IBM Audit Defense: The Complete Playbook, Notice to Settlement
An ILMT lapse is the most expensive line in IBM licensing: in the worked cluster below, full capacity counting multiplies the PVU position 5.3x and turns a compliant estate into a $4.87M claim.
Prepared by Redress Compliance · June 2026 · Representative IBM estate scenario (benchmark scenario, not a quote)
Executive Summary
An IBM audit is not random. It is triggered, and the triggers are visible quarters in advance: cuts to S&S spend, a declining Passport Advantage renewal, a refused Cloud Pak proposal, or an acquisition. If you can see the trigger in your own account, assume IBM's audit nomination process can too.
The claim itself is usually a measurement argument, not a deployment fact. Sub capacity rights depend on ILMT deployed within 90 days, quarterly reports produced, and two years of reports retained. Where the data is missing, IBM counts the full physical cluster, and in our worked scenario that gap is worth $4.87M on a single eight host cluster.
Disclosure decides the claim's size. The Passport Advantage compliance verification clause obliges cooperation on deployment of audited programs; it does not oblige raw ILMT exports, estate wide discovery scripts, forecasts, or cloud roadmaps. Most inflated findings we contest trace back to data volunteered in week one.
Settlement is a negotiation, not an invoice. IBM's two years of backdated S&S is policy, not contract, and across 25 to 40 defended IBM audits in 2024 to 2025, settlements closed at 20 to 35 percent of the opening claim, without a duress renewal attached.
How IBM Selects Audit Targets and What Triggers a Notice
IBM audits roughly on a three to four year cycle for major accounts, but the cycle is not a lottery. Nominations come from the account team's view of revenue risk. The audit letter follows the money leaving, and the formal notice is executed by an appointed firm, typically KPMG or Deloitte, under the Passport Advantage compliance verification clause.
The loudest trigger is a cut to the support annuity. Terminating S&S on part of a product family, moving licenses to third party support, or letting an ELA lapse without a successor all signal an estate IBM no longer monetizes through renewal. An audit restores the leverage.
| Trigger | Why it nominates you | Share of audits |
|---|---|---|
| S&S reduction or third party support move | The renewal annuity shrinks; an audit reprices the exit. | 30% |
| Declining Passport Advantage spend | Falling RSVP level and shrinking renewals flag a disengaging account. | 25% |
| ELA expiry or refused Cloud Pak proposal | A failed sales motion converts to a compliance motion. | 20% |
| Merger, acquisition, or divestiture | Entitlements rarely transfer cleanly; clause gaps surface fast. | 15% |
| Other signals | Hardware refreshes, cloud migrations, expired ILMT contacts. | 10% |
| All defended audits | Redress engagement file, 2024 to 2025 | 100% |
The notice itself names the appointed firm, proposes a kickoff, and attaches a data request that is broader than the clause requires. Nothing in the clause sets the timetable. Scope, schedule, and evidence format are all negotiable, and the negotiation starts with your first reply.
The ILMT Gate: Readiness and the 90 Day Rolling Rule
Sub capacity licensing is a privilege with conditions, not a default. IBM's sub capacity licensing terms require the IBM License Metric Tool deployed within 90 days of your first eligible sub capacity deployment, kept current, and reporting continuously thereafter.
The rule rolls forward. Every new eligible product, new cluster, and new virtualization platform restarts a 90 day clock for coverage. The estates that fail audits are rarely the ones without ILMT; they are the ones where ILMT coverage lagged the estate by two or three quarters.
The readiness checklist
- Coverage: ILMT agents on every partition that can run eligible products, including DR and test clusters.
- Quarterly reports: generated, reconciled, and signed at least every 90 days, per the sub capacity terms FAQ.
- Retention: two years of reports archived and producible at IBM's request.
- Classification: bundled and supporting program components flagged, so free use components never count as paid deployments.
- Ownership: a named ILMT owner with time budgeted; an unowned tool decays in two quarters.
What to Disclose, What to Hold Back, and When to Engage Counsel
The compliance verification clause obliges reasonable cooperation on deployment and use of the audited programs. It is not a subpoena. Every audit we have defended was won or lost on what crossed the table in the first three weeks.
| Request | Your obligation | The buyer side move |
|---|---|---|
| Signed quarterly ILMT reports | Required under sub capacity terms, two year window. | Produce them. They are your best evidence; this is why you reconcile quarterly. |
| Raw ILMT database exports | Not required. The signed report is the contractual artifact. | Decline. Raw data contains unclassified components the auditor will count as paid. |
| Estate wide discovery scripts | Not required where ILMT is the agreed measurement. | Negotiate scope to audited programs on eligible platforms only. |
| Entitlement and proof of purchase records | Yours to present, not the auditor's to reconstruct. | Deliver a reconciled entitlement ledger, never a raw purchase history. |
| Forecasts, roadmaps, cloud plans | Never in scope. | Withhold. These price the settlement, not the compliance position. |
Engage counsel when the letter alleges breach rather than verification, when an acquisition or divestiture sits inside the audit window, or before you sign any settlement that includes a release. Run internal compliance assessments under privilege from day one, so your own working papers are not discoverable later.
