One of the United Kingdom's largest mining companies faced an IBM audit claiming £40 million in alleged non-compliance. Through comprehensive audit review, sub-capacity licensing validation, virtualisation assessment, entitlement analysis across historical agreements, and data-driven negotiation, Redress Compliance reduced the financial exposure by 97% — from £40 million to £1.2 million — while securing additional licences for future scalability with no penalties or retroactive fees.
The client is one of the United Kingdom's largest mining companies, operating exploration, extraction, processing, and logistics operations across multiple continents. The corporation's IT infrastructure supports mission-critical mining operations including geological exploration and modelling systems, mine planning and scheduling, logistics and supply chain management, enterprise resource planning, health and safety monitoring, and corporate financial consolidation. IBM technology is deeply embedded in the corporation's infrastructure — IBM middleware products (WebSphere, MQ, Integration Bus) support application integration across the global estate, IBM database products (Db2) underpin core operational and analytical systems, and IBM infrastructure software manages workloads across a complex environment of physical servers, virtualised platforms, and cloud-hosted services spread across remote mining sites, regional processing centres, and international corporate offices.
The geographic distribution of mining operations creates unique IT licensing challenges that are not present in most other industries. Mining operations span remote locations with limited connectivity, often in developing countries where IT infrastructure is deployed in non-standard configurations to accommodate environmental and logistical constraints. Virtualisation is used extensively to maximise hardware utilisation at remote sites where physical server capacity is expensive to deploy and maintain. This distributed, heavily virtualised environment creates significant complexity for IBM licensing — particularly for IBM's Processor Value Unit (PVU) based metrics, where the licensing cost depends on the processor architecture, the virtualisation technology, and whether sub-capacity licensing rules have been correctly implemented and maintained across every server in every location worldwide.
The corporation had operated its IBM landscape for over fifteen years, during which time the environment had evolved substantially through organic growth and strategic change. Mergers and acquisitions had introduced new IBM deployments from acquired mining companies with different contractual terms, different licence entitlements, and different ILMT configurations. Virtualisation technologies had changed multiple times as the corporation upgraded its data centre infrastructure across generations of hardware. Server architectures had been upgraded from older processor types to newer, higher-PVU-value processors, changing the licensing calculations for every IBM product running on those servers. The relationship between the corporation's IBM licence entitlements and its actual deployments had become increasingly difficult to track accurately — particularly across remote mining sites where IT governance was managed by local teams with limited licensing expertise. This complexity, combined with the inherent challenges of managing IT licensing compliance across dozens of remote global locations spanning multiple continents and time zones, created the conditions that led to IBM's substantial audit claim.
IBM initiated a licence audit under the standard audit provisions in the corporation's IBM Passport Advantage agreement. IBM's audit was conducted using data extracted from IBM's Licence Metric Tool (ILMT) deployed across portions of the corporation's estate, supplementary deployment information gathered during the audit process. IBM's findings identified three primary areas of claimed non-compliance, each contributing substantially to the £40 million total claim.
IBM's sub-capacity licensing rules allow organisations to licence IBM software based on the virtual capacity allocated to the software rather than the full physical capacity of the underlying server. However, sub-capacity licensing requires strict compliance with IBM's Sub-Capacity Licensing Terms — including deployment of ILMT across all eligible servers, regular reporting, and specific virtualisation technology requirements. IBM's audit claimed that the corporation had not met the sub-capacity requirements across a significant portion of its global server estate, meaning that full-capacity licensing should apply instead. The difference between sub-capacity and full-capacity licensing is enormous — often five to ten times the licence cost — and this single claim represented the largest component of the £40M exposure.
The corporation used multiple virtualisation technologies across its global estate — VMware, IBM PowerVM, and in some locations, older virtualisation platforms that predated IBM's current sub-capacity rules. IBM's audit claimed that certain virtualisation configurations did not qualify for sub-capacity licensing under IBM's policies, requiring full-capacity licensing for all IBM software running on those hosts. The virtualisation claims were technically complex and required detailed analysis of specific hypervisor configurations, virtual machine assignments, and IBM's evolving rules regarding which virtualisation technologies qualify for sub-capacity treatment.
