An IBM audit notice is the start of a six to twelve month negotiation. The first letter back to IBM frames every conversation that follows. ILMT remediation runs in parallel. Settlements typically resolve at 35 to 60 percent of the opening claim with a multi year subscription structure.
An IBM audit notice arrives by email and gives the customer a defined window to respond with a deployment inventory and ILMT compliance evidence. The first letter the customer sends back to IBM frames every conversation that follows. Customers who treat the notice as a compliance finding sign settlements at 80 to 100 percent of the opening claim. Customers who treat it as the start of a six to twelve month negotiation, run ILMT remediation in parallel, and structure the settlement as a multi year subscription routinely resolve at 35 to 60 percent of the opening claim. The framework is well established and produces consistent outcomes across customer scale.
This playbook covers the response sequence we run on every IBM audit. The first 72 hours, the IBM data perimeter, ILMT remediation under active audit, the four phase audit choreography, the settlement structure, and the named pitfalls. For the broader IBM context read the IBM Security and Storage CIO playbook. For the sub capacity deep guide read IBM sub capacity licensing.
Do not run IBM's discovery scripts. The scripts collect data well beyond contractual entitlement. Do not respond to the questionnaire. The questionnaire expands the perimeter for free. Do not allow IBM direct system access. The contractual right is to receive a deployment inventory; it is not to log in to your systems.
| Data category | IBM request | Contractual entitlement | Buyer side response |
|---|---|---|---|
| ILMT reports | Last 24 months | Yes (when sub capacity licensed) | Provide compliant reports. Initiate remediation for gaps. |
| Software inventory | Full estate scan | Yes for IBM products | Provide IBM product inventory only. Refuse non IBM products. |
| Cluster topology | Frequently requested | Limited | Provide topology relevant to sub capacity calculation only. |
| Discovery script execution | Almost always requested | No | Refuse in writing. Provide inventory through customer tooling. |
| Network access | Sometimes requested | No | Refuse in writing. |
ILMT remediation during an active audit is possible and high leverage. The remediation does not retroactively cure prior period gaps but it positions the customer for forward looking sub capacity rights and provides leverage in the settlement negotiation. Customers who initiate emergency ILMT deployment within the first 30 days of the audit notice consistently land better outcomes. The remediation runs the standard six to twelve week sequence documented in our sub capacity guide, compressed where possible to fit the audit timeline.
| Phase | Months | Customer deliverable | IBM deliverable |
|---|---|---|---|
| 1. Perimeter | 0 to 3 | First letter, scope refusal, ILMT remediation initiated | Refined audit scope, formal commencement letter |
| 2. Inventory | 3 to 6 | Compliant ILMT reports, IBM product inventory | Preliminary finding, requests for clarification |
| 3. Quantification | 6 to 9 | Disputed positions, reclassification evidence, prior entitlement evidence | Final finding, opening claim quantum |
| 4. Settlement | 9 to 12 | Multi year subscription proposal, no audit covenant ask | Counter proposals, regional escalation |
| Structure | Typical outcome vs claim | Future entitlement | Buyer side fit |
|---|---|---|---|
| One time payment | 70 to 100% of opening claim | None. Customer remains exposed. | Worst structure. Avoid. |
| Multi year subscription | 35 to 60% of opening claim, year one only | Defined entitlement for term | Standard buyer side recommendation. |
| Trade for new business | 20 to 40% of opening claim | New license purchase paired with audit settlement | Best when customer is expanding the IBM footprint. |
Acknowledge receipt without conceding usage. Route every communication through procurement and external counsel. Engage a buyer side advisor before any deployment data leaves your environment. Do not run IBM's discovery scripts, do not respond to the questionnaire, do not allow the audit team direct system access. Initiate emergency ILMT remediation in parallel.
Six to twelve months in well represented engagements. The first three months are the data perimeter negotiation and the ILMT remediation. Months four to six are the inventory exchange. Months seven to nine are the preliminary finding and dispute. Months ten to twelve are settlement negotiation and signature.
Settlements at well represented customers typically resolve at 35 to 60 percent of IBM's opening claim. The reductions come from ILMT remediation that restores sub capacity rights for affected periods, reclassification of contested products, the multi year subscription structure, and the negotiation of forward looking commitment depth.
Yes. ILMT remediation during an active audit is possible and high leverage. The remediation does not retroactively cure prior period gaps but it positions the customer for forward looking sub capacity rights and provides leverage in settlement negotiation.
Yes. IBM audits are contract disputes. The legal framing of the dispute is the responsibility of external counsel, not procurement.
Yes. The Vendor Shield subscription covers IBM in every tier including audit defense, ILMT remediation, settlement negotiation, and the broader IBM commercial framework.
The full framework. ILMT remediation, sub capacity reclassification, audit settlement structure, and the eight clause redline library for IBM contracts.
Open the white paper in your browser. Corporate email only.
Open the Paper →The standard IBM pitch is that a Cloud Pak ELA simplifies licensing across the WebSphere, MQ, DB2, and Red Hat stack. We disagree on one important point. The Cloud Pak entitlement model trades unit complexity for VPC math complexity, and the VPC consumption assumptions IBM proposes are almost always conservative against the buyer's actual deployment pattern. In roughly three out of four Cloud Pak proposals we have rebuilt, the buyer over committed VPCs by 22 to 41 percent against trailing twelve month deployment data.
Source: Redress Compliance advisory engagement file, 2024 to 2025.
IBM opened at four point seven million on the ILMT compliance gap. Redress drafted the first letter in seventy two hours, initiated emergency ILMT remediation in parallel, and reframed the settlement as a multi year subscription with a no audit covenant. We closed at one point one million on the prior period and locked sub capacity rights for the next three years.
Vendor management, contract negotiation, audit defense, renewal strategy. One firm. Eleven practices.
ELA renewal benchmarks, ILMT compliance signals, sub capacity audit movements, and the redline movements we see across the IBM practice each month.
Once a month. Audit patterns, renewal benchmarks, vendor commercial signals across Oracle, Microsoft, SAP, Salesforce, IBM, Broadcom, AWS, Google Cloud, ServiceNow, Workday, Cisco, and the GenAI vendors. No follow up sales pressure.
Free providers (Gmail, Yahoo, Outlook) cannot subscribe. Work email only. Unsubscribe in one click.