Sub Capacity, PVU, VPC: The Math IBM Brings to the Table
PVU licensing prices the processor, not the user. Each core carries a Processor Value Unit rating from IBM's core factor table, commonly 70 PVU per core on two socket x86 and up to 120 on high end Power. Sub capacity counts the virtual cores assigned to the software; full capacity counts every physical core in the cluster.
Cloud Paks run on the newer Virtual Processor Core metric, where one VPC maps to one virtual core. Legacy PVU entitlements convert at fixed ratios, commonly 70 PVU to 1 VPC. Treat any mid audit offer to convert your PVU estate to VPC as a sales motion priced into the settlement, not a favor.
A worked cluster, counted both ways
A representative insurer runs Db2 on a VMware cluster of eight hosts, two sockets of sixteen cores each: 256 physical cores at core factor 70. Twelve Db2 VMs hold four vCPUs apiece. The entitlement ledger shows 4,000 PVUs with active S&S (benchmark scenario, not a quote).
| Position | Count basis | PVUs | Shortfall vs 4,000 entitled | Exposure |
|---|---|---|---|---|
| Sub capacity, ILMT current | 48 virtual cores × 70 | 3,360 | None | $0 |
| Full capacity, ILMT lapsed | 256 physical cores × 70 | 17,920 | 13,920 PVUs | $3,480,000 license at $250 per PVU |
| Backdated S&S demand | 2 years at 20% of license per year | n/a | n/a | $1,392,000 |
| Full capacity claim | One cluster, one product | 17,920 | 13,920 PVUs | $4,872,000 |
Same hosts, same workloads, same product. The only variable is whether the quarterly ILMT evidence exists. That is the entire economic case for the readiness discipline in section 2.
Most opening claim value rests on counting, not deployment.
Across defended IBM audits in 2024 to 2025, full capacity assertions and component misclassification carried 60 to 80 percent of opening claim value. Both are evidence arguments, and both move when the evidence does.
Audits that surfaced a bundling misclassification.
Roughly a third of defended audits counted bundled or supporting program components as standalone paid deployments. The catalog classification work in ILMT removed those lines before they reached the settlement table.
Benchmark ranges: Redress Compliance advisory engagement file, 2024 to 2025. Confirmed against your estate during delivery.
Settling Without Backdating and Without a Duress Renewal
IBM's standard settlement demand has three parts: new licenses at list for the shortfall, two years of backdated S&S, and reinstatement fees where support lapsed. Only the unlicensed use itself is contractually solid. The two year back maintenance figure is IBM policy, and policy is negotiable.
The defense sequence is unbundle, contest, then structure: contest the count first, using sections 2 and 4. What survives becomes a forward looking purchase at your negotiated Passport Advantage discount, with S&S starting at signature, not at the alleged install date. A written release covering the audited period and products closes the file.
| IBM's ask | What it really is | The counter |
|---|---|---|
| Shortfall licenses at list price | The anchor. List assumes zero discount history. | Price at your PA relationship discount, supported by the contested count. |
| Two years backdated S&S | Policy, not a contract term. | Trade away against a faster close or a forward commitment you already planned. |
| Support reinstatement fees | Real where S&S lapsed on a product family. | Scope precisely; reinstatement applies per family, not estate wide. |
| Fold it into a Cloud Pak ELA | A sales quota wearing a settlement costume. | Separate the tracks. Settle the audit, then negotiate any ELA on its own merits. |
One timing note: IBM's fiscal year ends December 31, and audit settlements obey the same quarter end physics as every other IBM deal. A contested claim settles cheaper in December than in February, provided your evidence position is already built and the account team needs the booking.
The Defense Timeline
Classify and contain
Confirm the clause invoked and the appointed firm. Agree scope, schedule, and evidence format in writing before any data moves. Name one response owner, brief counsel, and freeze voluntary disclosure across the organization.
Measure and contest
Reconcile ILMT reports against the entitlement ledger under privilege. Classify bundled components, document sub capacity eligibility, and contest the draft finding line by line, in writing, before any number is treated as agreed.
Structure and close
Price the surviving gap at your PA discount as a forward purchase. Strike the backdated S&S, keep any renewal on a separate track, and close only against a written release covering the audited period.
Recommendation
Build the defense in the quarters before the letter, not the weeks after. Every element of this playbook is cheaper standing than scrambled: ILMT evidence cannot be backfilled, entitlement ledgers take a quarter to reconcile, and a settlement negotiated from a contested count closes at a fraction of one negotiated from IBM's.
- Close the ILMT gap now. The 90 day rule rolls with every estate change, and a lapse converts retroactively to full capacity. The worked cluster's $4.87M swing is the price of two missed quarters.
- Separate settlement from renewal. Contest the count, structure the residual as a forward purchase without backdating, and refuse any close that bundles a Cloud Pak ELA into the release.
Redress Compliance runs this playbook as a standing defense: readiness, evidence, settlement, on your side of the table only. We are glad to tie a meaningful part of the fee to delivered value.
