① Guide · IBM audit response
An IBM mainframe audit is won or lost in the frame, and the frame is set in the opening 48 hours. Control the scope, manage data delivery, and read your own SCRT before IBM does. Here are the seven moves that protect your position before reconciliation begins.
Audits are framed early and defended late.
An IBM software audit typically runs in four stages: notice and scope, data delivery, reconciliation, and settlement. The settlement number that lands months later is shaped by decisions made in the first of those stages, often in the first 48 hours, when the temptation is to be cooperative and fast. Scope agreed wide, data delivered before it is understood, and timelines accepted as imposed all become the ground you defend during reconciliation, when it is far harder to move.
IBM does not usually select audit targets at random. Patterns commonly observed include contract age beyond about three years, deployment growth that outpaces entitlement growth, and a renewal posture that signals reduced spend. None of that is in your control once the notice arrives. What is in your control is how you frame the engagement in the opening days, and that is where the leverage concentrates.
| Window | Move | Why it matters |
|---|---|---|
| Hour 0 to 4 | Acknowledge receipt, commit to nothing. Name one owner. | A single channel prevents stray concessions from well meaning staff. |
| Hour 0 to 8 | Pull the contract and read the audit clause. | The clause, not the notice, defines what IBM may examine and when. |
| Hour 4 to 12 | Confirm scope in writing: entities, products, time period. | Vendors open wide and settle narrow; the scope you accept is the exposure you defend. |
| Hour 8 to 24 | Freeze outbound data. Nothing leaves until validated. | Data sent before you read it hands IBM the first interpretation. |
| Hour 12 to 36 | Validate your own SCRT and entitlement position. | Missing or stale SCRT defaults to full capacity billing; verify it first. |
| Hour 24 to 40 | Agree a delivery timeline, do not accept an imposed one. | Time is a lever; a controlled timeline preserves room to reconcile. |
| Hour 36 to 48 | Brief leadership; decide whether to bring in buyer side support. | Reconciliation runs weeks; the team and the plan are set now. |
Windows are indicative. The sequence matters more than the exact clock; the point is that scope and data control come before any delivery to the vendor.
Whoever reads the data first frames the finding.
For sub-capacity z/OS environments the Sub-Capacity Reporting Tool (SCRT) sits at the center of the audit, because monthly license charges bill on the rolling 4 hour average captured in those reports. If reports are missing, late, or inconsistent, the default is full capacity billing, which can inflate exposure dramatically. The instinct under audit pressure is to hand over the SCRT history quickly to look cooperative. That is the trap.
The disciplined sequence reverses it. You validate your own SCRT and entitlement position first, reconcile contracted capacity against what the reports actually show, and only then deliver what the audit clause requires, in a controlled form, on a timeline you agreed. By the time data reaches IBM you already know what it says, and the reconciliation becomes a conversation between two prepared parties rather than a vendor narrative you are reacting to. This is the core of our audit defense work, and it feeds directly into how we run an IBM contract review.
④ What changes with us in the room
IBM sends the notice on its clock. We reset the clock.
Mobilization on an audit notice
Engagements delivered since 2019
Mainframe spend negotiated on the buyer side
Acknowledge receipt, commit to nothing on scope, timeline, or data, and route the notice to one named owner. Confirm the contractual basis and start building your own entitlement picture before anything leaves the building. Early concessions are hard to claw back.
Often more than buyers assume. The audit clause defines what IBM may examine, the notice period, and the products in scope. A notice reaching beyond the clause can be narrowed in writing. Vendors commonly open wide and settle narrow, so the scope you accept early defines the exposure you defend later.
Not before you read it yourself. SCRT is central for sub-capacity z/OS, and missing reports default to full capacity billing, but data delivered before you understand it hands the vendor the first interpretation. Validate first, then deliver what the clause requires on a timeline you agreed.
In the first 48 hours, while the frame is still open. Reconciliation runs six to ten weeks, and the team, scope, and plan set now shape the settlement that lands at the end. We mobilize within 48 hours of a notice. See our guide to negotiating audit settlements.
Related: IBM licensing hub · audit defense service · negotiating audit settlements · what auditors test
Audit notice or renewal under 18 months out? We mobilize within 48 hours.
Get expert help →