VCF renewals ▲ 31.4% YoY· Symantec EDR true ups ▲ 18%· Carbon Black avg quote uplift +22%· Mainframe MIPS capacity squeezes ▲· Audit notices ▲ 47% QoQ· Our last 10 deals avg 41% off quote· VCF renewals ▲ 31.4% YoY· Symantec EDR true ups ▲ 18%· Carbon Black avg quote uplift +22%· Mainframe MIPS capacity squeezes ▲· Audit notices ▲ 47% QoQ· Our last 10 deals avg 41% off quote
Wednesday · 27 May · MMXXVIIssue II
Independent · Buyer SideLive
Broadcom Negotiations
VMware · Symantec · CA · Carbon Black · Mainframe · Brocade The buyer's report on Broadcom contract economics. Not affiliated with Broadcom.
Mainframe · Audit

What to do in the first 45 days after a mainframe MIPS audit notice.

The mainframe MIPS audit is the most consequential audit Broadcom currently runs. The first 45 days set the exposure for everything that follows. The work is sequenced and procedural, and most buyers underestimate how much of it has to happen at once.
By The Negotiation Desk · Mainframe · Archetype: The Audit
Published 2 Mar 2026 · Updated 29 Apr 2026

The mainframe MIPS audit notice arrives by formal letter from the Broadcom compliance function, addressed to the named contract signatory at the buyer organisation. It names the contract, the IPLA and MSU entitlements under review, and the response window. The window is typically 45 days, longer than the 30 day windows used on other Broadcom products because the audit data the seller is requesting takes longer to assemble. The longer window is not a kindness. It exists because the assertion the buyer will need to make about its own peak rolling four hour average usage is the most operationally demanding extract any Broadcom audit requires. The 45 days are not generous. They are barely enough.

Across the seven mainframe MIPS audits our engagement leads worked across 2024, 2025, and into 2026, the buyers who used the 45 days well closed at a small fraction of the seller's opening assertion. The buyers who improvised the response closed at a number that materially impacted the next two budget cycles. The work that distinguishes the two outcomes is sequenced. Seven moves, in order.

Move one: acknowledge in writing inside the first week

The acknowledgement is short, names the buyer side point of contact, reserves all positions, and confirms the response window. It is procedurally simple and operationally non negotiable. The audit team treats the absence of an acknowledgement as evidence of a non cooperative posture. The presence of one is procedurally invisible. The asymmetry is what makes the acknowledgement mandatory.

Move two: freeze the SMF and RMF extracts on day one

The Systems Management Facility and Resource Measurement Facility extracts are the data the audit will be decided on. They are produced by the mainframe operating system and capture the workload data the audit needs. Every extract is timestamped. The extracts that exist on the day the audit notice arrives are the extracts that govern the buyer's exposure for the audit period. The buyer's first technical move is to produce a clean baseline extract, store it under a defined chain of custody, and route all subsequent extract requests through a single named individual on the buyer side. Any extract run during the audit window that does not pass through that control point is at risk of being read as evidence the buyer did not intend to produce.

Move three: identify which MSU baseline the seller is asserting against

The mainframe contract carries multiple MSU baseline numbers across its lifecycle. There is the original signed baseline, the contractual peak ceiling, the rolling four hour average baseline, and the sub capacity report baseline. The seller's opening assertion is built against one of these baselines. The buyer's first analytical task is to identify which one. The seller does not always announce the choice. The buyer's audit defense team has to reconstruct the assertion model from the supporting documents. The reason this matters is that each baseline carries different rebuttal arguments. The argument that defeats an assertion against the rolling four hour average baseline does not defeat an assertion against the peak ceiling.

"The audit is decided on which MSU baseline the seller is asserting against. The buyer who does not know which one cannot mount the right defense. The buyer who reconstructs the model on day five has the rest of the window to use it."Mainframe Audit Defense Lead, The Desk

Move four: stand up privileged communication

The audit conversation will generate documents that are privileged and documents that are not. The boundary between them has to be defined inside the first ten working days. The work that the audit defense team produces under external counsel is privileged. The SMF and RMF extracts are not. The internal email traffic discussing the audit position is not unless it is routed through counsel. The buyer who fails to set up the boundary will produce, in the formal phase, internal correspondence that frames the position in ways the buyer did not intend.

