Mainframe Licensing ExpertsIndependent Advisory

Guide · IBM audit response

The IBM audit letter arrived. First, do these seven things.

An IBM mainframe audit or license review letter is the opening move of a negotiation, not a verdict. What you do in the first 30 days, before any data leaves your building, shapes the entire outcome. This is the buyer side playbook we run.

Get expert help now IBM mainframe audit defense
№ 01

Why the first 30 days decide it

Don't panicDon't volunteer

An audit letter is designed to put you on the clock and on the back foot. The auditor sets a scope, a data request, and a deadline, and the natural reaction is to comply quickly and completely to look cooperative. That instinct is expensive. The position the vendor calculates is only as good as the data you give them, and once raw, unvalidated data is in their hands you have lost the ability to correct it on your terms.

The buyer side approach is calm and procedural. You acknowledge the letter, you read your own contract, you control what data flows and when, and you reconstruct the truth internally before the vendor builds their version of it. Every step below buys you time, narrows scope, or protects a number.

№ 02

The seven moves

First 30 daysIn order

Run them in sequence

  • Acknowledge receipt professionally and route everything through one named owner. Do not agree to scope, timeline, or data format in the first reply
  • Pull the agreement and read the audit clause itself: what the vendor may verify, with what notice, covering which products, and what it explicitly may not demand
  • Freeze the estate's change story: record what is deployed where as of the letter date so later changes cannot be read as concealment
  • Reconstruct and validate your SCRT reports and Rolling 4-Hour Average history for every sub-capacity product. Missing data is the most expensive gap in a mainframe audit
  • Build your own Effective License Position privately, deployment against entitlement, before you see theirs, so you negotiate from a known number
  • Control the data channel: submit only what the clause requires, validated, through one route, with a log of exactly what was shared and when
  • Open the commercial conversation deliberately. Most audits resolve as a negotiation, and a finding is a starting position, not a bill
№ 03

Where audits actually go wrong for buyers

SCRT gapsFull capacity risk

The single most common failure pattern we see is sub-capacity data that was never captured cleanly. If the SCRT reports are incomplete for any month, the vendor's default position is to bill that period as if the machine ran at full rated capacity, which on a large box is a dramatic difference from the Rolling 4-Hour Average you actually consumed. Reconstructing that history, and validating it against your own SMF records, frequently moves the position more than any contractual argument.

The second pattern is scope creep: a request that quietly expands from the named products to the whole environment, or from deployment data to interviews and architecture diagrams. The agreement, not the request list, defines what you owe. We hold the line at the clause.

№ 04

What changes with us on your side

Pattern knowledge48 hour mobilization

We have run this sequence across many IBM engagements and we know which findings hold and which dissolve under validated data. We rebuild your sub-capacity position independently, hold scope to the contract, and turn the audit from a compliance event into a commercial negotiation you control. Directionally, across 500+ engagements and $180M+ in negotiated mainframe spend, the settlements and the renewals that follow typically land 20 to 35 percent below the opening position. On an active audit notice, we mobilize within 48 hours.

№ 05

Frequently asked

FAQ
Q1
Do we have to respond immediately?Acknowledge receipt promptly, but you do not have to accept the scope, timeline, or data request on the vendor's terms in your first reply. Acknowledge, then negotiate scope before any data leaves the building.
Q2
What is IBM allowed to ask for?The audit clause in your agreement governs, not the auditor's request list. Most clauses permit verification of deployment against entitlement with reasonable notice, not unrestricted access or data outside the licensed products.
Q3
What data decides the audit?For sub-capacity products, SCRT reports and Rolling 4-Hour Average peaks drive the numbers. Missing SCRT data is the most common reason buyers get billed at full capacity. Reconstruct and validate it first.
Q4
Should we hand over raw SCRT and SMF data?Only what the clause requires, validated first, through one controlled channel. Raw unreviewed data commonly contains artifacts that inflate the apparent position.

Read the next move before you make it.

Related from the desk: challenging the ELP on IBM audit findings, how to respond to any mainframe audit notice, and reading your SCRT report like a buyer. Hub and service: the IBM buyer side guide and IBM mainframe audit defense.

Audit notice or renewal under 18 months out? We mobilize within 48 hours.

A finding is an opening position. Not a bill.

Get expert help