Buyer side audit defense. 500+ enterprise clients across 11 vendor practices. Schedule a Call →
US airline IBM audit defense case study
Case Study / IBM

US Airline Reduces $42M IBM Claim by 87 Percent

A major US airline received an IBM sub capacity audit claim totalling forty two million dollars. Redress Compliance ran the audit defense and rebuilt the entitlement license position. The final settlement closed at five point three million dollars, an eighty seven percent reduction without litigation.

Defend an IBM Audit → Get the IBM Audit Guide
$36.7MClaim Reduction
87%Settlement Cut
Home/IBM Hub/Case Studies/US Airline IBM Audit
500+ Enterprise Clients Industry Recognized $2B+ Under Advisory 11 Vendor Practices 100% Buyer Side Independent

IBM's audit team opened with a forty two million dollar claim built around alleged sub capacity non compliance, ILMT gaps, and PVU undercounting across the airline's mainframe and middleware estate. The signed settlement landed at five point three million.

Industry
Aviation
Region
North America
Initial Claim
$42.0M
Final Settlement
$5.3M
Portrait placeholder for Morten Andersen, Co Founder
Written by Morten Andersen Co Founder · ex IBM, ex Oracle
PublishedSeptember 10, 2022
Last updatedApril 9, 2023

The audit and the response

The audit notice arrived during peak season

The customer is a top five US passenger airline operating a hub and spoke network across the continental United States, the Caribbean, and Latin America. The IBM footprint covered an extensive WebSphere Application Server estate behind the reservation platform, an MQ messaging backbone connecting the loyalty engine to revenue management, a DB2 z/OS landing for crew operations, and a Cognos Analytics tier for the corporate reporting function. The IBM audit notice arrived in late April, four weeks before the summer schedule peak. The notice cited the standard audit clause and named the IBM partner, a global tier one firm, as the engagement lead.

The customer's CIO had previously engaged Redress for an Oracle audit defense engagement two years prior. The directive to the procurement team was clear. The airline would cooperate fully, but the airline would not accept the partner's claim at face value. The buyer side procedure would apply. A 47 step IBM audit defense checklist was issued internally on day one alongside a communications protocol that routed all IBM and partner inquiries through a single authorised inbox.

The opening claim at $42M

The IBM partner delivered the preliminary findings six weeks into the audit. The findings broke down into four lines.

  1. WebSphere full capacity assumption added eighteen million dollars. The partner asserted that the airline's ILMT deployment had gaps across the VMware vSphere clusters that hosted the WebSphere Application Server farm. The partner argued that without continuous ILMT capture, the airline could not claim sub capacity licensing. The partner therefore counted the full physical PVU value of every host in every cluster that ran a WebSphere image, regardless of whether the image was active.
  2. MQ retired image count added six point five million dollars. The partner counted MQ message broker instances on every VMware host that had ever received an MQ image, including hosts where the image had been retired but where the manifest had not been cleaned.
  3. DB2 z/OS DR test treatment added eleven million dollars. The partner asserted that DB2 z/OS workloads operating in failover mode on the disaster recovery LPAR required full capacity licensing during the test windows. The customer had run two scheduled DR tests in the prior twelve months.
  4. Cognos named user inflation added six point five million dollars. The partner counted Cognos Analytics named user IDs against an aggregate population that included terminated employees, contractor accounts that had not been reaped, and a small population of test accounts.

Opening claim build by line

LinePartner AssumptionClaim Added
WebSphereFull capacity, ILMT gap$18.0M
MQRetired image manifest$6.5M
DB2 z/OSDR test full capacity$11.0M
CognosNamed user inflation$6.5M

The Redress buyer side rebuild

The Redress team opened the engagement with a license entitlement reconstruction. The reconstruction pulled every IBM Passport Advantage entitlement, every Sub Capacity Reporting Tool report from the prior twenty four months, every VMware vCenter inventory snapshot from the prior thirty six months, and every DB2 z/OS workload report from the mainframe team. The reconstruction took sixteen working days and produced an alternative effective license position that contradicted the partner's claim across all four lines.

On the WebSphere line, the reconstruction showed that the ILMT deployment was in fact continuous across the relevant period, with two scheduled outages totalling fourteen hours that fell inside the IBM published tolerance for sub capacity reporting. The Redress team produced the IBM technical bulletin that confirmed the tolerance and the outage tickets that confirmed the timing. The eighteen million dollar line collapsed to a residual three hundred thousand dollars covering a single host that had been brought online during a tolerance period.

On the MQ line, the reconstruction produced the VMware host manifests that confirmed the MQ image retirement on the contested hosts. The IBM partner had counted hosts that had not run an MQ workload in over fourteen months. The six point five million dollar line collapsed to seven hundred thousand dollars covering one cluster where retirement was incomplete.

On the DB2 line, the Redress team produced the IBM disaster recovery licensing policy and the customer's DR test logs. The DR test windows fell inside the IBM published cold standby allowance and did not trigger full capacity licensing. The eleven million dollar line collapsed to zero.

