>
Audit Process & Defense

IBM Audit Through Deloitte, KPMG and Third Party Auditors

IBM rarely runs its software audits with its own staff. It appoints a third party firm, often Deloitte or KPMG, to collect your data and produce the findings. Knowing who you are dealing with, and what their commercial incentives are, changes how you respond.

Why IBM uses third party auditors

An IBM software audit usually arrives as a letter from IBM, but the people who collect your inventory data and write the findings are typically contracted from an external firm. IBM appoints a licensing or compliance practice, commonly inside one of the large advisory firms, to run the measurement work. This lets IBM keep the commercial relationship at arm's length while a third party produces a report that carries the appearance of independence.

For the buyer, the practical effect is that the audit motion is run by people who do this full time, follow a fixed methodology, and report into IBM. They are thorough, and they default to interpretations that favor the vendor.

What the auditor is actually contracted to do

The appointed firm is engaged to measure your deployment against your entitlements and to surface gaps. Its scope is defined by IBM, not by you. The auditor collects data, runs it through IBM PVU and sub-capacity rules, and produces a findings report. It does not represent your interests, and it is not obligated to credit entitlement offsets you do not raise yourself.

The independence question

Buyers often assume that because a respected accounting brand is on the report, the numbers are neutral. The measurement may be competent, but the framing is not buyer side. Default assumptions on core counts, virtualization eligibility and bundling all tend to resolve in IBM's favor unless challenged with evidence. The report is a starting position for negotiation, not a settled fact.

How the data request works

The auditor sends a data request: server inventories, ILMT reports, deployment records and entitlement documents. How much of this leaves your network, and in what form, is the single biggest lever you control. Returning raw, unscoped data lets the auditor build the largest defensible claim. Curating a scoped, accurate, defensible response is the difference between a clean result and an inflated one.

How we defend against a third party audit

Our approach does not change because Deloitte or KPMG is on the other side. We Contain the data request and the clock, Reconcile our own PVU and sub-capacity position against your entitlements before the auditor finishes theirs, Challenge the findings line by line, and Settle the number down. The auditor follows a methodology. We hold them to it, and to IBM's own published rules.

What this means under audit

A third party auditor's report is the vendor's opening position, not a verdict. The same buyer side moves apply: control the data, reconcile independently, and challenge every finding against IBM's own rules before any number is agreed.

Audit Defense
We run the buyer side defense against IBM and its appointed auditors, start to finish.
Get audit help now →
Keep reading.
Audit Process
The IBM Software Audit Process, Stage by Stage
Audit Process & Defense
IBM Audit vs ILMT Review vs SAM Engagement: Know Which You Are In
Audit Process & Defense
When to Bring in Independent Audit Defense

Do not face the IBM audit alone.

$250M+ in exposure defended. 500+ engagements. We mobilize within 48 hours of your audit notice. Independent and buyer side, every time.

Get audit help now →

The IBM Audit Brief

Audit triggers, ILMT pitfalls, and settlement tactics for IBM software buyers.

IBM Audit

Independent, buyer side IBM software audit defense and negotiation. Not affiliated with IBM Corporation.

Services
Audit DefenseAudit NegotiationILMT RemediationSub-Capacity Defense
Products
WebSphereDb2CognosCloud Pak
Company
AboutContactJournalWhite Papers
Independent. Not affiliated with IBM Corporation.Buyer Side · Est. 2019