UK Pharmaceutical Group. IBM audit framework claim resolved through ILMT sub capacity.

A UK pharmaceutical group faced a formal IBM audit built on full capacity counting where ILMT evidence had lapsed. Rebuilding the sub capacity record host by host collapsed the claim to a fraction of its opening value.

What was the IBM audit claim built on?

The claim applied full machine capacity counting to dense virtualized clusters where ILMT evidence had lapsed, converting a managed license position into an eight figure demand. Sub capacity rights under Passport Advantage and the wider IBM software licensing terms are conditional on tool based evidence, and the condition had quietly failed.

The deployment itself was largely compliant. What the company could not do, on day one, was prove it.

Why pharma estates are exposed

• Validated systems. Change controlled environments delay agent deployment and patching, breaking coverage.
• Acquisition layering. Research and manufacturing acquisitions arrive with unmanaged IBM middleware.
• Long lived clusters. Stable infrastructure runs for years while licensing evidence silently decays.

The opening position

IBM's auditors presented the full capacity calculation as the default. Accepting that framing is the single most expensive decision an audited company can make.

How was the defense sequenced?

The defense ran in three tracks: scope control on the audit itself, host by host evidence reconstruction, and a parallel commercial track preparing the settlement frame. Arguing principles was avoided; the file did the arguing.

• Scope control. Every data request was tested against the audit clause. Requests beyond contractual scope were declined in writing, politely and consistently.
• Evidence reconstruction. Historic virtualization configurations, ILMT data where it existed per the ILMT documentation standards, and infrastructure records rebuilt sub capacity eligibility cluster by cluster.
• Commercial track. The remaining true gap was quantified and a settlement structure prepared before numbers were exchanged.

How did the commercial track run in parallel?

While the evidence rebuild ran, the commercial team quantified the true residual gap and designed settlement structures around planned forward spend. When numbers were finally exchanged, the response was ready the same week.

The evidence standard that won

For each cluster the team assembled host configurations, core counts, virtualization caps, and deployment timelines into a defensible eligibility narrative. Where evidence genuinely could not be rebuilt, the gap was conceded and priced, which bought credibility for everything else.

How did the settlement land and what transfers?

The settlement closed at a fraction of the opening claim, structured substantially as forward commitment the company already planned to spend, with quarterly ILMT governance institutionalized as part of the close. The transferable lesson is that audit outcomes track evidence quality, not negotiation theater.

Where the common advice on IBM audits is wrong

The standard advice is to engage IBM cooperatively, share whatever the auditors request, and rely on goodwill to moderate the outcome. We disagree. In the IBM audits Fredrik Filipsson defended in 2024 to 2025, every materially improved outcome came from scope discipline and rebuilt evidence, not from cooperative openness; unscoped data sharing consistently widened the claim. The buyer side move is courteous, written, contractual scope control from the first letter, with full energy spent on the evidence file. Goodwill is not a license metric.

An audit claim is an opening position, not a verdict. The evidence file you rebuild in the next ninety days is what actually prices the settlement.

What to do next

1. On receiving an audit letter, route all communication through one named coordinator immediately.
2. Test every data request against the audit clause before responding; decline out of scope requests in writing.
3. Model your full capacity worst case so the stakes are explicit internally.
4. Rebuild sub capacity evidence cluster by cluster from infrastructure records and ILMT data.
5. Concede and price genuine gaps early; spend credibility where the evidence supports you.
6. Prepare the settlement frame, including forward commitment structures, before numbers are exchanged.
7. Institutionalize quarterly ILMT governance as part of the close.

For the wider IBM picture, start with the IBM knowledge hub or the IBM advisory practice. For an always on review lane across all your vendors, see Vendor Shield.

Related advisory: Start with our IBM audit defense playbook, engage the IBM audit defense service, and prepare for IBM audit negotiations before the settlement phase.

Frequently asked questions

What did the IBM audit claim and how did it settle?

The opening claim was an eight figure full capacity calculation across virtualized clusters. Rebuilt sub capacity evidence and scope discipline settled it at a fraction of that number, structured partly as forward commitment.

Why did IBM apply full capacity counting?

ILMT evidence had lapsed on part of the estate, and sub capacity rights are conditional on that evidence. Where the condition fails, IBM's terms let auditors count full machine capacity.

Can sub capacity evidence be rebuilt after the fact?

Substantially, yes. Historic virtualization configurations, partial ILMT data, and infrastructure records reconstructed eligibility cluster by cluster. Genuine gaps were conceded and priced, which strengthened the contested majority.

Should we share everything IBM auditors ask for?

No. Test every request against the audit clause and decline out of scope requests in writing. In our 2024 to 2025 defense work, unscoped data sharing consistently widened claims rather than building goodwill.

How do you prevent the next IBM audit claim?

Quarterly ILMT governance with named ownership: coverage verified, reports generated, reviewed, and archived. The next audit letter should meet a closed evidence file, not a reconstruction project.