Defining the Scope of an IBM License Audit

Negotiate , not agree, the scope of the IBM license audit before you start


When an organization receives notice of an IBM audit the wording is generic and the scope very wide. For example:  “all IBM distributed IPLA and mainframe (IPLA and MLC) products deployed in clients IT environment”. 

“all IBM distributed IPLA and mainframe (IPLA and MLC) products deployed in clients IT environment”. 

extract from IBM license audit letter

This is intentional by both IBM and the auditor.  The auditor doesn’t know what you have and will want as much latitude as possible to search for compliance gaps.

It is in the interest of the organization being audited to proactively develop and negotiate the scope for the IBM license audit. 

Time spent on the IBM license audit scope can significantly reduce the effort for both parties and the final settlement costs with IBM later.

Topics in the IBM license audit statement of work

Outlined below are a list of areas you should consider when negotiating the scope for an IBM license audit.  You may not get all the concessions, but you won’t know until you ask.

Mainframe or Servers in scope for IBM Audit

It is not common to remove mainframe / MLC products from scope of an initial IBM license audit.  IBM may wish to retain the right to do a mainframe audit later.

Entities in scope for IBM license audit

A list of the legal entities being audited should be defined.  You may be able to make an argument to exclude an entity from the audit.  If it has only recently been acquired or divested.  Or it had recently undergone an audit.

Locations or Geographies included in IBM license audit

All countries in which you are trading are included by default in an IBM audit. You may be able to exclude certain locations if you can argue they are covered by a separate IBM agreement.  E.g. Japan.

You may also be able to exclude certain locations if it will be particularly difficult to collect the required information or there was a recent audit carried out locally.

Passport Advantage Sites in IBM license audit

Ask the auditor to provide a list of the Passport Advantage (PA) site numbers that will be included in the audit.  This determines the products and license entitlement they auditor will be focused on.  It is not unusual for PA site to be missing from the list.  It will be a decision for you if you want to include them or not.

IBM Products in scope for audit

An IBM auditor will say all products deployed (not just in use) by the client.  You will want to turn this into a specific list of products.  It is usually acceptable to the auditor the products listed in your PA sites are the ones in scope.  You will want to make it clear that unless a product is specifically listed it is not in scope for audit.

Products measured by ILMT

You may be able to reduce the IBM products in scope for an audit even further by negotiating with the auditor to focus on products that can be measured by ILMT.

ILMT tracks the deployment and usage of products with a PVU, RVU or similar core-based metric.  They are usually the products with the highest risk due to sub-capacity license rules.  They are also considerably easier to collect deployment information on than user-based products.  Where time or resources are an issue an auditor (with agreement of IBM) may make this concession.

Specific Enterprise Applications

You may be able to exclude certain enterprise applications from a standard license audit.  Common reasons include:

  • Unusually complex license metric
  • Specialist skills required but not available to prepare evidence
  • Low risk of compliance gap
  • Sold by a different business unit in IBM

Products to exclude by default

Unless there is a very compelling reason you should look to exclude these product categories from the audit to save everyone time and resources

  • SaaS Products
  • Artificial Intelligence Products
  • Hardware, Systems and Appliance Products
  • Red Hat Products


It is in the interest of the organisation getting the IBM license audit that they document the scope.  Very often you can negotiate with the auditor to reduce scope once documented.  This will reduce the effort for all concerned.  It also may remove a product you are under licensed for.