IBM does not audit at random. A short list of account conditions reliably raises your risk, and most of them are visible to you long before they are visible in an audit notice. Use this checklist to score your own exposure and act on the items you can control.
The trigger checklist.
- Support non renewal. Letting subscription and support lapse on a deployed product is one of the strongest signals. It tells IBM the software is still running on an unsupported entitlement.
- Three or more years since your last audit. Audit cadence is real. The longer the gap, the higher the probability that your number is up.
- Heavy use of high-risk products. WebSphere, Db2, Cognos, MQ, Maximo and Tivoli carry complex metrics and draw scrutiny.
- Requesting support for an unlicensed product. Opening a ticket for software IBM has no record of you owning is a direct flag.
- Bundling misuse. Using a component beyond its permitted scope, such as a Db2 entitlement bundled with Cognos being run as a general database.
- Mergers, acquisitions and divestitures. Any corporate change that moves software between legal entities.
- Rapid growth or virtualization change. New clusters, new hosts and migrations onto Power LPAR can lift your processor value unit count without new purchases.
- A broken or missing ILMT. No continuous sub-capacity tooling means IBM can default you to full-capacity charging across the lookback.
Scoring your own risk.
Count how many items apply to you today. One or two is normal and manageable. Three or more, especially if a support non renewal or an ILMT gap is on the list, means you should be building your compliance position now rather than waiting for a letter. The items are not equally weighted: tooling and support status are the ones IBM can verify remotely without your cooperation.
The checklist is a prevention tool, not a prediction. Every item you close before the notice arrives is leverage IBM no longer has. The two highest value moves are keeping ILMT running continuously across the whole estate and never letting support lapse on software you still run. Both are entirely within your control.
Frequently asked questions.
Does a clean checklist mean I will not be audited? No. It lowers your probability and, more importantly, means that if you are selected the findings will be small. Prevention is about shrinking the exposure, not guaranteeing you are skipped.
How far back can an audit reach? The reconciliation lookback commonly runs two to five years, which is why a tooling gap from years ago can still drive a back payment today.
What is the single most important item? Continuous, correctly configured sub-capacity tooling. Without it, IBM can charge your virtual deployments at full-capacity rates regardless of actual usage.