The Difference Between a Compliance Gap and an Audit Finding
IBM uses the words gap and finding as if they were the same thing. They are not. A compliance gap is a question about your estate. An audit finding is a claim about what you owe. The distance between the two is where your settlement leverage lives.
Two words IBM uses interchangeably
In the audit conversation, the auditor will move smoothly from we have identified a gap to the finding is X dollars. That glide is intentional. It treats an open technical question as if it were a settled liability. Separating the two is the first thing a buyer side defense does, because almost every reduction starts with refusing to let a gap be priced before it has been proven.
What a compliance gap actually is
A compliance gap is a difference between what the auditor's data appears to show and what your entitlements appear to cover. It is provisional. It may exist because ILMT was misconfigured, because sub-capacity evidence was incomplete, because an entitlement was not mapped, or because a product was miscategorized. A gap is a prompt to investigate, not a verdict. Many gaps close entirely once the underlying data is corrected.
What makes a finding a finding
A finding is a gap that has been measured, attributed to a specific product and metric, priced against your agreement, and asserted as owed. For a finding to stand, the auditor needs accurate deployment data, the correct licensing metric, a defensible processor value unit or user count, and proof that no entitlement offsets it. If any of those links is weak, the finding is not yet a finding. It is still a gap wearing a number.
Why the distance between them is your leverage
- A gap can be closed with corrected data before it is ever priced.
- A finding built on the wrong metric collapses when the right metric is applied.
- Sub-capacity wrongly denied turns a full-capacity finding back into a much smaller gap.
- Entitlement offsets the auditor omitted can erase a finding entirely.
Each of these moves the number down, and each depends on treating the auditor's figure as contestable rather than final.
How we convert findings back into gaps
The buyer side method is to run the auditor's claims backward. We take each finding, strip it back to the gap it came from, and test whether the data, metric, and entitlement mapping actually support the number. Where they do not, the finding returns to being an open question, and open questions are negotiated, not paid. This is the heart of challenging findings line by line.
Never let a gap be priced as a finding without proof. Demand the data, the metric, and the entitlement mapping behind every number. Every finding you can return to an open gap is a finding you can correct or negotiate instead of pay.