ibm licensing

How to Respond to an IBM Audit Notification

ibm licensing

How to Respond to an IBM Audit Notification

How to Respond to an IBM Audit Notification (Revised)

  • Manage the process carefully, addressing information requests and discrepancies promptly.
  • Review the audit notification to understand the scope, entity, and timeline.
  • Validate IBM’s audit rights as per your contract.
  • Acknowledge receipt promptly and designate a single point of contact.
  • Prepare internally by educating stakeholders, gathering documentation, and reviewing compliance.
  • Negotiate the audit scope and approach to minimize business disruption.

IBM Audit Letter Response

IBM Audit Letter Response

Review the Audit Notification Carefully

When you receive the audit notification from IBM, carefully review the contents to determine important details such as:

  • The targeted legal entity being audited
  • The intended scope of the audit (e.g., ILMT-only vs. full audit)
  • The name of the third-party auditor (usually Deloitte or KPMG)
  • The proposed timeline for the audit

If you have concerns about the timing or the selected auditor, raise those concerns promptly with IBM.

Validate IBM’s Right to Audit

Confirm that IBM has the contractual right to conduct the audit under the terms of your Passport Advantage Agreement (IPAA), specifically Section 1.12 on Compliance Verification. Check for any exceptions that may prevent the audit.

Respond Promptly

After validating the audit request, respond to IBM to acknowledge receipt of the notice and confirm your willingness to cooperate, subject to negotiating the scope and timing. Designate a single point of contact within your organization to manage all communication and information flow with the auditor.

This ensures you maintain a complete record of all data provided.

Prepare Internally

  • Educate procurement, IT, and legal stakeholders about the audit response protocol. Ensure they immediately report audit notifications to your software asset management team.
  • Establish clear roles and responsibilities for each stakeholder involved in the audit process. Have a documented, repeatable framework in place.
  • Gather your license entitlement data, including purchase records, Proofs of Entitlement, and contract terms. Verify this matches your current software deployments.
  • Conduct an internal review to identify any potential compliance gaps. If necessary, purchase additional licenses to become compliant before the audit begins.

Negotiate Scope and Approach

Discuss the proposed audit scope and approach during the kick-off meeting with IBM and the auditor.

Ensure it aligns with your contractual arrangements, organization structure, and available data sources. You can propose alternative approaches if the auditor can still effectively verify compliance.

For example, if their suggested scripts would violate your security protocols, offer equivalent data sources instead.

The Passport Advantage agreement states the audit should be conducted to minimize disruption to your business. For this reason, you can request adjustments to the timeline and approach to reduce the impact on your operations.

Manage the Audit Process

  • Carefully review each information request from the auditor. Understand why each item is needed and how it will be interpreted. Explain any apparent license shortfalls due to nuances in your IT environment the auditor may not know.
  • If discrepancies are found in the auditor’s initial findings, you usually have a week or two to review and respond with corrections before it is finalized and handed to IBM.

The keys to a successful IBM audit are preparation, attention to detail, and effective communication. Accurate license positions, deployment data, and a clear response framework will help you navigate the process as smoothly as possible.

Read about IBM Audit Defense Service.

Received an IBM Audit Letter? Get help from our IBM Audit Experts.

Please enable JavaScript in your browser to complete this form.

Author

  • Fredrik Filipsson

    Fredrik Filipsson brings two decades of Oracle license management experience, including a nine-year tenure at Oracle and 11 years in Oracle license consulting. His expertise extends across leading IT corporations like IBM, enriching his profile with a broad spectrum of software and cloud projects. Filipsson's proficiency encompasses IBM, SAP, Microsoft, and Salesforce platforms, alongside significant involvement in Microsoft Copilot and AI initiatives, improving organizational efficiency.

    View all posts