IBM Audit Defense. An Italian retailer case study.

A missed sub capacity report turned a routine review into a full capacity claim, and the defense was won on measurement evidence, not on argument.

What was the situation and the IBM claim?

The client was a leading Italian retailer running IBM middleware across a virtualized estate. A routine IBM review found that the IBM License Metric Tool had not produced compliant reports for several quarters.

Under IBM terms, sub capacity licensing depends on continuous ILMT reporting. The requirement is set out in the IBM License Metric Tool documentation, the Passport Advantage sub capacity terms, and the wider Passport Advantage agreements.

How the claim was framed

• Full capacity basis: IBM measured every physical core in the cluster, not the cores in use.
• Back dated period: the claim covered the quarters with missing reports.
• Large headline number: the result was several times the retailer's real consumption.

Why the retailer could not simply refuse

The contract gave IBM the right to measure full capacity when sub capacity reporting lapsed. Refusal was not an option. The defense had to rebuild the measurement evidence that the missing reports should have provided.

Why was the IBM claim so much larger than real usage?

The gap was entirely a measurement gap. The retailer was not overusing the software. It simply could not prove, with compliant data, how little of the physical capacity the workloads actually touched.

IBM publishes the PVU points values that drive the capacity math in its PVU points table. On a large virtualized cluster, full capacity multiplies those points across every core, including cores that never ran the product.

The mechanics of the multiplier

• Every core counts: full capacity ignores which cores ran the workload.
• Virtualization amplifies: dense clusters carry far more cores than any single workload uses.
• Points stack: the PVU rating multiplies across the whole physical footprint.

How was the audit defense actually built?

The defense was an evidence project. The team reconstructed what the ILMT reports would have shown and restored compliant reporting going forward, then took that evidence into the commercial discussion.

The evidence rebuild

• Historical reconstruction: deployment records and configuration history rebuilt the real usage picture.
• ILMT restoration: the tool was reinstalled and brought back to compliant, continuous reporting.
• Decommission log: retired hardware was documented to remove it from the entitlement base.

Where the common advice on IBM audits is wrong

The common advice is to dispute an IBM audit claim hard and refuse the full capacity number on principle. We disagree. In the audit defenses we ran in 2024 and 2025, the claims that collapsed did so on measurement evidence, not on argument, and estates that led with confrontation lost time and credibility. The buyer side move is to accept the contractual basis, then rebuild the usage evidence that the missing reports should have shown and negotiate down to real consumption. You win an IBM audit with data and a restored ILMT position, not with a fight over the principle.

An IBM audit is won the way the Italian retailer won it: with rebuilt measurement evidence and a restored ILMT position, not with a dispute over principle.

What was the outcome and the buyer side moves?

The settlement landed in the routine renewal range rather than the full capacity headline. The reporting fix held the position going forward, and the renewal dropped stranded entitlements.

• Evidence first: the rebuilt usage picture moved the basis from full to sub capacity.
• Reporting restored: continuous ILMT closed the exposure for future quarters.
• Entitlement reconciled: decommissioned hardware was removed from the base.
• Renewal co termed: aligned dates built volume leverage for the new term.

What the retailer changed permanently

ILMT became a monitored compliance system, not an optional add on. Quarterly reporting was put under ownership, and the entitlement base was reconciled to live capacity at every renewal.

What to do next

1. Confirm the IBM License Metric Tool is installed and producing compliant quarterly reports.
2. Check for any gap in ILMT reporting that could expose a full capacity claim.
3. Reconstruct historical usage from deployment records where reporting lapsed.
4. Document all decommissioned hardware to remove it from the entitlement base.
5. Reconcile every PVU entitlement to live, in use capacity.
6. Put quarterly ILMT reporting under named ownership as a monitored process.
7. Take the reconciled position and the evidence into the renewal as your opening basis.

Frequently asked questions

Related advisory: Start with our IBM audit defense playbook, engage the IBM audit defense service, and prepare for IBM audit negotiations before the settlement phase.

Frequently asked questions

Why did the IBM audit claim start so high?

The claim was measured at full physical capacity because the IBM License Metric Tool had not produced compliant reports for several quarters. Without that data, IBM is contractually entitled to count every core in the virtualized estate, which on a dense cluster is several times real usage.

Can you reduce an IBM full capacity claim?

Yes, by rebuilding measurement evidence. In this case and across our 2024 to 2025 audit defenses, reconstructed usage data and restored ILMT reporting cut the median claim by around 60 percent before any commercial negotiation, moving the basis from full capacity to actual consumption.

What is the IBM License Metric Tool requirement?

IBM requires the License Metric Tool to be installed and producing continuous quarterly reports as the condition for sub capacity licensing. If reporting lapses, IBM measures full physical capacity for the gap period, which is what triggered this retailer's claim.

How do you defend an IBM software audit?

You defend it with data, not argument. Accept the contractual basis, reconstruct the real usage the missing reports should have shown, restore continuous ILMT reporting, document decommissioned hardware, and negotiate the settlement down to actual consumption.

Should I dispute an IBM audit claim on principle?

No. In our experience, claims collapse on measurement evidence, while leading with confrontation costs time and credibility. The effective move is to rebuild the usage evidence and restore the sub capacity position, then settle on real consumption.

What is sub capacity licensing in this context?

Sub capacity lets you license only the cores assigned to a workload rather than every core in the server. It is the largest cost control on a virtualized IBM estate, but it holds only while ILMT produces continuous compliant reports.

How much of the entitlement base is usually stranded?

In our IBM engagements, 20 to 35 percent of entitlements typically sit on hardware that has been decommissioned or virtualized away. Reconciling the base to live capacity at renewal is how the retailer lowered its run rate after settling the claim.

What did the retailer change after the audit?

ILMT became a monitored compliance system under named ownership, with quarterly reporting enforced. The entitlement base was reconciled to live capacity at every renewal, which closed the future exposure and removed stranded entitlements from the run rate.