The Broadcom Audit First 48 Hours Playbook

The first 48 hours after a Broadcom audit letter arrives are the most consequential 48 hours in the entire engagement. They are also the most likely to be mishandled, because the natural instinct of any competent IT or procurement leader is to engage, gather facts, and move forward. In a Broadcom audit, engaging fast is exactly the wrong default. The right default is to slow down, do four specific things, and prepare the procedural ground for a long defence.

This playbook is what we tell our own clients in the first conference call after the letter arrives. It is deliberately tactical — hour-by-hour for the first day, day-by-day for the second — so that whoever in your organisation is on the receiving end has a clear sequence to follow.

Hour 0: Read the letter twice

Read the letter once for content and once for procedure. The content read tells you what Broadcom claims to be auditing, the audit period, the appointed auditor, and the proposed timeline. The procedural read tells you what contractual clause has been invoked, what response is required, by when, and to whom. Note any phrasing that asserts a Broadcom interpretation of the contract — these are points to challenge later.

Do not respond. Do not reply-all. Do not forward to the broader IT leadership team. The letter has been delivered to a named contact for a reason: routing it widely creates discoverable internal correspondence before you have a position.

Hour 1-2: Lock down internal communication

Decide who needs to know and who does not. The minimum circle is: the recipient of the letter, the general counsel (or external counsel if there is no in-house function), the CIO, and the CFO. Brief each of them in person or by phone, not in writing. Establish a single named project lead — usually general counsel or an external advisor, not the CIO.

Issue a brief internal instruction to the minimum circle: any discussion of the audit is to be conducted verbally or through privileged channels (counsel-led correspondence), and not in routine email, Slack, or ticketing systems. This is not paranoia; it is standard practice for any commercial dispute, and it preserves your procedural options.

Hour 2-4: Pull the master agreement

Find the master agreement that governs the contractual relationship with Broadcom or VMware. This may be a VMware Enterprise Licence Agreement (ELA) negotiated before 2023, a Broadcom master subscription agreement signed after the acquisition, a federal or public-sector framework contract, or a reseller agreement that incorporates VMware or Broadcom terms by reference. Confirm which document governs the audit that has been initiated.

Locate and copy the audit clause, the confidentiality clause, the transfer and assignment clause, and the dispute resolution clause. These four clauses define your procedural position. Have them ready for the first call with counsel.

Hour 4-8: Acknowledge receipt

Send a brief, courteous acknowledgement to the Broadcom contact identified in the letter. A single paragraph is appropriate. Confirm receipt of the letter, confirm that the audit notice is being reviewed, and confirm that a substantive response will follow by the response deadline. Do not commit to a timeline more aggressive than the letter requires. Do not engage on substance. Do not name additional contacts. Do not propose dates for a kickoff call.

If counsel is already in place, copy counsel on the acknowledgement. If not, send the acknowledgement from a single named contact who will route subsequent communication.

Hour 8-24: Engage independent counsel and advisor

Two independent engagements should be initiated in the first 24 hours. The first is independent counsel — either your in-house general counsel or external counsel with software licensing experience. The second is an independent licensing advisor — a buyer-side specialist with Broadcom audit experience.

The two roles are different and complementary. Counsel manages the contractual and procedural posture. The licensing advisor manages the substantive analysis of entitlement, deployment, and methodology. Engaging only one of the two is a common mistake that produces materially worse outcomes than engaging both.

The first conversation with counsel should establish: the contractual basis for the audit, the procedural protections that apply, the response timeline, and the immediate communications protocol. The first conversation with the licensing advisor should establish: the scope of products in play, the data the auditor is likely to request, the entitlement reconstruction required, and the methodology challenges available.

Day 2 morning: Build the inventory map

On the second day, the work shifts to substance. The first substantive task is to build a complete map of the customer's entitlements: every VMware or Broadcom product purchased, the SKU, the quantity, the date of purchase, the contractual basis, and any restrictions or upgrade rights. This map is the foundation of every subsequent decision in the audit.

The entitlement map should pull from: master agreement and amendments, order forms and order acknowledgements, reseller purchase records, internal procurement records, asset management database (if it exists), and historical correspondence with VMware or Broadcom about entitlement changes. The map should also include any entitlements acquired through M&A activity, with the relevant transfer or assignment documentation.

For most mid-market customers, building a usable first-draft entitlement map takes one to two days. For large enterprises, it takes one to three weeks. Do not wait for the complete map to begin the next steps — work in parallel.

