I heard from dozens of readers this morning about a message IBM sent to its current employees concerning their 401K plan — changing it from a contribution in every paycheck to a single contribution at the end of the year. Of course if you are laid off that means no annual contribution, less retirement savings, but a real bonus to the company. This, in itself, isn’t worth a column. It’s just Scrooge IBM being more Scrooge-like in search of that 2015 earnings target. What is worth a column is putting this news in the context of IBM having failed its recent internal security audit, which should concern IBM customers.

What, they didn’t tell you?

How well is this screwing U.S. employees and offshoring their jobs working for IBM? Not very. When IBM supports your IT the company has to meet standards for data protection and security.  OS’s will get all their security patches, antivirus software will be current and running, user-ID’s will be closely managed, backups will done, etc. There are industry standards for this stuff.  IBM does a self audit before getting its annual industry review.  For 2012 IBM failed its internal audit. The annual review has been postponed and there is a big push to fix stuff.  If the crisis is not fixed, this could be a huge problem for IBM Global Services.

Can the offshore support teams do this work? Yes. The problem is their time is tightly managed and they are not allowed to take any initiative. Management is focused on oiling the squeaky wheels so they don’t think past immediate problems. Managers, too, are not allowed or are afraid to take initiative.

IBM has built a management culture in which you do only what you are told to do when you are told to do it. If you are not told to check the backup reports every day, they are not checked. Often staffing is so tight that 100 percent of the team’s time must be spent fixing active problems. No time remains to check anything that hasn’t already been declared broken.

IBM has wiped out personal responsibility at the server admin level. The problems are well known internally and IBM’s management turns a deaf ear to them. Any IBMer or manager who speaks out usually lands on a layoff list. Now IBM has an audit crisis and management is surprised and upset, yet it’s their own damned fault.

The immediate story here is IBM employees being screwed out of their 401k match but it soon will be IBM customers whose systems fail an SAS70 audit. If I was an IBM customer the message I would send to Big Blue is “Stop dreaming up ways to screw your employees and focus on actually doing your job.”

IBM customers, ask to see the audit reports on your systems! Can IBM provide you full and current documentation to prove you are in audit compliance? Ask to see it.