Case Study – IBM Audit Defense: University of Oregon Avoids All Audit Costs with Redress Compliance Strategy
Background
The University of Oregon (UO), a leading public research institution based in Eugene, Oregon, serves over 22,000 students and employs more than 4,000 faculty and staff.
Its IT infrastructure encompasses academic systems, research platforms, administrative applications, and data centers that support critical university operations.
In early 2024, the university received formal notice from IBM that it would be subject to a license compliance audit.
Like many large institutions, UO had used IBM software for years—primarily IBM WebSphere, Cognos, and Tivoli products—acquired through multiple agreements, some dating back more than a decade.
Given the complexity of its licensing footprint and uncertainty around how IBM would interpret usage, UO’s leadership turned to Redress Compliance for expert guidance.
The objective: to navigate the audit confidently, minimize risk, and prevent unnecessary exposure.
The result: a zero-payment outcome—the university passed the IBM audit without owing any fees, thanks to a structured defense plan led by Redress.
Challenges
The University of Oregon’s challenges were typical for institutions facing a software audit—but made more urgent by the aggressive and opaque nature of IBM’s audit process:
- Legacy Licensing Complexity: Over the years, UO had accumulated IBM licenses through perpetual agreements, academic bundles, and enterprise contracts. Many entitlements had vague terms or unclear usage metrics.
- Decentralized IT Deployments: With various colleges, departments, and research centers managing their systems, software deployments were not centrally tracked—making usage reporting difficult.
- Uncertainty Around Sub-Capacity Licensing: UO used IBM software in virtualized environments, but lacked confidence that all sub-capacity terms and measurement tools (such as ILMT) were correctly implemented.
- Limited Internal Audit Readiness: The university had not conducted a recent IBM license review and was uncertain whether it could meet IBM’s aggressive audit timeline.
- Risk of Financial Exposure: IBM’s audits often result in large settlement demands for licensing shortfalls, even when based on vague or disputed assumptions. The university needed to avoid reputational and budgetary impact.
UO recognized the need for independent audit defense expertise and engaged Redress Compliance to lead its strategy.
How Redress Compliance Helped
Redress Compliance quickly mobilized a proven IBM audit defense framework, tailored to UO’s academic and technical environment.
1. Pre-Audit Licensing Assessment
We began with a detailed entitlement and deployment analysis:
- Reconstructed IBM license purchases and contracts
- Aligned software usage to license types and versions
- Reviewed product metrics (e.g., PVUs, RVUs, user-based) and mapped them to current installations
- Assessed virtualization environments and validated ILMT configurations, where applicable
This step provided a baseline view of compliance risk—and revealed that with minor adjustments, the university could fully align its environment to its entitlements.
2. Audit Defense Planning
Redress created a comprehensive audit defense strategy, including:
- A detailed audit response playbook, defining roles, timelines, and documentation procedures
- A legal and licensing position summary, prepared in advance to rebut any assumptions IBM might present
- Technical remediation guidance to eliminate ambiguities around sub-capacity and deployment metrics
- Internal workshops with IT, procurement, and legal to align messaging and ensure consistent, informed engagement with IBM
We positioned UO to control the audit narrative and avoid surprises.
3. IBM Interaction Management
Redress directly supported UO in managing all interactions with IBM and its auditors. We:
- Reviewed and validated all data requested before it was shared
- Responded to auditor inquiries with contextual and contractual clarifications
- Rejected overreaching requests not covered under audit rights
- Pushed back on assumptions not grounded in licensing terms or entitlement scope
By managing IBM’s auditors strategically, Redress prevented scope creep and eliminated unjustified claims before they materialized.
Outcome and Impact
Thanks to Redress Compliance’s strategy and hands-on support, the University of Oregon achieved a best-case outcome:
- Zero financial liability: IBM concluded the audit without assessing any fees or backdated licensing penalties
- No adverse findings: All deployment and usage data were shown to be in line with entitlements
- Full compliance achieved, including remediation of potential ILMT or sub-capacity exposure before the audit was finalized
- Audit completed on UO’s terms, with minimized disruption and a clear path forward for future license governance.
- Increased internal capability: UO’s IT and procurement teams are now better equipped to manage IBM licensing and compliance proactively
The university protected both its budget and reputation—and did so without relying on IBM’s interpretation of the rules.
Client Quote
“IBM audits can feel like a black box, but Redress Compliance brought total transparency and control to the process. They helped us assess our risk, close the gaps, and push back where it mattered. The audit ended with zero cost to the university—and total peace of mind.”
— CIO, University of Oregon
Call-to-Action
Facing an IBM audit? Don’t navigate it alone. Redress Compliance defends organizations with proven strategies that eliminate exposure, reduce risk, and keep your budget intact.
Book your IBM audit defense consultation today.
Read about our IBM Advisory Services and more of our IBM case studies.
