IBM goes down in flames in audit whistleblower suit before D.C. circuit court

IBM goes down in flames in audit whistleblower suit before D.C. circuit court

Paul Cimino blew the whistle against IBM as a result of a predatory software audit conducted on the Internal Revenue Service ("IRS").

Published on 7th July 2021

Readers of this blog will remember that I previously posted on the shocking case brought by whistleblower Paul Cimino against IBM arising out of a predatory software audit conducted by IBM of the Internal Revenue Service (“IRS”).   Although Cimino worked for IBM he was apparently so horrified by IBM’s complete fabrication of non-compliance findings in order to force the IRS into a new and more expensive ($265 million to be exact) license agreement that he blew the whistle and filed a claim under the federal False Claims Act (“FCA”).

The district court dismissed the key fraudulent inducement claim finding that it was not credible that the IRS would enter into a new and more expensive contract with IBM just to get out from under substantial audit penalties.   The D.C. Circuit Court of Appeal disagreed and found that Mr. Cimino had plausibly alleged that “but for” the fraudulent audit, the IRS would never had entered into the new license agreement.  The court remanded the case back to the trial court for further proceedings. This is a big win for Cimino and although decided under the FCA, can be instructive for all those companies out there who have suffered through predatory audits by major software publishers.

The Court explained the case as follows:

“This qui tam action began when Paul Cimino filed a complaint alleging that IBM violated the FCA. As a former senior sales representative for IBM, Cimino helped sell software to the IRS. Based on knowledge acquired on the job,  Cimino alleged that IBM fraudulently induced the IRS to enter a $265 million license agreement for “unwanted, unneeded” software.

Faced with the possibility of losing significant revenue, IBM allegedly devised a scheme to pressure the IRS into another long-term deal. IBM planned to conduct a “friendly” audit, anticipating that the IRS was overusing the software and therefore would owe a significant amount in compliance penalties. IBM would then leverage the penalties by offering to waive them in exchange for a new agreement.

IBM retained Deloitte LLP to perform the audit.  Contrary to IBM’s expectations, Deloitte’s initial audit showed the IRS was not significantly overusing the licenses and owed only $500,000 in compliance penalties—a relatively small amount for a contract of this size. IBM never released these audit results to the IRS. Instead, IBM worked with Deloitte to manipulate the results. For example, IBM counted licenses on discontinued servers as in constant use, even though they were never used. Deloitte first presented the number of overused licenses from this manipulated audit to Adam Kravitz at the IRS. Cimino alleged that “Kravitz rejected the audit findings because, in his words, ‘IBM cannot substantiate that the IRS is out of compliance.’”  IBM then manipulated the audit again to show an outstanding $292 million in compliance penalties. IBM shared this number with the IRS, despite the fact that one IBM employee considered the number “ridiculous,” and another “was ‘not comfortable representing’ that number to the IRS.”

As we have warned before, avoid “friendly” software audits by software publishers as there is nothing friendly about them.  If Oracle or IBM or whatever software company wants to conduct an audit, then they should issue a formal audit notice and do so.  These “friendly” audits are often nothing more than fishing expeditions where the sales team hopes to turn non-compliance findings into a big payday and a big contract.  Licensees should stand on their contractual rights and not fall into these traps.

Another interesting aspect of the case is how IBM allegedly was attempting to charge the IRS by claiming licensing fees for non-use of the IBM software.  The court pointed to allegations that IBM claimed fees for discontinued servers for constant use even though they were never used.  We see similar attempts by Oracle and others to charge customers a licensing fee on servers where no Oracle software is being used, such as in the case of Oracle’s expansive VMware assertions, which involve non-contractual and non-binding policies.  Customers under audit should carefully review license agreements and challenge during audit resolution negotiations policies that are not expressly incorporated into the contract.  Careful attention should be paid to assertions that payment must be made for non-use by the customer of the auditing company’s software, or for potential future use that has not yet occurred.  

We were pleased to see that the appellate court reversed the lower court’s dismissal and is allowing this whistleblower suit to proceed past the pleading stage.  Only when predatory software vendors are held to account by the courts will such behaviour end.  Tactical Law will continue to monitor the case.  Please check back here for periodic updates.


The latest updates straight to your inbox

We just need a few details to get you subscribed

Health Checks

Inventory & Compliance

Cloud Readiness & Optimisation

Agreement & Audit Support


Looking for something specific?

Let's see what we can find - just type in what you're after

Wait! Before you go

Have you signed up to our newsletter yet?

It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!

Cookie Notice

Our website uses cookies to ensure you have the best experience while you're here.