VCF renewals ▲ 31.4% YoY· Symantec EDR true-ups ▲ 18%· Carbon Black avg quote uplift +22%· Mainframe MIPS capacity squeezes ▲· Audit notices ▲ 47% QoQ· Our last 10 deals avg −41% on quote· VCF renewals ▲ 31.4% YoY· Symantec EDR true-ups ▲ 18%· Carbon Black avg quote uplift +22%· Mainframe MIPS capacity squeezes ▲· Audit notices ▲ 47% QoQ· Our last 10 deals avg −41% on quote
Wednesday · 27 May · MMXXVIIssue II
Independent · Buyer-SideLive
Broadcom Negotiations
VMware · Symantec · CA · Carbon Black · Mainframe · Brocade The buyer's report on Broadcom contract economics. Not affiliated with Broadcom Inc.
Methodology · How an Audit Defense Engagement Is Run

How audit defense engagements are run.

An audit defense engagement is run on a documented schedule with a defined sequence of artefacts and decisions. This page documents the schedule. Buyers running an audit alongside us, or considering doing so, can read it as the operating manual.
By The Negotiation Desk · Methodology · Audit defense process

An audit defense engagement is not a single piece of advisory work. It is a sequence of pieces of work, each with its own deliverable, its own timing window, and its own sign off. The sequence is the same across product lines. The detail varies. This page documents the sequence the Desk runs on every Broadcom audit defense engagement, from receipt of the notice through to the executed settlement letter. It is written for buyers who are considering whether to engage advisory support, for buyers already in flight who want to see the operating manual against which their engagement is being run, and for procurement and compliance leads who need to brief internal sponsors on what a properly run audit defense looks like.

The process is documented as five phases. Each phase has a defined start and end. Each phase ends with a signed artefact that becomes the input to the next phase. The signed artefacts are the buyer's protection. They are also the discipline that prevents the engagement from drifting into reactive territory where the auditor's calendar shapes every decision.

Phase one: read and stabilise (days 1 to 21)

The first phase is the 21 day perimeter setting phase. The notice is read three independent times by three different roles inside the buyer's organisation. The contract paper is pulled, including the master agreement, the relevant schedules, and any side letters that touch the products named in the notice. The deployment data is compiled from internal records the buyer already holds, not from any new collection effort that would later appear as cooperation under the audit clause. A counter exposure model is built against the contract language as written. A response letter is drafted, reviewed by external counsel or external audit defense advisor, and sent on day 19 by the appropriate signatory. The phase ends on day 21 with the buyer holding a settled perimeter inside which the rest of the engagement will be argued.

The artefacts at the end of phase one are the deployment inventory, the counter exposure model, and the response letter. All three are signed and held in the engagement file. The signature is procedural but consequential. It records that two functions inside the buyer's organisation have agreed on the numbers and the framing. The audit defense lead at the Desk and the buyer's procurement or compliance lead both sign.

Phase two: working session sequence (weeks 4 to 12)

The second phase is the reconciliation phase. The buyer's counter exposure model and the auditor's exposure model are reconciled across a sequence of working sessions, typically three to five, that run from approximately week four to week twelve. The sessions are structured around the contract language. Each session takes a defined slice of the disagreement, reconciles the measurement frame against the contract language for that slice, and produces a written summary that both parties acknowledge. The sessions do not settle the exposure. They settle the framework inside which the exposure is calculated.

"The working sessions are not arguments. They are paragraphs of the contract being read in the open, with both sides reconciling their interpretation against the words on the page. The arguments come later, and are shorter."Audit Defense Lead, The Desk

The buyer's lead for the working sessions is the individual who signed the counter exposure model in phase one. The buyer's support team includes the procurement lead, the security or compliance lead, the external counsel or external audit defense advisor, and a technical lead from the relevant product team for each session. The technical lead changes session to session as the product scope changes. The procurement and compliance leads are consistent across the phase. The consistency is what holds the framework together.

Phase three: settled exposure and the draft settlement (weeks 13 to 18)

Once the framework is settled, the exposure calculation is reduced to arithmetic. The two models are run against the agreed framework, and the difference between them narrows to a defensible band. The settled exposure is the buyer's model output under the agreed framework, with documented adjustments for any items the buyer's model conceded during the working sessions. The auditor's settled exposure number, almost always larger than the buyer's, is reconciled against the buyer's number in a final working session and a settlement number is agreed.

The draft settlement letter is prepared by external counsel based on the agreed settlement number. The letter documents the settled exposure, the basis on which the exposure was calculated, the release language that covers the audit period, and any commitments the buyer is making in connection with the settlement. The letter is reviewed inside the buyer's organisation by the procurement lead, the compliance lead, the sponsor, and the buyer's general counsel before it is sent for the auditor's review.

Phase four: executed settlement (weeks 19 to 22)

The execution phase is procedural but not trivial. The settlement letter is exchanged between the parties, revised through one or two rounds of redline, and executed. The buyer's internal approval for execution follows the buyer's normal contract approval process, with one variation. The audit defense advisor and external counsel sign off on the final form of the letter before it is presented for internal approval. The sign off is the certification that the executed letter matches the negotiated framework. It also protects the buyer against an executed letter that drifts from the negotiated terms during the final exchange.

The executed settlement is the engagement's final deliverable. It is filed in the buyer's contract management system alongside the master agreement, the working session summaries, and the signed counter exposure model. The full audit defense file is held for a defined retention period agreed between the buyer's compliance lead and the Desk at the start of the engagement.

Phase five: post settlement debrief and renewal positioning (week 23 onward)

The settlement does not end the engagement. The settled exposure number, the framework agreed during the working sessions, and the deployment inventory all become inputs to the next renewal conversation on the affected product lines. The Desk's standing practice is to run a debrief inside the buyer's organisation in the four weeks after settlement, covering three things. What the engagement produced in absolute terms. What the engagement implies for the next renewal cycle on the same products. And what the engagement revealed about the buyer's internal controls that would benefit from change before the next audit window.

The debrief is documented in an internal memo signed by the procurement and compliance leads. The memo is not shared outside the buyer's organisation. It is the buyer's institutional record of what the audit produced and what to do differently next time. Buyers who skip the debrief tend to repeat the same audit shape in the next cycle. Buyers who run it carry the learning forward.

What the process does not do

The process does not change what the contract says. The buyer's contract is the buyer's contract. The process does not introduce arguments that the contract language does not support. The process does not promise an outcome that depends on the auditor adopting a position the auditor is not contractually required to adopt. Every settlement we have closed has been a settlement consistent with the contract language as written. The reductions against asserted exposure that we publish in our outcomes panel are the result of measurement frame reconciliation against the contract, not the result of negotiation outside the contract.

How to read this page if you are inside an active audit

If you have just received a notice, the document you need first is the notice itself, read independently by three people inside your organisation, with the response acknowledgement sent within 24 hours and no substantive response for the first three days. If you are several weeks into an active audit and the schedule above does not match what you have been doing, write to the Desk. The schedule can be picked up from any phase. The earlier the better. The later the harder. There is no engagement that cannot be partially recovered. There are engagements where the recovery is limited by what was done before we became involved.

Read next

Methodology
How we calculate savings
Methodology
How the benchmarking data is sourced
About
Independence and the no reseller line
Correspondence Invited

Write before the quote becomes a position.

Two analyst calls. No pitch. We tell you what we would do, what the leverage actually is, and whether we are the right firm. If we are not, we will say so.
Who we work for. Buyer-side only. No reseller relationship with Broadcom. No partnership of any kind. We do not earn anything from products sold or renewed. Only from outcomes delivered against the contract.