IBM's audit identified discrepancies between the corporation's deployed IBM products and its licence entitlements. Some IBM products were deployed on more processors than the entitlements covered, some products were deployed without any corresponding entitlement (typically products that had been inherited through acquisitions or installed as dependencies of other IBM software), and some licence entitlements were recorded against products that had been renamed or restructured in IBM's product catalogue. These entitlement mismatches spanned fifteen years of IBM agreements, making the reconciliation highly complex and requiring analysis of historical IBM contract terms that had changed multiple times.
The corporation engaged Redress Compliance to challenge IBM's audit findings, establish an accurate compliance baseline based on independently validated data, and negotiate a fair resolution that reflected the corporation's actual IBM usage rather than IBM's maximised compliance interpretation. Redress Compliance's IBM audit defence methodology follows a structured four-phase approach that has been refined across dozens of IBM audit engagements for organisations across multiple industries and geographies, and consistently achieves reductions of 80–97% from IBM's initial claims. The methodology addresses IBM audits on three simultaneous fronts: technical (validating the accuracy of IBM's measurement data and sub-capacity calculations), contractual (identifying entitlements and provisions in historical agreements that IBM has overlooked or misinterpreted), and commercial (negotiating a resolution that reflects the corrected compliance position and the organisation's strategic value to IBM as a long-term customer).
Redress Compliance's independence from IBM was critical for this engagement. As an advisory firm with no IBM partnership, reseller relationship, or referral arrangement, every analysis and recommendation served the corporation's interests exclusively. IBM's audit and compliance teams have an inherent commercial interest in maximising the audit finding — a larger non-compliance claim supports a larger commercial resolution. Independent advisory ensures rigorous, systematic challenge of IBM's findings and unconflicted negotiation conducted purely on the client's behalf. For context on IBM audit processes, see: IBM Licence Audit Defence Service.
Redress conducted a detailed review of IBM's audit findings, examining every component of the £40 million claim. The review challenged IBM's methodology, data accuracy, and interpretations on a claim-by-claim basis.
Redress examined the corporation's ILMT deployment and reporting history across every server location worldwide. The analysis revealed that IBM's assessment of sub-capacity non-compliance was significantly overstated. While ILMT coverage was incomplete at some remote mining sites (where connectivity and infrastructure constraints made deployment challenging), the majority of the corporation's server estate did meet IBM's sub-capacity requirements. Redress compiled detailed evidence — ILMT reports, server inventories, virtualisation configurations, and deployment histories — demonstrating that sub-capacity licensing was valid for a substantially larger portion of the estate than IBM's audit had acknowledged. This single finding — restoring sub-capacity eligibility for the majority of the server estate — reduced the sub-capacity component of the claim dramatically and eliminated the largest portion of the £40M exposure.
Redress conducted a technical assessment of every virtualisation platform across the corporation's global estate, mapping specific hypervisor versions, configuration settings, and virtual machine assignments against IBM's sub-capacity virtualisation requirements. The analysis demonstrated that several virtualisation configurations that IBM had classified as non-qualifying actually met IBM's requirements when the specific technical details were examined. IBM's audit had applied a broad classification that did not account for configuration-level nuances that determined sub-capacity eligibility. Redress produced detailed and comprehensive technical documentation for each disputed virtualisation environment, providing IBM with evidence that the configurations qualified for sub-capacity treatment.
Redress conducted a comprehensive review of the corporation's IBM agreements spanning fifteen years — including the original Passport Advantage agreement, subsequent amendments, acquisition-related agreements, and supplementary order forms. This review uncovered entitlements that IBM's audit team had not reflected in its compliance calculation: licences from acquired companies that had not been migrated into the corporation's primary agreement, historical entitlements for products that IBM had renamed or restructured (where the original entitlement remained valid under the new product name), and contractual provisions that granted broader usage rights than IBM's current standard terms. These historical and previously undocumented entitlements significantly reduced the entitlement mismatch component of the audit claim.
While Phase 1 challenged IBM's audit methodology and interpretation of the licence agreements, Phase 2 focused on establishing an accurate, independently validated picture of the corporation's actual IBM deployments and licence consumption across its entire global estate. This independent validation was essential because IBM's audit data relied on ILMT snapshots and supplementary deployment information that did not always reflect the current state of the environment — servers had been decommissioned, workloads had been migrated, and configurations had changed since the data was collected.
