IBM audit settlements. The CIO negotiation playbook.

A CIO playbook for IBM audit settlements: what is inside the claim, the 60 day evidence sequence, the layer by layer contest, and the commercial wrapper that closes it.

What is actually inside an IBM audit claim?

An IBM audit claim is three stacked numbers: license shortfall at full capacity, back maintenance on the shortfall, and list pricing with no discount. Each layer is contestable, and the layers compound, so attacking the base number attacks the whole claim.

The full capacity layer is the big one. Without accepted ILMT records, IBM's auditors price every core the software could touch, per the sub capacity rules in the IBM Passport Advantage terms.

The three layers to contest

• The metric base: full capacity versus sub capacity, defined on the IBM sub capacity licensing page, is usually 5x to 10x of the claim by itself.
• The time base: back maintenance assumes the shortfall existed for years; deployment records can shorten it.
• The price base: list price with zero discount is an opening position, never the settlement basis.

Why ILMT decides the fight

Sub capacity licensing requires IBM License Metric Tool reports, quarterly, retained for two years. Estates with gaps do not automatically lose; reconstructed evidence from virtualization platforms is regularly accepted in settlement, but it must be built, not asserted.

How does the settlement negotiation actually sequence?

The sequence that works is: control the data room, rebuild the evidence, contest the claim layers in writing, then move the corrected number into a commercial wrapper. Teams that jump to commercial talks against the opening claim negotiate against the wrong number.

1. Scope control: hold the audit to the contractual scope; no fishing expeditions into unrelated estates.
2. Evidence rebuild: ILMT exports, hypervisor inventories, and deployment timelines assembled into a defensible counter position.
3. Written contest: challenge metric base, time base, and price base with documentation, layer by layer.
4. Commercial wrapper: convert the residual exposure into forward spend IBM can book as revenue.

Where the common advice on IBM settlements is wrong

The standard advice is to negotiate the discount on the audit claim, treating the finding as broadly correct. We disagree. In roughly 18 of the 15 to 25 IBM matters Morten Andersen worked in 2024 to 2025, the finding itself was wrong by multiples, almost always on the full capacity layer. The buyer side move is to spend the first 60 days attacking the metric base with rebuilt evidence and only then discuss money. A 50 percent discount on a 10x inflated claim is still a 5x overpayment.

IBM audits settle on evidence and forward revenue. Bring the first, structure the second, and the opening claim becomes a footnote.

How do you structure the commercial settlement?

The settlement that closes is the one IBM's account team can book as forward business: an ELA, a Cloud Pak commitment, or a renewal restructure that absorbs the residual exposure. Cash penalties are the worst outcome for both sides and the easiest to negotiate away.

• Fold, do not pay: residual exposure folds into spend you were going to commit anyway, such as a Cloud Pak or renewal commitment.
• Trade for hygiene: ILMT deployment, baseline acceptance, and a clean compliance statement go into the deal.
• Release language: the settlement must close the audited period completely, with no reopened claims.

Why cash penalties are the worst settlement shape

Cash produces no forward value, books badly for the account team, and signals weakness for the next audit cycle. Every defended matter in our file closed better as restructured forward spend.

What the CIO signs off

The mandate needs three numbers agreed before final talks: the walk away cash ceiling, the acceptable forward commitment, and the compliance posture you will operate afterward. Settlements wobble when those are improvised in the room.

What to do next

1. Acknowledge the audit letter formally and confirm contractual scope in writing.
2. Freeze the estate: no uninstalls or migrations that look like evidence tampering.
3. Rebuild sub capacity evidence from ILMT and hypervisor records.
4. Contest the metric, time, and price layers in writing with documentation.
5. Model the commercial wrapper against planned IBM spend.
6. Negotiate release language that closes the period for good.
7. Deploy and operationalize ILMT so the next audit starts differently.

The IBM practice runs audit defense end to end, and the PVU table guide covers the metric mechanics that drive most claims.

Related advisory: Start with our IBM audit defense playbook, engage the IBM audit defense service, and prepare for IBM audit negotiations before the settlement phase.

Frequently asked questions

How much of an IBM audit claim is typically negotiable?

Most of it. Defended cases in our 2024 to 2025 file settled at 5 to 15 percent of the opening claim, because the full capacity metric base, the back maintenance window, and the list pricing are all contestable layers.

What happens if we never deployed ILMT?

You lose the automatic sub capacity entitlement but not the case. Reconstructed evidence from hypervisor inventories and deployment records is regularly accepted in settlement; it must be assembled deliberately during the defense.

Should we just negotiate a discount on the audit finding?

No. The finding itself is usually wrong by multiples on the metric layer. A 50 percent discount on a 10x inflated claim is still a 5x overpayment; contest the base before discussing money.

What does a good IBM settlement look like?

Residual exposure folded into forward spend you planned anyway, back maintenance waived, a complete release for the audited period, and a compliance baseline accepted so the next audit starts clean.

How long does an IBM audit settlement take?

Plan for six to twelve months. The first 60 days of evidence rebuild set the trajectory; rushing to commercial talks against the opening number is the most expensive mistake available.