>
Audit Process & Defense

The IBM Audit Engagement Letter, Clause by Clause

The engagement letter, sometimes called the audit notification letter, sets the rules for the entire audit. Most buyers sign it as received, but several clauses are negotiable and quietly shape the size of the eventual finding.

What the engagement letter is

The engagement letter is the document IBM sends to open the audit. It cites the audit clause in your underlying agreement, names the appointed auditor where one is used, and proposes the scope, the tooling, the timeline and the confidentiality terms. It reads as a formality. It is in fact the frame for everything that follows.

Scope clause

Scope defines which products, entities and territories are under review. A broad scope drags in affiliates and products that need not be there. Confirm that scope matches the contractual audit right being exercised, and that it does not silently expand to entities outside the agreement.

Data collection and tooling clause

This clause states how data will be collected and which tools will be run in your environment. You have a legitimate interest in how scripts run, what they collect, and how output is validated before it leaves. Agreeing to run an unfamiliar discovery tool without review is how inaccurate raw data becomes the basis of a finding.

Confidentiality and your data

Your inventory and deployment data are sensitive. The letter should bind the auditor to confidentiality, limit use of the data to the audit, and provide for its return or destruction afterward. Where the appointed auditor is a third party, confirm those obligations flow to that firm as well.

Timeline and response windows

A typical audit runs to a rhythm: notice and acknowledgement around two weeks, data request 4 to 6 weeks, reconciliation 6 to 10 weeks, settlement 4 to 8 weeks. The letter often proposes aggressive windows. Reasonable response time is negotiable, and time used well is time spent building your own position.

What to negotiate before you sign

What this means under audit

The engagement letter is the one document where you set terms before the audit has any findings. Every clause you tighten now, on scope, tooling, confidentiality and timing, narrows the position IBM can build later.

Audit Defense
We review the engagement letter before you sign and negotiate the clauses that shape your exposure.
Get audit help now →
Keep reading.
Audit Process
The IBM Software Audit Process, Stage by Stage
Audit Process & Defense
IBM Audit Myths That Cost Buyers Money
Audit Process & Defense
IBM Audit Through Deloitte, KPMG and Third Party Auditors

Do not face the IBM audit alone.

$250M+ in exposure defended. 500+ engagements. We mobilize within 48 hours of your audit notice. Independent and buyer side, every time.

Get audit help now →

The IBM Audit Brief

Audit triggers, ILMT pitfalls, and settlement tactics for IBM software buyers.

IBM Audit

Independent, buyer side IBM software audit defense and negotiation. Not affiliated with IBM Corporation.

Services
Audit DefenseAudit NegotiationILMT RemediationSub-Capacity Defense
Products
WebSphereDb2CognosCloud Pak
Company
AboutContactJournalWhite Papers
Independent. Not affiliated with IBM Corporation.Buyer Side · Est. 2019