IBM license audits are inevitable in managing enterprise software assets, especially in large, complex environments. When an audit notice arrives from IBM, it might contain vague and far-reaching language, such as a request to review “all IBM distributed International Program License Agreement (IPLA) and mainframe products deployed in the client’s IT environment.” This broad phrasing is intentional. IBM licensing auditors want to maximize their investigative latitude because they don’t know what’s deployed in your IT environment and wish to uncover IBM licensing compliance gaps. However, for organizations with mature IT asset management (ITAM) and IT service management (ITSM) practices, proactive engagement in defining the scope of an IBM license audit can shift the balance.
Why Scope Matters in an IBM License Audit
Investing time in defining the scope of an IBM license audit is a strategic response. It clarifies responsibilities and usually reduces the audit duration. It can also lead to a more favorable outcome by preventing overreach or unnecessary inclusion of low-risk areas. For ITAM and ITSM leaders, this aligns with their likely broader objectives around governance, cost control, and risk mitigation.
The key areas to address when negotiating and defining the scope of an IBM license audit are listed below.
Defining the Scope of an IBM License Audit
Defining the Scope of an IBM License Audit #1: Mainframe vs. Distributed Environments
Mainframe (MLC) products are rarely excluded from initial IBM license audit requests, and IBM often retains the right to audit them separately later. If your organization has a hybrid environment, clarify whether both distributed and mainframe products are in scope and document any deferred components.
Defining the Scope of an IBM License Audit #2: Legal Entities in Scope
Identify which corporate entities are subject to the IBM license audit. Recently acquired or divested entities, or those that have recently undergone an IBM audit, may be candidates for exclusion. Clear legal delineation is essential for managing entitlements and audit obligations.
Defining the Scope of an IBM License Audit #3: Geographies and Locations
IBM typically assumes a global scope. However, specific geographies, such as countries operating under separate IBM agreements (e.g., Japan), may be negotiable for exclusion. Your organization may also be able to exclude regions where data collection poses an unreasonable burden or where recent audits have been completed.
Defining the Scope of an IBM License Audit #4: Passport Advantage Sites
Request a list of Passport Advantage (PA) site numbers that the auditor intends to review. These site numbers directly influence the product entitlements and deployment footprint under scrutiny. Ensure the list is complete, and decide whether to include any omitted PA sites based on your strategic position.
Defining the Scope of an IBM License Audit #5: Product Scope
Auditors often state that all deployed IBM products are in scope, regardless of usage. Push to refine this to a specific, documented list – typically aligned with the entitlements tied to your organization’s PA sites. Make it explicit that any product not listed is out of scope unless otherwise agreed.
Defining the Scope of an IBM License Audit #6: ILMT-Tracked Products
Consider narrowing the audit to the IBM products measured via the IBM License Metric Tool (ILMT), particularly those using sub-capacity licensing metrics like Processor Value Unit (PVU) or Resource Value Unit (RVU). These products represent higher compliance risk but are easier to measure and verify. Focusing here can reduce audit complexity and improve accuracy.
Defining the Scope of an IBM License Audit #7: Exclusions for Specific Applications
Certain enterprise applications may be excluded from the IBM license audit based on the following justifications:
- Unusually complex or non-standard license metrics
- Specialized skills or tooling required for measurement
- Low perceived risk of non-compliance
- Sold under a different IBM business unit.
Negotiate these exclusions early in the IBM license audit process and ensure they are well documented.
Defining the Scope of an IBM License Audit #8: Product Categories to Exclude by Default
Some categories of IBM offerings are typically excluded due to their nature or licensing models. Unless there’s a compelling reason, request the exclusion of:
- SaaS-based products
- Artificial intelligence (AI) or cognitive computing offerings
- IBM hardware, systems, and appliances
- Red Hat products.
These product categories often have their own compliance frameworks and are outside the purview of traditional IBM license audits.
Finally, an IBM license audit doesn’t need to be adversarial, but it should be managed with discipline and strategic oversight. If you would like more insight into defining the scope of IBM license audits, please contact me.
Piaras MacDonnell
Piaras is an internationally recognized expert in IBM licensing. He has delivered over 100 licensing projects, including audit defenses, enterprise license agreement renewals, compliance health checks, and license optimization, resulting in millions of dollars and euros in savings for his clients.
