① Guide · Audit defense
An audit notice is a negotiation that has not announced itself yet. What you do in the first two weeks sets the ceiling on what it costs. This is the seven step protocol: acknowledge without conceding, control the scope, reproduce the measurement yourself, and never volunteer data before the contract requires it.
The letter is designed to make you move fast and on the vendor's terms. The right first response does the opposite.
A mainframe software audit rarely begins because a vendor suspects wrongdoing. It begins because the publisher has a revenue target and an audit clause that lets it open the books. The notice arrives written to imply urgency and broad access, and many buyers concede both before reading what the contract actually grants. That early concession, running the scripts, sharing raw data, accepting the vendor's metric mapping, is where most of the eventual cost is set.
The mainframe makes this both harder and easier. Harder because the measurement is technical and unfamiliar to procurement. Easier because the data that decides the outcome, your SCRT submissions and R4HA history, is data you already hold and can validate independently. Handle the first two weeks with discipline and you convert an audit into a routine reconciliation. For the underlying work see mainframe audit defense, and for the document you are reacting to, what your audit clause actually allows.
Reply that you have received the notice and will respond per the agreement. Do not confirm scope, agree to a kickoff date, or accept proposed tooling in that first message. A short, professional acknowledgment buys time and signals that the process will run by the contract, not the vendor's calendar.
The clause defines what the vendor may inspect, how much notice it owes, who bears cost, how often it may audit, and what counts as a breach. Most clauses are narrower than the notice implies. Knowing the boundary is what lets you decline overreach without appearing obstructive.
Route every request through one owner, usually sourcing with mainframe support behind them. Auditors gather leverage from casual answers given by engineers who do not know the commercial stakes. One channel means one consistent, considered position.
Before any data leaves your shop, run your own count. Pull your SCRT reports, validate the R4HA peaks, map products to entitlements yourself. When you know your real position, the vendor's number stops being the only number in the room.
Provide the specific data the clause obliges, in the format it specifies, and nothing beyond it. Vendor scripts often collect more than the entitlement question needs. Volunteered data becomes the basis for the next finding. Answer the question asked, not the one implied.
The vendor's draft findings, the ELP, rest on assumptions: which capacity counted, how a metric was mapped, whether a product was truly in production. Each assumption is contestable with your independent baseline. Treat the first ELP as an opening offer, never a verdict.
Most mainframe audits resolve into a commercial conversation, often a renewal or a forward purchase. Fold the finding into a deal that caps the uplift, fixes the metric going forward, and disciplines the next audit. When a notice lands with a renewal under 18 months out, we mobilize within 48 hours.
| Vendor request | What buyers often give | The disciplined response |
|---|---|---|
| Run our audit scripts | Full unfiltered output | Validate what they collect; provide contract data instead |
| Immediate kickoff call | A date within days | Schedule per the notice period in the clause |
| Access to all LPARs | Estate wide visibility | Scope to the products and systems named |
| Raw SMF data | Months of unreviewed records | Your validated SCRT report for the period required |
| Sign the ELP | Acceptance under deadline pressure | Counter with your independent baseline |
Audit clauses, notice periods, and vendor conduct vary by agreement and are described here as patterns commonly observed, not fixed policy. Your contract governs.
The contract sets the clock, not the vendor email. Most audit clauses give a notice period and a reasonable response window measured in weeks, not days. Acknowledge receipt, then respond on the timeline the agreement allows rather than the one the vendor implies.
Not before you have validated what the scripts collect, how the output will be interpreted, and whether the contract actually requires them. On the mainframe, the data that matters is your own SCRT and R4HA history, which you control. Reproduce the measurement independently before you hand anything over.
Yes. An audit finding is an opening position, not a settled bill. Effective License Position calculations commonly rest on assumptions about capacity, metric mapping, and product entitlement that a buyer can challenge with independent measurement and a careful contract reading.
Audit notice or renewal under 18 months out? We mobilize within 48 hours. Already inside the notice window? We step in as your single point of contact today.
Control the clock, reproduce the count, and settle on commercial terms.
Related guides: responding to an IBM mainframe audit letter, the BMC audit notice response protocol, and building your mainframe software inventory. Explainers: what audit clauses allow and reading your SCRT report. Commercial: mainframe audit defense.