Buyer side advisory. 500+ enterprise clients across 11 vendor practices. Schedule a Call →
IBM Audit Defense Playbook

The IBM Audit Defense Complete Playbook

An end to end playbook for handling IBM software audits. Triage, ILMT remediation, sub capacity sampling, response posture, and how to convert a bad finding into a clean settlement.

Portrait of Morten Andersen
Written byMorten AndersenCo Founder · ex IBM, ex Oracle
Read Time20 Minutes
Last UpdatedMay 2026

Now that you have the framework

Apply it to your IBM situation.

25 minute call with our IBM practice lead. We will walk through your specific renewal, audit, or contract and tell you what we would do next. No follow up sales pressure unless you ask for one.

Schedule a 25 Minute Review Contact Us
HomeIBM HubWhite PapersThe IBM Audit Defense Complete Playbook
The Short Version

If you read nothing else

Bottom Line

IBM audits are settlement negotiations dressed up as compliance reviews. The playbook is to control disclosure, fix ILMT before measurement, and refuse to convert findings into a renewal. Done well, the typical 7 to 8 figure exposure becomes a settled credit and a clean go forward.

Key Takeaways

Five conclusions

Audits are revenue events. Every IBM audit funds a quota. Treat the auditor as the opening offer in a negotiation, not as a referee.
ILMT is binary. Without continuous ILMT for 90 days, sub capacity rights revert to full capacity. The math is brutal. Fix it before measurement.
Scope the engagement. Audit clauses allow scope, but rarely demand it. Negotiate the scope letter. Lock dates, products, and locations.
Don't volunteer. Answer what is asked. Document what you produce. Refuse anything outside the contract.
Settle separately. Never let IBM bundle settlement with renewal. Sign settlement first, negotiate renewal as a clean transaction.
Recommendations by Role

What to do this quarter

Chief Information Officer
  1. Treat the audit notice as a board level event the day it lands
  2. Appoint a single audit lead and silence all parallel IBM communication
  3. Confirm budget for outside counsel before engaging the auditor
Procurement
  1. Pull the contract scope letter and cap the engagement in writing
  2. Refuse to share any data without a signed NDA addendum
  3. Refuse to bundle settlement with renewal in the same paper
SAM and IT Operations
  1. Verify ILMT is collecting on every PVU eligible host
  2. Run a 90 day report and remediate gaps before measurement
  3. Document every workload move and image template
The Framework

Eight ideas

1. The Audit Notice

IBM serves notice through a partner like Deloitte or KPMG. The notice cites the audit clause and proposes a kickoff call. Reply in writing only. Acknowledge receipt, ask for the engagement letter, and request a scope and timeline. Do not agree to a kickoff before counsel reviews the letter.

2. ILMT Readiness

If ILMT has not collected continuously for 90 days, sub capacity rights are forfeit and IBM measures at full capacity. The fix is to install or restart ILMT, run the 90 day clock, and only agree to measurement after the clock runs. Do not measure during a partial period.

3. Scope and Engagement Letter

The engagement letter sets the rules. Negotiate the scope of products, the locations covered, the data IBM will receive, and how long the engagement lasts. Most audit clauses do not require unlimited cooperation. Push back hard on anything broader than the products you actually run.

4. Data Disclosure

Auditors will ask for raw deployment data, ILMT exports, virtualization topology, and license inventory. Provide what is contractually required. Document every file shared. Never share architecture diagrams, roadmaps, or future plans. Those are not in scope.

5. Sub Capacity Math

Sub capacity licensing is contractual but has rules. Review every PVU calculation, every VPC entitlement, and every cloud workload. Most findings inflate by miscounting cores, misidentifying processor types, or misapplying virtualization caps. Rebuild the math from your data.

6. The Findings Letter

IBM will issue findings with a list price compliance gap and a settlement number. The list price gap is the opening offer. Negotiate down using your contract discount, your renewal leverage, the audit's own errors, and willingness to walk. Typical settlement is 30 to 50 percent of opening.

7. Settlement Posture

Settle the audit on its own paper. Refuse to combine settlement with a new ELA, a renewal, or a cloud commitment. IBM will push hard for the bundle because it disguises the audit cost. Hold the line. Settle, then negotiate the next deal as a fresh transaction.

8. Post Audit Hardening

After settlement, harden the environment. Lock down image templates, document every PVU eligible host, and assign one named owner for ILMT. Schedule an internal audit drill 6 months later. The auditor will revisit. Be ready next time.

Reference

Acronyms

PVUProcessor Value Unit
VPCVirtual Processor Core
ILMTIBM License Metric Tool
ELAEnterprise License Agreement
BCSBusiness Conduct and Standards (IBM internal)
GARGlobal Audit Report (IBM)
Methodology & Sources

This white paper draws on Redress Compliance engagements, public vendor documentation, and the active Redress benchmark program.

Portrait of Morten Andersen
About the Author

Morten Andersen

Co Founder, Redress Compliance
Connect on LinkedIn →
Audit team has made contact?
Start a Conversation
Related

Continue

Oracle
Oracle ULA
Oracle flagship.
 Microsoft
Microsoft EA
Microsoft flagship.
 IBM
IBM Audit Defense
IBM flagship.
 SAP
SAP RISE
SAP flagship.
 AWS
AWS EDP
AWS flagship.
 Index
All Papers
Browse the library.
Skyscraper
Ready?

The advisor your vendors do not want.

Confidential consultation. No follow up sales call unless you ask for one.

Contact UsSee Engagement ResultsGet Monthly Briefings

The Licensing Insider

Vendor intelligence, audit alerts, and negotiation insights once a month. No spam.