case number 1:13-cv-00907, in the U.S. District Court for the District of Columbia. Tactical Law will continue to monitor the case. Check our blog for further developments.
Originally published 20 June, 2020
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.