With comprehensive evidence from the audit review and independently validated deployment data that painted a fundamentally different compliance picture from IBM's initial findings, Redress developed and executed a negotiation strategy with IBM's compliance and commercial teams. The negotiation was carefully sequenced — Redress ensured that all technical evidence, entitlement reconciliation, and data validation were complete and thoroughly documented before presenting IBM with the corporation's corrected compliance position. This thorough preparation allowed Redress to present a single, comprehensive, and well-documented counter-position supported by server-level evidence rather than negotiating incrementally as individual findings were disputed.
Sub-capacity claims resolved: The detailed ILMT evidence and server-by-server analysis demonstrated that sub-capacity licensing was valid for the vast majority of the corporation's IBM estate. IBM accepted the technical evidence and revised its sub-capacity assessment, eliminating the largest component of the original claim. The remaining sub-capacity gaps were limited to a small number of remote locations where ILMT deployment had genuinely not been maintained — and even these gaps were resolved at significantly lower costs than IBM's initial full-capacity calculations.
Virtualisation claims corrected: The technical documentation of virtualisation configurations provided evidence that IBM's broad classification of non-qualifying environments was incorrect. IBM revised its virtualisation assessment for the environments where Redress had demonstrated sub-capacity eligibility, further reducing the claim.
The final phase focused on preventing future compliance risks and establishing ongoing IBM licensing governance that would be sustained across the corporation's global operations. For a global mining corporation with IT infrastructure spanning dozens of locations across multiple continents — many in remote areas with limited connectivity and local IT support — sustained compliance requires automated monitoring, clearly defined processes, and trained teams at every location. The manual and ad-hoc approaches that had previously been relied upon were demonstrably insufficient for the scale, complexity, and geographic distribution of the corporation's IBM environment.
Deployed ILMT across all remaining servers where it had not previously been installed, ensuring complete sub-capacity coverage worldwide. Implemented centralised licence management dashboards that provide real-time visibility into PVU consumption, entitlement usage, and compliance status across all global locations. Configured automated alerts when PVU consumption approaches licence thresholds, when new IBM software installations are detected, or when virtualisation configuration changes could affect sub-capacity eligibility.
Established formal processes for IBM software deployment, virtualisation changes, and server provisioning that incorporate licensing impact assessments. New IBM software installations require approval through a licensing review process. Virtualisation configuration changes undergo sub-capacity impact assessment before implementation. Quarterly compliance reviews reconcile actual deployments against entitlements and identify any drift that requires remediation. These processes ensure compliance is maintained continuously rather than discovered retrospectively during audits.
Delivered targeted training for IT teams across global locations — including remote site administrators responsible for local IBM infrastructure — covering IBM's sub-capacity licensing rules, ILMT reporting requirements, virtualisation configuration impacts, and the corporation's specific contractual terms. The training programme was designed to be delivered both in-person and remotely, accommodating the corporation's distributed global operations and ensuring that IT staff at every location understand the licensing implications of their technical decisions.
"Redress Compliance's expertise turned a high-stakes audit into a manageable challenge. Their guidance saved us millions and strengthened our compliance practices, ensuring we're well-prepared for the future. Their support was invaluable." — CIO
The engagement delivered exceptional results across financial, operational, and strategic dimensions. The £40M audit claim was reduced to £1.2M — a 97% reduction that saved the corporation £38.8 million in potential compliance costs. The £1.2M settlement was invested entirely in additional IBM licences for future growth and expanded mining operations, with no penalties or retroactive fees included in the resolution. Operationally, the licence reallocation and misconfigured installation cleanup reduced the corporation's IBM licence footprint, eliminated unnecessary software deployments across global sites, and established a clear baseline of what IBM software was running where and under what licence entitlements. The governance framework — comprehensive global ILMT coverage, centralised automated monitoring dashboards, formal deployment and change management processes, and training programmes for IT teams at every location including remote mining sites — provides continuous compliance assurance across the corporation's worldwide operations and early warning of any drift that could create future exposure. Strategically, the relationship with IBM was preserved and strengthened as a productive commercial partnership, with clear expectations, documented entitlements, and governance practices that significantly reduce the likelihood and potential financial impact of future IBM audit activities.
