Client Background
The client — anonymised throughout this case study at their request — is a diversified energy and infrastructure conglomerate headquartered in the UAE, with operations spanning upstream oil and gas, downstream refining, power generation, and utilities infrastructure across five countries in the Middle East and North Africa region. The organisation employs approximately 14,000 staff and maintains a complex, highly virtualised IT environment built on IBM middleware, database, and analytics products deployed across on-premises data centres and hybrid cloud infrastructure.
IBM software had been part of the client's technology estate for over a decade, procured through a mix of Enterprise Licence Agreements, individual Passport Advantage orders, and several legacy acquisition transactions following corporate mergers. This fragmented procurement history meant the organisation had never established a consolidated view of entitlements versus deployments — a condition that created acute exposure the moment IBM initiated a formal audit.
The Challenge
IBM issued a formal Software Verification Letter to the client's group CIO in Q3 2025, triggering a 90-day audit window under the Passport Advantage Agreement. IBM's audit team, supported by an external verification firm, requested eight quarters of ILMT audit reports, a full inventory of IBM software deployments across all physical and virtual environments, and evidence of sub-capacity licensing compliance for virtualised workloads running IBM DB2, WebSphere Application Server, MQ Advanced, and Cognos Analytics.
The ILMT Gap
The client's internal IT team quickly identified a fundamental problem: ILMT had been deployed inconsistently. Three of the client's seven data centres had no ILMT agents installed at all. A fourth had ILMT deployed but had not generated a compliant audit report in 19 months due to a configuration error introduced during a VMware vSphere upgrade. Without continuous ILMT reporting across all virtualised environments, IBM's position was clear: sub-capacity licensing rights were forfeited for those environments, and full-capacity licensing applied. On IBM's initial calculation, this forfeiture alone created a $6.1 million gap.
The Entitlement Reconciliation Problem
The second layer of exposure related to entitlement credits the client had never claimed. Following two corporate acquisitions in 2019 and 2021, the acquiring entity had inherited IBM licence portfolios from both acquired companies. Those portfolios — held under separate Passport Advantage customer numbers — had never been consolidated into the parent entity's licence pool. IBM's audit assessment treated the parent entity's deployments against the parent entity's entitlements only, ignoring $1.4 million in transferable credits held under the legacy customer numbers.
The third exposure layer involved IBM Middleware products deployed in development, test, and disaster recovery environments that were not covered by IBM's standard non-production deployment allowances. IBM's field audit identified 34 non-production server instances running licensed IBM software without explicit non-production entitlements, adding a further $1.2 million to IBM's initial demand.
Received an IBM audit notification?
We've managed 60+ IBM audit defense engagements. Get independent advice before responding to IBM.The Approach
Redress Compliance was engaged within 72 hours of the client receiving IBM's Software Verification Letter. The engagement proceeded in five structured phases over 11 weeks, with the client's legal team, IT infrastructure leads, and procurement function involved throughout.
Before producing a single piece of data for IBM, Redress established a complete entitlement baseline. All Passport Advantage agreements, legacy customer numbers from the two acquisitions, and individual purchase orders were consolidated into a single entitlement ledger. The client was advised to request a 30-day extension from IBM's audit team — standard practice that IBM routinely grants — to allow for proper preparation. IBM confirmed the extension within five days.
Redress coordinated with the client's infrastructure team to deploy ILMT agents across all previously uncovered data centres and to rectify the configuration error in the fourth environment. While ILMT data from uncovered periods could not be retroactively generated, IBM's published audit policy provides that organisations which demonstrate good-faith remediation efforts and submit compliant ILMT reports by the audit response deadline may negotiate a grace period for prior non-compliant periods rather than defaulting automatically to full-capacity licensing. This policy position became a central element of the negotiation strategy.
Using ILMT data combined with a manual discovery exercise across environments where ILMT data was not yet available, Redress constructed an Effective Licence Position (ELP) covering every IBM product in scope. The ELP identified that IBM's initial assessment had overstated deployment volumes for DB2 by calculating per-core rather than per-PVU at the client's specific hardware configuration, reducing that exposure by $840,000. The ELP also confirmed that all 34 non-production instances IBM had identified were running on hardware qualifying for IBM's non-production deployment provisions under the applicable product-specific licence terms — a position IBM had not applied in its initial assessment.
