How IBM selects audit targets.

IBM audits are not random. They follow signals in the account record that point to likely under-licensing: a lapsed support renewal, a multi-year gap since the last review, heavy use of high-risk products, and bundling that has drifted past its scope. Knowing the signals tells you when to get your position in order. Independent, not affiliated with IBM Corporation.

Software vendors run audits where the expected recovery is highest. IBM is no different. The selection is driven by the account history and deployment profile, and most of the inputs are things a buyer can see in their own record before IBM acts on them. The patterns below are the ones that move an account up the list.

Support non-renewal is the loudest signal.

When a customer lets Subscription and Support lapse on a product but keeps running it, IBM has a clean read that deployment may have outpaced entitlement. The product is still in use, the relationship has cooled, and the recovery case is straightforward. Non-renewal of S and S is one of the most reliable audit triggers there is. Requesting support for a product that does not appear in the entitlement record sends the same signal from the other direction.

A multi-year gap since the last review.

Estates drift. Three or more years without an audit is long enough for virtualization changes, new clusters, and user growth to pull deployment away from the original purchase. IBM knows this, and a long quiet period on a sizeable account is itself a reason to look. The longer the gap, the larger the lookback that can follow, and that lookback can run two to five years of back charges at full-capacity rates.

Heavy use of high-risk products.

Some products carry more audit exposure because their metrics are easy to get wrong. Concentrated use of these draws attention:

WebSphere and MQ, where sub-capacity and PVU counting on virtualized hosts is easy to miscalculate.
Db2, where bundled and restricted-use editions get stretched past their allowed scope.
Cognos, Maximo and Tivoli, where user counting and bundled components create quiet over-deployment.

The common thread is a metric that depends on configuration. When the count is sensitive to how the software is deployed, the odds that the record and the reality have diverged go up, and so does the audit value.

Bundling that has drifted past scope.

Many IBM products ship with a restricted-use component, most famously the Db2 bundled with Cognos for its content store. That entitlement is limited to supporting the parent product. Using it as a general-purpose database is a finding IBM looks for specifically, because it is common and easy to evidence. The same logic applies to a Cloud Pak bundle whose entitlement is stretched across workloads it was never meant to cover.

Corporate change and license transfer.

Mergers, acquisitions, and divestitures move software between legal entities, and IBM licenses do not always travel cleanly. A transaction that changes who owns or runs a deployment is a natural moment for IBM to test whether the entitlements followed the software. Rapid infrastructure change of any kind, a cloud migration, a data center consolidation, a virtualization refresh, raises the chance that deployment has outrun the paperwork.

What this means under audit

If your account shows any of these signals, treat an audit as a question of when, not if, and build your position before the notice arrives. The single worst move is to return raw data to IBM before your own PVU, sub-capacity, and entitlement picture is reconciled. The selection signals that put you on the list are the same ones a buyer side review can get ahead of.

Common questions.

Does non-renewal of support guarantee an audit?

No, but it is one of the strongest signals. Letting support lapse while continuing to run the product tells IBM that deployment may exceed entitlement, which raises the expected recovery and moves the account up the list.

How far back can an IBM audit look?

The lookback commonly runs two to five years. Where sub-capacity evidence is missing for a period, IBM can apply full-capacity charging across that window, which is what makes a long gap since the last review so costly.

Can I reduce my profile before an audit?

Yes. Reconciling entitlements, fixing ILMT and sub-capacity evidence, and correcting bundling overreach all lower the exposure an audit would find. The work is most effective before a notice lands, which is the point of a proactive review.

See the signals in your own account?

We build your buyer side position before IBM finishes theirs, from first notice to signed settlement.

Explore Audit Defense →

The IBM Audit Brief

Audit triggers, ILMT pitfalls, and settlement tactics for IBM software buyers.

IBM Audit

Independent, buyer side IBM software audit defense and negotiation. Not affiliated with IBM Corporation.

Services

Audit Defense Audit Negotiation ILMT Remediation Sub-Capacity Defense

Products

WebSphere Db2 Cognos Cloud Pak

Company

About Contact Journal White Papers

Independent. Not affiliated with IBM Corporation.Buyer Side · Est. 2019