German Automaker. IBM audit closed 90 percent down.

A German automotive manufacturer faced an IBM audit scoped at every global subsidiary. Scope control, ILMT remediation, and an entitlement rebuild closed the claim 90 percent below the opening number.

Why did IBM audit the German automotive manufacturer?

IBM audited the group because integration middleware had spread across plants for a decade while reporting stayed thin. The estate ran IBM MQ and WebSphere in production logistics flows, with Db2 under manufacturing execution data.

The audit notice named every group entity worldwide. The agreements, read closely, bound only the central purchasing entity and named affiliates, and that gap became the first battleground.

• Audit trigger: a decade of middleware growth with no consistent sub capacity reporting.
• Publisher position: group wide scope, full capacity PVU on plant clusters.
• Customer reality: auditable scope was a fraction of the group, and actual use a fraction of full capacity.

How was the audit scope brought under control?

The scope was contested in writing before any data left the company. Mapping every IBM agreement to its signatory entities showed the audit clause reached the contracting parties and named affiliates only, and the response letter held that line.

Why does conceding audit scope cost so much?

Because every additional entity multiplies findings, and findings price at full capacity wherever ILMT is absent. Scope is the multiplier on the whole claim, which is why it must be fought first, not last.

How was the IBM claim itself defended?

With scope settled, the defense remediated ILMT across the in scope estate and rebuilt entitlements from Passport Advantage records across years of decentralized buying.

1. Deploy and verify ILMT coverage across in scope plant and office clusters.
2. Reconstruct allocation high water marks from hypervisor logs for the gap period.
3. Consolidate entitlements bought by different group entities into one defensible baseline.
4. Contest full capacity assertions with the sub capacity terms and retroactive evidence.
5. Negotiate closure on the evidenced position, separate from any renewal discussion.

What did decentralized purchasing do to the entitlement picture?

It hid entitlements. Licenses bought by regional entities over the years never made it into one ledger, and consolidating them closed a meaningful slice of the asserted gap before any commercial concession was discussed.

What was the commercial outcome for the manufacturer?

The audit closed 90 percent below the opening claim, scoped to the contracting entities, with sub capacity eligibility restored and no forced enterprise agreement attached to the settlement.

• Claim reduction: 90 percent off the opening position at close.
• Scope held: the settlement covered the contractually auditable entities only.
• Forward posture: group wide ILMT governance now runs with quarterly review.

What changed in the group's IBM governance afterward?

Purchasing centralized the entitlement ledger, ILMT ownership moved to a named team, and audit response now follows a standing protocol. The next notice will meet a prepared estate.

Where the common advice on IBM audit scope is wrong

The standard advice treats the audit notice as defining the audit: comply, submit the data, and argue about money later. We disagree. In roughly 20 to 30 IBM audit defenses Fredrik Filipsson supported in 2024 to 2025, the single largest value lever was contesting scope before any data transfer, because overbroad scope multiplied findings 2 to 5 times before the PVU math even started. Data handed over under an overbroad scope cannot be handed back. The buyer side move is to map agreements to signatories, hold the audit to the contracting entities in writing, and only then start the evidence work.

What the engagement data shows

Three cuts of our advisory engagement file frame the size of the opportunity.

What to do next

Five moves turn this analysis into a lower invoice on the next renewal.

A sequence you can run this quarter

1. Map every IBM agreement to its signatory entities before any audit arrives.
2. Verify ILMT agent coverage across plant and OT network zones this quarter.
3. Centralize Passport Advantage entitlements from all group entities into one ledger.
4. Write the audit response protocol now: single channel, validated reports only.
5. Reconstruct hypervisor allocation history while the logs still exist.
6. If a notice arrives, contest scope in writing before transferring any data.

White Paper · IBM

IBM Audit Defense Guide

The buyer side framework we use with Fortune 500 clients defending IBM software audits. Read it free.

Read the white paper

Frequently asked questions

What triggered the IBM audit at the German automotive manufacturer?

A decade of middleware growth without consistent ILMT reporting triggered it. The audit notice then scoped every group entity, which the agreements did not support.

How much was the IBM audit claim reduced?

The claim closed 90 percent below the opening position, after scope was held to the contracting entities and the sub capacity position was evidenced.

Can you refuse an overbroad IBM audit scope?

Yes. The audit clause binds the contracting parties and named affiliates, and holding scope to that contractual line in writing is a legitimate and decisive defense move.

Does ILMT remediation during an audit still count?

Yes. Remediating ILMT during the audit converts a default into a curable gap and supports retroactive sub capacity evidence built from hypervisor logs.

Did the manufacturer sign a new IBM agreement to settle?

No. The settlement closed standalone, and the group kept its renewal calendar and negotiation leverage separate from the audit.