VCF renewals ▲ 31.4% YoY· Symantec EDR true ups ▲ 18%· Carbon Black avg quote uplift +22%· Mainframe MIPS capacity squeezes ▲· Audit notices ▲ 47% QoQ· Our last 10 deals avg 41% off quote· VCF renewals ▲ 31.4% YoY· Symantec EDR true ups ▲ 18%· Carbon Black avg quote uplift +22%· Mainframe MIPS capacity squeezes ▲· Audit notices ▲ 47% QoQ· Our last 10 deals avg 41% off quote
Wednesday · 27 May · MMXXVIIssue II
Independent · Buyer SideLive
Broadcom Negotiations
VMware · Symantec · CA · Carbon Black · Mainframe · Brocade The buyer's report on Broadcom contract economics. Not affiliated with Broadcom.
CA · Audit

What to do in the first 60 days after a CA audit notice.

CA audits move slower than Symantec audits but cover more ground. The first 60 days set the perimeter of the engagement. The buyer who lets the seller set the perimeter is settling against an audit that was scoped for the seller's benefit, not the buyer's.
By The Negotiation Desk · CA · Archetype: The Audit
Published 4 Sep 2025 · Updated 31 Jan 2026

A CA audit notice has a different shape than a Symantec audit notice. It moves slower, references more products across a longer time window, and almost always touches a portfolio that has been through two or three ownership changes since the in force contract was signed. The first 60 days of a CA audit are the days when the perimeter of the engagement gets set. Once the perimeter is set, the conversation that follows is largely procedural. The work of the audit defense, the contract reading, and the methodology document is all done before the perimeter closes. The buyer who treats the first 60 days as a response window is solving the wrong problem.

The Desk has run CA audit defense across the Automation, Identity, API Management, AIOps and ESP families in the last six quarters. The pattern across those engagements is consistent. The notice arrives. The buyer's first move is procedural. The seller's first move is to broaden the scope of the audit to include products the buyer might not have expected to be in scope. The buyer's second move sets the perimeter. The next 50 days are the work that closes the audit at a defensible position. The 60 day plan below is the structured sequence we run.

Days 1 to 10: read the in force contract end to end

The first move is internal. The buyer pulls the in force CA contract, every amendment, every order form, every product specific licensing schedule, and every assignment or assumption that has occurred under the prior ownership changes. CA portfolios often carry contract documents from CA Inc, CA Technologies, the CA Technologies acquisition by Broadcom, and any subsequent amendments under Broadcom paper. Each layer carries its own definitions and its own enforcement history. The buyer needs to read all of them, in chronological order, before any other move.

The reading is interpretive. The unit of measure clauses for each product in scope, the assignment provisions, the change of control language, the audit clause itself, and any softening or capping provisions that may apply to the audit posture. CA contracts often include audit limitation clauses that the seller does not raise in the notice. The buyer who reads the audit clause in the first ten days has the procedural framework that the engagement letter will reference in days 20 through 30.

Days 11 to 20: scope the perimeter

The second move is to define the perimeter the buyer wants to operate inside. The seller's notice almost always names a set of products but leaves the perimeter loose. The loose perimeter is the seller's preferred posture, because it allows the audit to extend into products the seller wants to read against the seller's interpretation. The buyer's response defines the perimeter tightly. The named products are in. Products not named are out. The time period is defined. The unit of measure interpretation references the contract language. The data to be produced is scoped to the named products and the defined period.

The perimeter is the most important piece of buyer side work in the first 60 days. Every CA audit we have closed at a defensible number has had a perimeter set by the buyer in the first 20 days. Every CA audit that closed at a difficult number had a perimeter that drifted under the seller's broader reading, with new products added late, new periods added late, and new interpretations layered onto the original notice.

"The notice named two products. By week eight the seller had added four. The settlement closed against the two in the original notice because we had set the perimeter in week three. Without that, the settlement would have been against six."CA Practice Lead, The Desk

Days 21 to 30: produce the methodology

The third move is the buyer's methodology document. The methodology document explains, in writing, the buyer's interpretation of the unit of measure for each product in scope, the methodology used to produce the buyer's count, and the categories of exclusion the buyer has documented. The methodology document is the buyer's first formal interpretive position. It goes to the seller in days 30 to 35 as part of the engagement letter response.

