Common Cognos audit findings and how to challenge them.
Cognos draws audits because its role based licensing and its bundled Db2 leave several predictable gaps. The findings IBM raises are recurring, and so are the buyer side challenges to them. Knowing which findings are coming lets you build the evidence before IBM asks for it.
Cognos sits on the list of high-risk IBM products that draw audits for the same reasons WebSphere and Db2 do: it is widely deployed, its metrics are easy to drift out of compliance, and it ships with a bundled database that is simple to misuse. When the findings letter arrives, the items on it tend to come from a short, familiar set. Each one has a known shape, and each one has a known way to push back. The estates that settle well are the ones that recognized the findings early and assembled the counter evidence before the data request closed.
Role inflation across the user base
The most common finding is that more users hold authoring or administrative roles than actually use them. Cognos weights roles differently, and a consumer who only views reports is a far lighter entitlement than an author who builds them. IBM counts roles as assigned. The challenge is to count roles as used: pull the platform usage, map each named user to the capability they genuinely exercise, and demonstrate that the heavy roles are fewer than the grants suggest.
Dormant, duplicate, and non human accounts
Leavers who were never deprovisioned, service accounts, and the same person appearing across two directories all inflate the named user total. These are not licensable users in the way IBM's opening count treats them, and each one struck reduces the finding. The evidence is a clean identity reconciliation against the directory and the leaver records.
Bundled Db2 used beyond its scope
Cognos includes a restricted-use Db2 license, entitled only to support Cognos itself. Pointing that database at another workload breaches the bundle, and bundling misuse is a named IBM audit trigger. The challenge is to scope the finding to the actual outside usage rather than conceding the whole instance, and to reconcile against any full-use Db2 entitlement already held that could cover the overflow.
Environment and edition mismatches
- Non production and development copies counted as if they were licensed production instances
- A higher Cognos edition deployed than the entitlement covers, often after an in place upgrade
- Capabilities enabled that belong to a tier the organization never purchased
- Mobile or embedded access counted twice against users already licensed for the core platform
How we challenge the set
Every one of these findings is answered with evidence rather than argument. We reconcile assigned roles to used roles, strike the accounts that should not count, scope the bundled Db2 to its real usage, and match every claim against the entitlements already on record. The corrected numbers go into a settlement that names the products and the counts, and we fold the right edition and role mix into the forward renewal so the same findings do not return next cycle.
Cognos findings are predictable, which means they are answerable in advance. Reconcile roles to real use, strike dormant and duplicate accounts, hold the bundled Db2 to its entitled scope, and challenge every finding against the entitlements you already own before the settlement is drafted.
Cognos findings on the table?
Our Audit Negotiation engagement challenges each Cognos finding with usage evidence, strikes the accounts that should not count, and reduces the settlement to the roles in real use.
See Audit Negotiation →The IBM Audit Brief
Audit triggers, ILMT pitfalls, and settlement tactics for IBM software buyers.
Independent, buyer side IBM software audit defense and negotiation. Not affiliated with IBM Corporation.