IBM Audit Defense: How a Leading Brazilian Retailer Reduced a $9.4M IBM Claim to $1.7M

Client Background

The client — referred to here as RetailCo BR to preserve confidentiality — is one of Brazil's top ten omnichannel retailers by revenue, operating more than 340 physical locations alongside a high-volume e-commerce platform. Its technology estate had grown substantially through three acquisitions over four years, each bringing inherited IBM middleware and analytics infrastructure. RetailCo BR's IBM footprint included WebSphere Application Server, Db2 Advanced Enterprise Server Edition, IBM MQ, and IBM Cognos Analytics — all running across VMware vSphere clusters in two São Paulo data centres, with a cloud extension on IBM Cloud.

The Challenge

IBM Initiates a License Verification with No Warning

IBM's Software Compliance organisation sent RetailCo BR a formal license verification notice in Q3 2024. The letter cited IBM's entitlement to conduct a software audit under the Passport Advantage agreement terms and requested the submission of ILMT sub-capacity reports for the preceding eight quarters, a complete software inventory, and supporting deployment documentation within 30 days.

RetailCo BR's IT leadership immediately recognised two compounding problems. First, ILMT had been deployed only on the original pre-acquisition data centre cluster. The two infrastructure environments absorbed through the 2021 and 2022 acquisitions had never been brought into ILMT scope, meaning IBM's software running on those clusters was unmonitored and could be assessed at full-capacity pricing — effectively treating every IBM product as if it consumed every processor core on every physical host.

Second, the organisation had not produced consistent quarterly ILMT reports. The contractual obligation to generate and retain sub-capacity reports every quarter had been honoured irregularly. IBM's standard position when quarterly reports cannot be produced is to default the organisation to full-capacity for the unreported periods — a position that can multiply licensing exposure dramatically.

The Exposure Calculation

Redress Compliance's initial assessment, conducted in the first week of engagement, mapped the IBM software estate across all three infrastructure environments and modelled two exposure scenarios. Under IBM's worst-case full-capacity calculation — which IBM's auditors were signalling as their opening position — the retroactive liability reached approximately $9.4 million, incorporating back-support and reinstatement fees on top of licence shortfall. Under a defensible sub-capacity position, supported by retroactive ILMT remediation and documented deployment evidence, the exposure range fell to $1.4 to $2.2 million.

The Approach

Phase 1: Scope Control and Disclosure Management (Weeks 1–3)

The first and most critical decision in any IBM audit is what to disclose, when to disclose it, and in what format. Redress Compliance advised RetailCo BR not to respond to IBM's initial data request directly. Instead, we drafted a formal acknowledgement letter that confirmed co-operation, proposed a structured information exchange protocol, and requested a 45-day extension to the original 30-day submission deadline — citing the complexity of the multi-site estate and the recent acquisition integrations. IBM granted a 30-day extension, buying critical time for ILMT remediation.

Simultaneously, our team conducted a full IBM software discovery across all three environments using licence management tooling alongside manual verification. This confirmed that the two acquired environments contained IBM WebSphere and Db2 deployments that had never been reported. It also identified several over-counted instances — IBM software that had been decommissioned but remained on the asset register, which IBM's auditors would otherwise have included in their count.

Phase 2: Retroactive ILMT Remediation (Weeks 2–6)

IBM's sub-capacity terms permit retroactive ILMT deployment provided it is completed before the audit submission — a lever many organisations fail to use because they move too slowly. Redress Compliance coordinated deployment of ILMT agents across the two unmonitored clusters, covering 48 additional servers, and configured BigFix agents across all virtual environments. Once operational, we produced normalised quarterly-equivalent sub-capacity reports for the preceding eight quarters. The reports demonstrated that actual IBM software consumption — measured against cores allocated to IBM virtual machines, not all cores on all hosts — was materially lower than IBM's full-capacity projection. The retroactive data reduced the verifiable shortfall to a defined position on two products: Db2 Advanced Enterprise Server Edition on one acquired cluster, and two WebSphere instances with ambiguous version entitlements. All other IBM products came into documented compliance.

Phase 3: Technical Counter-Submission (Weeks 6–10)

Redress Compliance submitted an eight-quarter ILMT sub-capacity report set to IBM's Software Compliance team, supported by decommissioning evidence for 14 product instances IBM had flagged, Passport Advantage entitlement documentation, and a technical analysis challenging IBM's processor counting methodology across the VMware clusters. The submission quantified RetailCo BR's acknowledged shortfall at approximately $2.1 million at list pricing, framing the remaining gap as a configuration issue rather than a wilful compliance failure — a distinction that carries significant weight in IBM settlement negotiations.

Phase 4: Commercial Settlement (Weeks 10–16)

IBM's response to the technical submission reduced its claim to $4.2 million, accepting the sub-capacity methodology but maintaining its Db2 position and applying a support reinstatement uplift. Redress Compliance entered direct commercial negotiations with IBM's Software Compliance management. In the second round, RetailCo BR agreed to a modest three-year Passport Advantage subscription expansion — consolidating WebSphere to a cloud-addressable licence — structured at below-standard pricing. IBM waived all back-support fees in exchange. The audit closed at $1.7 million payable over 18 months.

Key Lessons

Retroactive ILMT Remediation Is the Most Powerful Lever Available

The single biggest factor in RetailCo BR's outcome was deploying ILMT across all virtualised environments before the audit submission. Every day without ILMT means full-capacity pricing for that period. Organisations underestimate how quickly remediation can be completed when resources are prioritised — and how much it shifts the financial outcome before IBM locks in its position.

Acquisitions Are the Leading Cause of IBM Audit Exposure in Latin America

Acquisitions bring IBM software estates that are never integrated into the acquirer's Passport Advantage agreement or ILMT environment. The exposure surfaces only when IBM initiates a verification. Acquisition integration checklists must include IBM ILMT scope expansion as a day-one action, not an afterthought.

Settlement Is a Commercial Negotiation, Not Just a Technical Exercise

The technical work reduced RetailCo BR's verifiable exposure from $9.4 million to approximately $2.1 million. The remaining reduction to $1.7 million came from commercial negotiation — structuring a modest licence expansion at below-standard pricing in exchange for IBM waiving back-support fees. Understanding IBM's commercial objectives matters as much as understanding its audit methodology.