① Core service · audit defense
When the audit letter arrives, the clock favors the publisher. We take over the clock: scope controlled, data disclosure managed, findings recalculated independently, and the settlement negotiated as a commercial outcome rather than a penalty.
48 hour mobilization Audit notice or renewal under 18 months out? We mobilize within 48 hours.
Get expert help →A mainframe software audit is rarely a routine compliance check. Audit activity is commonly observed around renewal windows, lapsed SCRT submissions, hardware refreshes, and mergers, because that is when leverage is highest for the publisher. Broadcom (CA) reviews typically arrive near renewal. IBM scrutiny typically follows sub capacity reporting gaps or a significant spend drop. Software AG exposure typically sits in decades old Adabas and Natural contracts whose terms no longer match how the estate runs.
The first weeks decide most of the outcome. Estates that hand over unscoped data early spend the rest of the audit negotiating against their own disclosures. Estates that set the perimeter first, what the contract actually permits, which systems are in scope, which methodology applies, control the rest of the process. Sub capacity reporting gaps alone commonly expose estates to full capacity pricing claims that independent recalculation removes.
Five steps, in order
The audit stops being a one sided process. The auditor faces a counterparty that knows the contract clause by clause, has validated the consumption data independently, and has seen the same playbook across hundreds of engagements. Requests that exceed the contract get declined in writing. Findings built on full capacity assumptions get rebuilt on sub capacity reality. And the settlement conversation happens with your renewal calendar in view, so the resolution improves your next agreement instead of mortgaging it.
Across 500+ engagements and $180M+ of mainframe spend negotiated, the pattern holds: initial audit findings are an opening position. Treated as one, they move.
Acknowledge receipt, commit to nothing, and route all communication through one controlled channel before any data leaves the building. The contract defines what the auditor may see; most early requests exceed it. We mobilize within 48 hours to set that perimeter.
Only if and as your contract requires it. Audit clauses typically define scope, notice and tooling. We review the clause first, then agree the methodology in writing before any collection runs. See what audit clauses actually allow.
Commonly 3 to 9 months from notice to settlement. A defined scope, a validated data set and an independent counter position typically shorten the dispute phase substantially.
Yes. Findings commonly rest on full capacity assumptions, stale entitlement records and the broadest possible product mapping. Independent recalculation against SCRT data and actual entitlements regularly removes a large share of claimed exposure before negotiation starts.
Patterns shift, but activity is commonly observed from Broadcom (CA) around renewals, from IBM around reporting gaps and infrastructure changes, and from Software AG on long lived Adabas and Natural contracts.
Audits and renewals are one negotiation in two phases. The settlement should fund the renewal position, not weaken it.
The audit clause you sign today is the audit you defend tomorrow. We rewrite the terms that created the exposure.
The step by step protocol for the most commonly observed mainframe audit scenario.