Florida Logistics. IBM audit closed 92 percent down.

A Florida logistics company faced an IBM audit that priced disaster recovery hosts and seasonal peak capacity as permanent deployment. Standby classification and sub capacity evidence closed it 92 percent below the opening number.

Why did IBM audit the Florida logistics company?

IBM audited the company after years of estate growth tied to warehouse automation and peak season scaling, with ILMT reporting that never kept pace. The estate ran MQ across distribution messaging, Db2 under shipment data, and Maximo for fleet and facility assets.

The audit arrived after a peak season, and the auditor's scans caught the estate at its largest: burst capacity still provisioned, DR mirror fully populated, and no reporting to distinguish either from steady state production.

• Audit trigger: estate growth with stale ILMT coverage across hub sites.
• Publisher position: every provisioned host, DR included, licensed at full capacity.
• Customer reality: steady state production was a fraction of the post peak snapshot.

What did the deployment analysis actually show?

The analysis showed the auditor had priced three different things as one: permanent production, a DR mirror that sat idle outside tests, and seasonal burst capacity that existed for a quarter of the year.

How does IBM policy treat standby and DR servers?

IBM distinguishes idle standby from active use: a cold or idle mirror that does no productive work outside failover generally does not need full licensing, but the burden of evidencing the topology and test windows sits with the customer.

How was the IBM audit claim defended?

The defense documented what the snapshot could not see: twelve months of hypervisor history showing the seasonal curve, DR test logs showing the mirror's idle profile, and remediated ILMT restoring sub capacity eligibility.

1. Reconstruct twelve months of allocation history to evidence the seasonal profile.
2. Document DR topology, failover roles, and test windows from change records.
3. Deprovision dormant Maximo accounts and evidence the active user count.
4. Remediate ILMT across hub sites and validate agent coverage.
5. Negotiate from the annualized, classified estate, not the peak snapshot.

Why does the audit timing argument matter?

Because a snapshot taken after peak season is the estate's worst case. Forcing the analysis onto an annualized basis with documented seasonality removed the burst capacity component almost entirely.

What was the commercial outcome for the logistics company?

The audit closed 92 percent below the opening claim. Standby classification removed the DR component, the annualized profile removed the seasonal component, and sub capacity evidence repriced the production remainder.

• Claim reduction: 92 percent off the opening position at close.
• DR recognized: the idle mirror priced as standby, not production.
• Forward posture: seasonal provisioning now carries documented start and end dates.

What changed in how the company provisions peak capacity?

Burst capacity now deploys with explicit time bounds, tagged in the hypervisor and reflected in ILMT, so next season's peak is a documented event rather than a future audit finding.

Where the common advice on IBM audits and DR licensing is wrong

The standard advice is to license DR mirrors fully because arguing standby classifications with IBM is not worth the friction. We disagree. In roughly 25 to 35 IBM engagements Morten Andersen advised in 2024 to 2025, wrongly conceded standby licensing was among the largest single overpayments in DR heavy estates, worth 30 to 70 percent of audit claims and years of support stream after. The classification rules reward documentation, not silence. The buyer side move is to document failover roles, idle profiles, and test windows now, and make the auditor price the topology you can prove rather than the one their snapshot assumes.

What the engagement data shows

Three cuts of our advisory engagement file frame the size of the opportunity.

What to do next

Five moves turn this analysis into a lower invoice on the next renewal.

A sequence you can run this quarter

1. Document DR topology, failover roles, and test windows from change records now.
2. Tag seasonal burst capacity with explicit start and end dates in the hypervisor.
3. Verify ILMT agent coverage across every hub and DR site this quarter.
4. Run a dormant account sweep on user licensed products like Maximo.
5. Archive twelve months of allocation history before any audit letter arrives.
6. If a notice arrives, force the analysis onto an annualized, classified basis.

White Paper · IBM

IBM Audit Defense Guide

The buyer side framework we use with Fortune 500 clients defending IBM software audits. Read it free.

Read the white paper

Frequently asked questions

What triggered the IBM audit at the Florida logistics company?

Estate growth with stale ILMT reporting triggered it, and the audit landed right after peak season, when provisioned capacity and the DR mirror made the estate look permanently large.

How much was the IBM audit claim reduced?

The claim closed 92 percent below the opening position after standby classification, annualized seasonality evidence, and remediated sub capacity reporting repriced each component.

Do disaster recovery servers need full IBM licenses?

Idle standby mirrors that do no productive work outside failover and testing generally do not require full licensing, but the customer must evidence the topology, roles, and test windows.

How is seasonal burst capacity treated in an IBM audit?

By default it prices as permanent deployment because the audit snapshot cannot see time. Twelve months of hypervisor history evidencing the seasonal curve moves the claim to an annualized basis.

Did the company remediate ILMT during the audit?

Yes. ILMT was redeployed across hub sites during the defense, restoring sub capacity eligibility and supporting the retroactive evidence argument for the gap period.