Day 2 afternoon: Build the deployment map

The second substantive task is to build a clean, validated map of the customer's current deployment. The deployment map should pull from: vCenter inventory (clean, with decommissioned items excluded), ESXi host configurations, cluster topology, vSAN deployment details (raw capacity, cache capacity, datastore capacity), NSX configurations (edition, features in use, scope), and any other Broadcom or VMware products in use.

Critically, the deployment map should be built by the customer, not by Broadcom. Do not run Broadcom-provided scripts. Do not allow the auditor to extract data directly from customer infrastructure. The customer's own data, validated and cleaned, is materially more favourable than auditor-collected data.

Day 2 evening: Draft the response letter

The end of day two is the right time to draft the response letter. The response letter is not a substantive engagement on the findings — it is a procedural document that establishes the ground rules for the audit. A properly structured response includes: acknowledgement of the audit notice with reservation of all rights, identification of the specific contract that governs, designation of the customer's representatives, proposed data-exchange protocol consistent with the contractual scope, required confidentiality and data-handling provisions, and a proposed schedule that allows for proper preparation.

The response letter should be drafted by the licensing advisor, reviewed by counsel, and approved by the named project lead before it is sent. It should be sent before the response deadline but not earlier than necessary — the additional preparation time is valuable.

What not to do in the first 48 hours

Do not engage on substance

Auditors are trained to draw out admissions in casual email and informal phone calls. Statements made in good faith — "yes, we have NSX running in three clusters" — become evidence in the findings report. All substantive communication should be routed through counsel or the licensing advisor and reviewed before it leaves the network.

Do not commit to a kickoff date

The kickoff call sets expectations. If the kickoff happens before the customer has built its entitlement map, deployment map, and procedural position, the audit will be framed by Broadcom's material rather than the customer's. Push the kickoff out by two to four weeks. Use the time to prepare.

Do not run the scripts

Broadcom audit letters frequently include scripts (PowerCLI, RVTools, custom self-assessment tools) that the customer is asked to run and return. The scripts collect more data than the audit clause requires. The data, once submitted, becomes the basis for the auditor's claim. We have not seen a single Broadcom audit in which running the scripts produced a better outcome than withholding them pending a negotiated data-exchange protocol.

Do not loop in the reseller

The reseller has commercial incentives aligned with Broadcom, not with the customer. The reseller can be a useful source of historical purchase data on request, but should not be part of the response team or copied on audit correspondence.

Do not loop in Broadcom's account team

The account team will offer to "help" navigate the audit. The account team's commercial incentives are aligned with closing the audit through a VCF subscription purchase, not with reducing the customer's exposure. Keep the audit track and the commercial track separate.

What to communicate internally

The internal communication in the first 48 hours should be tightly scoped. The CIO, the CFO, and (where appropriate) the COO should be briefed in person or by phone with a single message: an audit has been initiated, counsel and an independent advisor are engaged, a response will be sent by the deadline, and a defence plan will be presented within two weeks. Do not commit to a specific cost or exposure range until the entitlement and deployment maps are built.

The board does not need to be briefed in the first 48 hours. Premature board reporting frequently locks the response into an expensive trajectory because the board will want a number, and the only number available in the first 48 hours is the number on the audit letter — which is almost always materially higher than the eventual settlement.

The 48-hour checklist

By the end of hour 48, the following should be complete or in progress: the letter has been read twice and acknowledged; the master agreement and key clauses have been pulled and reviewed; counsel and an independent licensing advisor have been engaged; the minimum internal circle has been briefed; internal communication protocols have been established; the entitlement map is in first-draft form; the deployment map is in first-draft form; and the response letter is drafted, reviewed, and queued for delivery before the deadline.

If any of these items is incomplete at hour 48, the priority for hours 48 to 72 is to close the gaps before the response deadline rather than to engage on substance with Broadcom.

What success looks like

By the end of the first 48 hours, the customer has done two things: it has established a procedural posture that will protect it through the rest of the audit, and it has begun the substantive work that will reduce the eventual claim. Neither task is fully complete, and neither needs to be. The objective of the first 48 hours is not to win the audit; it is to ensure that the audit can still be won.

Customers who follow this playbook consistently settle for 30-50% of the initial Broadcom claim. Customers who do not consistently settle for 70-90% of it. The difference is the discipline of the first 48 hours.

If you are inside the first 48 hours of a Broadcom audit and want a confidential review of where you stand and what to do next, Contact us →. We respond within one business day and can be operating on the engagement within 24 hours.