On the Cognos line, the reconstruction produced the airline's joiners movers leavers feed and the contractor account governance policy. The terminated employees, the dormant contractors, and the test accounts came out. The six point five million dollar line collapsed to one point three million dollars covering legitimate active named users above the entitled population.

The buyer side principle. An IBM audit claim is an opening position, not a fact. Every line in a partner's preliminary findings rests on assumptions about deployment, retirement, and licensing policy. A buyer side reconstruction tests every assumption against vendor policy and against the customer's own evidence. Most claims collapse on contact with evidence.

Download the IBM Audit Defense Guide

The complete buyer side IBM audit defense playbook covering ILMT readiness, sub capacity reconstruction, partner engagement, and settlement strategy. 47 page PDF gated behind a work email.

Get the Guide →

Run the readiness checklist

The 47 step audit defense readiness checklist tells you in twenty minutes whether your IBM estate is ready for an audit notice. Free interactive tool, no gating.

Run the Checklist →

The settlement at $5.3M

The Redress reconstruction was delivered to the IBM partner in week eleven of the engagement. The partner pushed back on three of the four lines. The Redress team held the technical bulletins, the VMware manifests, and the IBM policy documents on every contested point. By week fourteen, the partner reduced the claim to nine point two million dollars. By week sixteen, the IBM commercial team replaced the partner as the customer interface. By week eighteen, IBM accepted a settlement of five point three million dollars covering the residual sub capacity, the residual MQ retirement, and the residual Cognos overshoot, plus a one year maintenance true forward.

The settlement cleared without litigation, without escalation to the airline's general counsel beyond a routine review, and without disturbing the airline's operational IBM relationship through the summer peak. The customer subsequently retained Redress for a continuous IBM advisory engagement covering the next two renewal cycles.

What changed after the audit

The post audit remediation program covered four work streams.

  1. ILMT governance rebuild. The airline's ILMT governance was rebuilt around a single owner, a documented outage tolerance procedure, and a quarterly attestation cycle. The airline's audit committee adopted the attestation cycle as a standing reporting line.
  2. MQ retirement process formalized. Every VMware host that had ever run an MQ image was required to pass a manifest sweep before the retirement was signed off. The retirement evidence was retained for six years.
  3. DB2 z/OS DR licensing policy documented. The policy was documented in the airline's licensing policy library and cross referenced against the IBM published cold standby allowance. The mainframe team adopted a DR test logging discipline that produced audit ready evidence by default.
  4. Cognos named user governance tied to HR feed. Governance was tied directly to the joiners movers leavers feed. Account creation, account deactivation, and entitled population reporting were aligned on a monthly cycle.

The strategic read across

The airline case is consistent with the wider IBM audit pattern observed across the Redress IBM practice. IBM partner audit teams typically open with claims that combine three pressure points.

  • Physical capacity claim. They count physical capacity where sub capacity should apply.
  • Retired or dormant deployment count. They count retired or dormant deployments alongside active deployments.
  • Excluded scenarios as in scope. They apply licensing rules to scenarios that vendor policy explicitly excludes.

The reduction from forty two million to five point three million is large but not unusual. The Redress IBM practice has run audit defense engagements where the opening claim was higher and the settlement was lower in absolute and percentage terms.

The pattern reinforces the case for continuous audit readiness rather than reactive audit defense. A buyer side Vendor Shield program produces audit ready evidence as a standing operational output, which collapses the response time when an audit notice arrives and reduces the settlement risk before any claim is opened. The 47 step IBM audit defense checklist is the operational core of that program.

Vendor next steps

IBM Services Buyer side advisory across the IBM portfolio → IBM Knowledge Hub The full IBM licensing reference library → Audit Defense Guide Download the 47 step IBM audit playbook →

Related case studies and guides

IBM / Audit Defense
IBM Audit Defense Checklist: 47 Steps
The operational checklist used inside Redress IBM audit defense engagements.
 IBM / CIO Playbook
IBM PVU to VPC Licensing Transition
CIO playbook on the IBM sub capacity transition and ILMT governance.
 IBM / Maximo
IBM Maximo Licensing Guide
Maximo licensing models, audit traps, and renewal preparation.
Audit notice in your inbox?
Start a Conversation

Frequently asked questions

What is US Airline Reduces $42M IBM Claim by 87 Percent?

The customer is a top five US passenger airline operating a hub and spoke network across the continental United States, the Caribbean, and Latin America.

What does the audit and the response cover for buyers?

The customer is a top five US passenger airline operating a hub and spoke network across the continental United States, the Caribbean, and Latin America.

How does Redress run a IBM audit defense engagement?

Triage the IBM notice. Build a position. Run the response protocol. The buyer side strategy is documented in the page above and the audit defense playbook.

What is the typical IBM audit timeline?

From notice to settlement, most IBM audits run 90 to 270 days. The first 30 days are decisive. Triage, scope, and response protocol drive the outcome.

How do we engage Redress on this?

Redress Compliance runs the assessment, builds the buyer side baseline, and supports negotiation, renewal, or audit defense across the program. Contact us to scope the engagement.