Move five: run the deployed workload reconciliation

The deployed workload reconciliation is the audit's main rebuttal artefact. It compares the workload actually run during the audit period against the contractually licensed workload. The reconciliation has to address several things. Sub capacity reporting validity, soft capping configuration, defined capacity values, and the boundary between mobile workload pricing and standard pricing where the buyer has invoked it. The reconciliation typically takes 20 to 25 working days of mainframe operations time when the documentation is in good order. It takes longer when the documentation is fragmented. The buyer who has not started the reconciliation by day 15 will not finish it inside the window.

Move six: refuse the bundled resolution offer

The seller will, in the second half of the audit window, often propose a bundled resolution that combines the audit settlement with an early renewal at favourable pricing. The bundle is not in the buyer's interest. The audit and the renewal are different contractual conversations with different leverage profiles. Pulling them together favours the seller. The audit position is decided on documented workload. The renewal position is decided on alternative pathways, market alternatives, and the buyer's overall mainframe trajectory. Conflating the two compresses both into a single number that is almost always worse than the two negotiated separately. The buyer's position is to complete the audit on its own track and address the renewal afterwards.

Move seven: keep the executive sponsor briefed but not in the call

The audit is operationally complex and politically sensitive. The executive sponsor on the buyer side has to be kept informed throughout the 45 days but should not be present in any substantive audit call. The seller will sometimes request an executive level conversation to escalate the audit position. The buyer's procedural posture should be to handle the audit through the named contractual point of contact, with the executive sponsor briefed in writing after each call. The reason is straightforward. Executive level conversations introduce off contract considerations that the audit team can later cite as concessions. The named contact has the contractual authority to handle the audit and only the audit.

The numbers

Mainframe MIPS audits worked 2024 to 20267
Median audit notice window45 days
Buyers who acknowledged within 5 working days6 of 7
Buyers who froze SMF and RMF on day 14 of 7
Avg settlement on disciplined defense26% of opening assertion
Avg settlement on improvised defense71% of opening assertion

What we have seen on live deals

A Fortune 200 financial services firm received a mainframe MIPS audit notice in 2025 with an opening assertion of $24M against alleged peak workload exceedances. The first 45 days were used to acknowledge inside three working days, freeze the SMF and RMF extracts on day one, reconstruct the MSU baseline model on day five, stand up external counsel privilege by day eight, and complete the deployed workload reconciliation by day 33. The first substantive call was held on day 41. The settlement closed at $4.6M, 19 percent of the opening assertion. The buyer side time investment across the 45 days was 240 hours of internal mainframe operations and 60 hours of external counsel.

A different shape came from a healthcare network that engaged in a substantive audit call inside the first ten days, before the SMF reconciliation was complete and before the MSU baseline model had been identified. The opening assertion of $9M settled at $7.2M, roughly 80 percent of the opening. The post audit review identified that the bulk of the asserted exposure was rebuttable on the sub capacity reporting position but had not been rebutted because the documentation had not been ready when the conversation took place. The lesson is the same as the Symantec DLP shape. The audit is decided on documents. The conversation that runs ahead of the documents locks in the seller's documents rather than the buyer's.

The takeaway

  • The 45 day window is barely enough. The work is sequenced. Acknowledge in writing, freeze SMF and RMF extracts on day one, identify the MSU baseline the seller is asserting against, establish privilege, run the deployed workload reconciliation, refuse bundled resolutions, and keep the executive sponsor out of the substantive calls.
  • The audit is decided on documented workload, not on conversations. The buyer who runs the reconciliation first and the conversations second closes at a small fraction of the buyer who runs them in the opposite order.
  • The renewal is a different conversation. The seller will try to bundle them. The buyer who refuses the bundle protects the leverage that the separation produces.
Just received a mainframe MIPS audit notice? Write to the Desk → Two analyst calls inside 48 hours, no pitch. We will tell you what the first ten days should look like.

Three related articles

Mainframe · Calendar
The mainframe MIPS capacity squeeze nobody saw coming
Mainframe · Lever
The IPLA versus MSU decision that changes your mainframe contract
Outcomes · Case
How an Asia Pacific bank renegotiated $18M of mainframe capacity
Cross references. Service: Audit Defense. Practice: Mainframe MIPS Capacity. Calculator: Audit exposure estimator.
Correspondence Invited

Write before the quote becomes a position.

Two analyst calls. No pitch. We tell you what we would do, what the leverage actually is, and whether we are the right firm. If we are not, we will say so.
Who we work for. Buyer side only. No reseller relationship with Broadcom. No partnership of any kind. We do not earn anything from products sold or renewed. Only from outcomes delivered against the contract.