Negotiating audit scope before you agree to it.

Q: Will negotiating scope make IBM more aggressive?

Negotiating scope professionally while cooperating with the legitimate verification right is normal. What invites trouble is refusing the audit entirely. Narrowing the request to what the agreement requires is defensible.

Q: What if I have already accepted the scope?

You can still curate what you produce within that scope, reconcile your own numbers before findings are fixed, and challenge the interpretation of the data line by line during reconciliation.

IBM's opening data request reads like a fixed requirement. It is not. The audit clause grants a verification right, and the scope, the products, the period, and the data format are all negotiable. Settling those terms before you produce anything is one of the highest-leverage moves a buyer has. Independent, not affiliated with IBM Corporation.

Most of an audit's outcome is decided by what gets examined, yet most companies never negotiate that. They accept IBM's framing of the scope, fill in the request template, and only start pushing back once findings appear. By then the scope is set and the data is in IBM's hands. The leverage that existed at the start, when scope was still open, has been spent. Treating the scope itself as the first negotiation changes the entire arc of the audit.

The audit clause is a right, not a blank check.

Your Passport Advantage agreement gives IBM the right to verify that your deployment matches your entitlements. That right is real, and refusing it outright is not the play. But a verification right is bounded. It does not entitle IBM to unrestricted access to your environment, to every product whether or not it is in question, or to data in whatever raw form is most convenient for the auditor. The difference between the right IBM has and the request IBM sends is the room you have to negotiate.

The four dimensions worth negotiating.

Scope is not one thing. It is several, and each can be narrowed:

Products in scope. If the trigger relates to specific products, the review should track those products, not the entire IBM estate by default. Confirm what is actually under examination.
The time period. The lookback can run two to five years. Establishing a defined and reasonable period limits both the analysis and the exposure that a full-capacity lookback could otherwise reach.
The data format. A curated, validated production satisfies the verification right. A raw ILMT export or unfiltered discovery scan hands over far more than required and invites the auditor to find gaps for you.
Process and cadence. Who interprets the data, how findings are presented, and how you get to respond before numbers are fixed are all part of the working arrangement, not givens.

Why scope drives the number.

Exposure scales with what is examined and how. A wider product list, a longer period, and a rawer data set all enlarge the surface where a finding can land. Sub-capacity makes this concrete: where tracking evidence is thin, IBM defaults to full-capacity charging, and a longer lookback multiplies that across more periods. Narrowing the scope to what the agreement genuinely requires is not obstruction. It is holding IBM to the boundaries of its own clause, and it directly constrains the size of any eventual claim.

Contain first, then produce.

This is why our method begins with Contain. Control the data request and the clock before anything leaves the network. Establish the scope, validate the data against your own PVU and sub-capacity calculation, and only then produce, in a scoped and defensible form. A buyer who negotiates scope before agreeing to it walks into the reconciliation phase with the examined surface already minimized and their own numbers already in hand.

What this means under audit

Scope is the first negotiation, and it is the one most companies skip. Pin down the products, the period, the data format, and the process before you produce a single file. The verification right is real, but the request is negotiable, and narrowing it is the cleanest way to shrink the claim before it is ever written.

Common questions.

Can I really push back on IBM's data request?

Yes. The audit clause is a verification right, not unrestricted access. The products examined, the period covered, and the format of the data are all open to negotiation, provided you still satisfy the underlying right to verify compliance.

Will negotiating scope make IBM more aggressive?

Negotiating scope professionally, while cooperating with the legitimate verification right, is normal and expected. What invites trouble is refusing the audit entirely. Narrowing the request to what the agreement requires is a reasonable, defensible position.

What if I have already accepted the scope?

There is still room to act. You can curate what you produce within that scope, reconcile your own numbers before findings are fixed, and challenge the interpretation of the data line by line during reconciliation.

Data request on your desk?

We negotiate the scope, contain the request, and reconcile your own numbers before anything reaches IBM.

Explore Audit Defense →

The IBM Audit Brief

Audit triggers, ILMT pitfalls, and settlement tactics for IBM software buyers.

IBM Audit

Independent, buyer side IBM software audit defense and negotiation. Not affiliated with IBM Corporation.

Services

Audit Defense Audit Negotiation ILMT Remediation Sub-Capacity Defense

Products

WebSphere Db2 Cognos Cloud Pak

Company

About Contact Journal White Papers

Independent. Not affiliated with IBM Corporation.Buyer Side · Est. 2019