The CIO's assessment reflects the comprehensive and transformative impact of the engagement. Redress Compliance transformed a £40 million IBM audit threat into a £1.2 million investment in the corporation's IBM licensing future — saving £38.8 million while simultaneously implementing governance practices that provide ongoing compliance assurance across the corporation's global mining operations. The methodology applied to this engagement — sub-capacity validation, virtualisation assessment, historical entitlement reconciliation, licence reallocation, evidence-based negotiation, and governance implementation — is directly applicable to any mining, resource, or industrial company facing an IBM audit, and delivers consistently superior outcomes for clients compared to accepting IBM's initial findings or attempting to negotiate without independent specialist support.
| Outcome Dimension | Before Redress Engagement | After Redress Engagement |
|---|---|---|
| Financial exposure | £40 million audit claim | £1.2 million — licences for growth (97% reduction) |
| Sub-capacity position | Multiple locations flagged as non-compliant | Sub-capacity validated across vast majority of estate |
| Virtualisation licensing | Broad non-qualifying classification applied | Configuration-level evidence restored sub-capacity eligibility |
| Governance | Incomplete ILMT coverage, no formal processes | Global ILMT, automated monitoring, trained teams |
| Net result | £38.8M saved, zero penalties, licences acquired for growth, ongoing compliance assured | |
The 97% reduction was achieved through four complementary strategies: demonstrating that IBM's sub-capacity non-compliance claims were significantly overstated by providing server-by-server ILMT evidence, correcting IBM's virtualisation classifications through detailed technical documentation, reconciling fifteen years of historical agreements to identify overlooked entitlements, and recalculating actual PVU consumption using independently validated deployment data. The combination eliminated the vast majority of IBM's original claim.
Sub-capacity licensing allows organisations to licence IBM software based on the virtual capacity assigned to the software rather than the full physical capacity of the underlying server. This typically reduces licensing costs by 80–90%. However, sub-capacity licensing requires strict compliance with IBM's rules — including deploying ILMT on all eligible servers, maintaining regular reporting, and using qualifying virtualisation technologies. If sub-capacity requirements are not met, IBM can require full-capacity licensing, which increases costs by five to ten times.
ILMT is IBM's software tool that monitors and reports on IBM software usage across an organisation's server estate. ILMT tracks PVU consumption, identifies installed IBM products, and generates compliance reports. Deploying ILMT across all servers running IBM software is a mandatory requirement for sub-capacity licensing eligibility. Without ILMT, IBM can require full-capacity licensing, which dramatically increases costs. Ensuring complete ILMT coverage and maintaining regular reporting is the single most important IBM compliance action.
PVU is IBM's primary licensing metric for middleware and infrastructure software. The PVU value assigned to each processor core depends on the processor architecture — newer, more powerful processors typically have higher PVU values per core. The total PVU requirement for an IBM product is calculated by multiplying the number of processor cores allocated to the software by the PVU value per core. Understanding PVU calculations and ensuring accurate measurement is essential for IBM licence compliance and cost optimisation.
Acquisitions introduce new IBM deployments with different contractual terms, entitlements, and licensing histories. If acquired companies' IBM agreements are not properly migrated and reconciled with the acquiring company's agreements, entitlements can be lost or overlooked during audits. Conversely, historical agreements from acquired companies may contain valuable entitlements that reduce the acquiring company's overall compliance exposure. A thorough review of all historical agreements — including those from acquired entities — is essential during audit defence.
A comprehensive IBM audit defence engagement typically takes 10–16 weeks from initial engagement to final resolution. For global organisations with complex, distributed environments, the data collection and validation phase may require additional time to gather accurate deployment information from all locations. Starting the engagement as early as possible after receiving IBM's audit notification is critical — it provides maximum time for thorough analysis, optimisation, and strategic negotiation preparation before IBM expects a response.
No. IBM's initial audit findings should always be reviewed critically by an independent specialist. IBM's audit methodology is designed to identify the maximum possible compliance exposure, and initial findings routinely contain overstatements, incorrect sub-capacity classifications, and interpretations that do not align with the organisation's specific contractual terms. In this case study, 97% of IBM's initial claim was eliminated through rigorous analysis and challenge. Accepting initial findings without expert review invariably results in significantly higher costs than necessary.
Redress Compliance helps enterprises defend against IBM audit claims and achieve fair, cost-effective resolutions. Our advisory is 100% independent — no IBM partnerships, reseller relationships, or referral arrangements.