Redress worked with IBM's Passport Advantage team to initiate the formal consolidation of the two legacy customer numbers into the parent entity's account. IBM's internal consolidation process requires completion of a Customer Master Agreement amendment and a customer number merge request, a process that takes four to six weeks and must be initiated before the audit response submission. The $1.4 million in transferable entitlement credits from the legacy portfolios were formally recognised and applied to the audit position.
With the revised ELP, ILMT remediation documentation, and consolidated entitlement position, Redress led a structured negotiation with IBM's audit settlement team. The negotiation presented IBM with a final compliance position of $2.8 million before application of entitlement credits, reduced to $1.4 million after credits. IBM's audit team accepted the ELP methodology and ILMT remediation argument, and agreed to treat prior ILMT non-compliance periods as subject to a one-time commercial resolution rather than full-capacity retroactive billing. The final settlement was agreed at $1.2 million, payable as a combination of new licence acquisition and a three-year maintenance agreement at negotiated rates.
The Outcome
The final settlement of $1.2 million represented a reduction of $7.5 million from IBM's initial $8.7 million demand — an 86 percent reduction achieved without litigation and within the original audit timeline.
| Exposure Component | IBM's Initial Claim | Final Position | Saving |
|---|---|---|---|
| ILMT non-compliance (sub-capacity forfeiture) | $6,100,000 | $620,000 | $5,480,000 |
| DB2 PVU miscalculation | $1,200,000 | $360,000 | $840,000 |
| Non-production environment gap | $1,200,000 | $0 | $1,200,000 |
| Legacy entitlement credits applied | Not recognised | −$1,400,000 | $1,400,000 |
| Remaining settlement (new licences + maintenance) | $8,700,000 | $1,200,000 | $7,500,000 |
Beyond the financial outcome, the engagement delivered three durable structural improvements. First, the client now has a fully deployed, centrally governed ILMT environment covering all virtualised data centres, generating compliant quarterly audit reports. Second, all legacy customer numbers have been consolidated into a single Passport Advantage account, giving the organisation a unified view of its IBM entitlements for the first time. Third, the client adopted a licence governance framework covering IBM software change control, new deployment approval, and quarterly internal ELP reviews — reducing the probability of recurrence.
— Group CIO, UAE Energy Conglomerate (anonymised)
Key Lessons
ILMT gaps are the single largest source of IBM audit exposure. Organisations running IBM software in virtualised environments without continuous ILMT coverage are exposed to full-capacity billing for every uncovered period. ILMT deployment and quarterly compliance reporting should be treated as a mandatory control, not an optional best practice. IBM's Passport Advantage Agreement v11 removed all prior exemptions from sub-capacity reporting requirements in February 2023 — there is no longer any circumstances under which incomplete ILMT coverage can be retrospectively excused without negotiation.
IBM's initial audit calculation is rarely the correct number. In this engagement, IBM's opening position contained three significant errors: PVU miscalculation, incorrect application of non-production licence terms, and failure to recognise transferable entitlements from acquired entities. Organisations that accept IBM's initial demand without independent ELP analysis routinely overpay. The investment in a structured independent audit response consistently returns multiples of its cost.
M&A activity creates hidden IBM licence exposure. Every corporate acquisition that brings IBM software into the estate creates a potential compliance gap unless entitlements are formally consolidated, ILMT coverage is validated, and deployment inventories are reconciled. This work is rarely performed during due diligence and almost never completed post-close. IBM is aware of this pattern and frequently uses change of control clauses in Passport Advantage agreements as audit triggers.
Act before responding to IBM. The 90-day audit window IBM provides under the Passport Advantage Agreement is not a deadline for submission — it is a starting point for negotiation. Organisations that engage independent advisory support within the first two weeks of receiving a Software Verification Letter have consistently achieved better outcomes than those that attempt to respond directly to IBM without preparation.
Facing an IBM audit or concerned about sub-capacity exposure?
Request a confidential IBM licensing assessment. We work exclusively on the buyer side.IBM Audit Defense Resources
Download our IBM Audit Defense Guide covering ILMT compliance, ELP construction, sub-capacity licensing, and negotiation strategy for IBM verification engagements.