>
Journal · Audit Team
Audit Team

Who should be in the room for an IBM audit.

An IBM audit is won or lost partly on who talks and who stays quiet. Here is the team to assemble, the single point of contact to nominate, and the people who should never freelance with the auditor.

May 2026 · 6 min read · Audit Process and Defense

Audits leak value through casual conversation. An engineer confirming a deployment in passing, or a manager volunteering that a workload is bigger than the records show, can hand IBM a finding that no spreadsheet would have surfaced. Controlling who is in the room, and who speaks, is part of the defense.

The core response team

Single point of contact. One person owns every exchange with the auditor. All data, all answers, and all questions route through them. This is the most important rule in the engagement.

Software asset management lead. Owns the entitlement ledger and the deployment data, and knows where the tool output is wrong.

Infrastructure and virtualization owner. Can explain the hypervisor layout, the capacity allocation, and the sub capacity configuration that determines whether you are charged on virtual or full capacity.

Procurement. Holds the commercial relationship and the renewal leverage that becomes part of any settlement.

Legal. Reads the audit clause in the contract, controls what is contractually owed, and reviews anything before it is signed.

Independent advisor. A buyer side specialist who has seen the same IBM tactics across many audits and can challenge the methodology rather than just answer questions.

Who should stay out of the conversation

Almost everyone else. Individual administrators, developers, and line managers should not be in unscripted calls with the auditor. They answer narrow technical questions in writing, through the single point of contact, with answers reviewed first. The auditor's job is to gather admissions; an undisciplined room makes that easy.

Set the rules before the first call

  • No data and no confirmations go to IBM except through the single point of contact.
  • Technical questions are answered in writing, after review, never live and improvised.
  • Internal estimates and worst case numbers stay internal. The auditor sees verified figures only.
  • Legal reviews any document before signature, including interim acknowledgements.

The right room is small, coordinated, and speaks with one voice. That discipline alone removes a category of findings that come not from the data but from the conversation around it.

What this means under audit

Findings come from loose conversation as often as from the data. Nominate one point of contact, keep the response team small and coordinated, route every answer through review, and keep administrators out of unscripted auditor calls. A disciplined room gives IBM nothing it did not already measure.

Related reading
What to Do in the First 48 Hours of an IBM Audit NoticeDocumenting Your Estate Before the Auditor AsksPost Settlement: Building a Standing Audit DefenseService: Audit Defense
Talk to Audit Defense →Get audit help now

The IBM Audit Brief

Audit triggers, ILMT pitfalls, and settlement tactics for IBM software buyers.

IBM Audit

Independent, buyer side IBM software audit defense and negotiation. Not affiliated with IBM Corporation.

Services
Audit DefenseAudit NegotiationILMT RemediationSub-Capacity Defense
Products
WebSphereDb2CognosCloud Pak
Company
AboutContactJournalWhite Papers
Independent. Not affiliated with IBM Corporation.Buyer Side · Est. 2019