The methodology should run to ten or fifteen pages. It does not need to be longer. Every unit of measure for every product in scope. The contract language that defines it. The interpretation the buyer is taking. The methodology used to count. The exclusion categories with documentation references. The seller's methodology is going to be twenty or thirty pages. The buyer's does not need to match the length. It needs to match the rigor.

Days 31 to 40: engagement letter and data room

The fourth move is the engagement letter. The buyer proposes a scoped engagement, a defined data set, a defined timeline, and the methodology document as the interpretive framework. The seller responds with proposed changes. The negotiation on the engagement letter is the procedural negotiation that defines the rest of the audit. The signed engagement letter is the contract that governs the audit conduct.

The data room is prepared in parallel. The data the buyer produces is scoped to the engagement letter. No raw extracts leave the perimeter without the methodology document attached. The data without the methodology is just numbers. The data with the methodology is the buyer's position.

Days 41 to 50: the first engagement call

The fifth move is the engagement call. The buyer walks the seller through the methodology, the counts, the exclusions, and the documentation. The seller responds with their reading. The two readings either align, or they do not. Where they do not, the disagreement gets documented and tied to contract language. The disagreements that remain at the end of the engagement call are the items that will close in the next 30 days, either as negotiated against the in force contract or as amended on the next renewal.

Days 51 to 60: the settlement framework

The sixth move is the framework for settlement. The buyer proposes a framework that resolves the disagreements, defines the closing position, and ties the closing position to the next renewal. The framework usually includes some combination of forward credit against the renewal value, unit definition amendment on the next renewal, scope reduction on the in force contract, and a documented operational reality statement that supports the buyer's reading. The framework is not the settlement. The framework is the structure inside which the settlement will close in the following 30 to 60 days.

Typical opening CA audit exposure$2M to $14M
Closing exposure where 60 day plan was followed$0 to $3M
Products typically added by seller during audit1 to 4 beyond original notice
Average days from notice to settled position128 days

What we have seen on live deals

A European telco received a CA Automation and Identity audit notice in 2025. Opening exposure on the seller's first read was $9.4M. The 60 day plan above was run. The perimeter was set in week three to the two original products. The methodology document was produced in week five. The engagement letter was countersigned in week seven, with the two original products in scope and no additions. The settlement closed at $1.6M as a forward credit against the next renewal, with a unit definition amendment on the Identity product. The next renewal carried a 31 percent reduction in annual contract value, separately negotiated against the legacy entitlements identified during the audit defense.

A Fortune 200 financial services group received a CA API Management audit notice in early 2026. Opening exposure $2.8M. Same plan, same sequence, settled at $0 with a unit definition amendment on the next renewal and a documented operational reality statement that excluded internal API calls from the unit measurement. The work that produced the outcome was the first 60 days.

The takeaway

  • The first 60 days of a CA audit set the perimeter of the engagement, not the settlement. The buyer who lets the seller set the perimeter is settling against an audit scoped for the seller's benefit. The buyer who sets the perimeter in the first 20 days is settling against an audit that has been narrowed to what the original notice actually said.
  • Read the in force contract end to end before any other move. CA contracts often carry audit limitation clauses, assignment provisions, and unit definitions that have moved through three ownership changes. Every layer matters and every layer is in the buyer's documentation if the buyer reads it.
  • The settlement framework ties the audit close to the next renewal. Forward credit, unit definition amendment, scope reduction, and operational reality statements together produce a position that does not compound. Cash back payments produce a settled audit and a renewal that prices the same exposure all over again.
Just received a CA audit notice and need to set the perimeter in the next 20 days? Write to the Desk → Two analyst calls, no pitch.

Three related articles

CA · The Tell
Three signs your CA renewal is anchored to legacy entitlements
CA · The Trap
The CA ESP renewal clause Broadcom is rewriting in 2026
Outcomes · Case
A European telco converted a legacy CA contract, saving 47 percent
Cross references. Service: Audit Defense. Practice: CA Technologies. Calculator: Audit exposure estimator.
Correspondence Invited

Write before the quote becomes a position.

Two analyst calls. No pitch. We tell you what we would do, what the leverage actually is, and whether we are the right firm. If we are not, we will say so.
Who we work for. Buyer side only. No reseller relationship with Broadcom. No partnership of any kind. We do not earn anything from products sold or renewed. Only from outcomes delivered against the contract.