IBM audit vs ILMT review vs SAM engagement: know which you are in.

The letter or the call rarely says audit on the first line. It may read as a friendly review, a tooling check or a partnership offer to help you optimize. The label changes the leverage, so the first job is to identify the motion before you respond to it.

A formal audit is a contractual right exercised under your Passport Advantage agreement. It comes with a defined notice period, a data request, a reconciliation and a findings report, and the timeline often runs notice and acknowledgement of about two weeks, a data request of four to six weeks, reconciliation of six to ten weeks, and settlement of four to eight weeks. Everything you return becomes evidence, so containment matters most here.

An ILMT review is narrower. IBM, or a tool partner, looks at whether your sub-capacity reporting actually meets the conditions: deployed within 90 days, running continuously, quarterly reports retained two years. A review that finds gaps can convert your sub-capacity position to full capacity for the affected periods, which is why a clean ILMT estate is a defensive asset, not a formality.

A software asset management engagement is framed as cooperative. The pitch is help with optimization or license position clarity. The risk is that data shared in good faith surfaces an over deployment that becomes a formal finding. Cooperation is fine, but on buyer side terms, with scope and evidence controlled the same way you would in an audit.

Whichever motion you are in, the move is the same at the start: contain the data request, run your own PVU and sub-capacity reconciliation before IBM finishes theirs, and challenge any finding line by line. The difference is leverage. Knowing whether you hold a formal audit, a review or a SAM engagement tells you which rights and timelines you can press, and an independent reading of that on day one is worth more than any concession later.