IBM License Audit – Initial Response


You have received an IBM license audit notice, what should you do next? Don’t panic. This post will share with your some of the steps to consider in the first week of receiving an IBM notice letter.

Invoke Vendor Audit Protocol

Many large organisation will have experience with vendor audits and will have developed a protocol or playbook to help guide their teams .  Find out if one exists and use it to help setup the audit response project.  In the absence of an official document look for someone who has been involved in a vendor audit before to offer you guidance.

Verify Audit Request

Verify it’s a formal audit request.  Check who it’s from, wording, date and the scope.  Also check if there are any audit protections in your license agreements.

Does your IBM Account Manager Know?

License audits as a rule must be approved by an Account Manager or Country Manager. The last thing a sales person wants is for an audit to be called in the middle of a deal cycle or after the client has made a recent investment. There may of course be exceptions to this. Inform your Account Manager of the audit and ask them to explain why you are being targeted. Ask them to cancel the audit. If you cannot get a cancellation look for a postponement of 6-12 months. You’ll need this time to get prepared.

Inform Stakeholders

A number of stakeholders will need to be informed that an IBM audit notice has been received and that your organisation is preparing a response.  Stakeholders to be informed include:

  • Office of CIO or CFO (sponsor)
  • Office of the CISO
  • Group Procurement
  • Internal Risk and Compliance
  • Legal
  • Software Asset Management
  • BigFix/ILMT Team
  • Head or IT Infrastructure
  • Project Management Office

The office of the CFO in particular will need to be informed early as they will need to prepare for an unbudgeted expense.

Single Point of Contact (SPC)

A Single Point of Contact (SPC) should be assigned as soon as possible.  They will be responsible for all communication related to the IBM license audit. Between organisation and the auditor but also internally. An IBM se audit will be of interested to many teams and senior executives given the financial risk.

Initiate an Audit Defence Project

An IBM license audit is a significant project and needs to be resourced and managed as such.  A formal project with a budget and team assigned is necessary to ensure successful outcome.

Information Management (lockdown)

Depending on the size of your organisation you will need to inform all staff that there is a vendor audit in progress and that all communication with IBM or IBM Business Partner must go through the SPC. The communication lockdown applies to IBM Account Managers, resellers, consultants, IBM support and any other party affiliated with IBM. This instruction must come from senior management to emphasise the seriousness.

IBM License Consultants

An IBM license audit is not a project you want to do alone. To ensure an optimum outcome you will need the support of IBM license consultants.  They will bring the deep license expertise and experience in defending IBM license audit your in house team may not have.

Confirm receipt and Conditional Support

Final step is to respond to the IBM license auditor confirming receipt of the notice.  Make it clear who the point of contact is for all communication and that you will be in contact.


No organisation welcomes the disruption and potential unbudgeted expense an IBM license audit. The steps suggested in this article should give you confidence in your initial response to the auditor and establish a strong basis for your audit defence project.

An IBM audit is an unusual event for a business and can be costly if not managed correctly. Getting help in your preparation and negotiations can significantly reduce the final costs and will ultimately lead to a more satisfactory conclusion.

The Guide to Responding to an IBM License audit will provide more detail and links to related articles

Leave a Comment