Oracle audit defense is essential because Oracle audits can cost companies millions in unexpected software license fees. It can be a challenge for experienced IT asset management professionals, and all will benefit from an Oracle audit defense strategy.
The reason is not all audits are the same – it’s different people, different challenges, and different goals. One thing remains the same from Oracle audit to Oracle audit.
That is how successful you are in an Oracle license audit depends on your ability to take control of the audit right from the beginning. So, here are some pointers on how to create your own Oracle audit defense strategy.
- Oracle Audit Defense
- Oracle LMS – The feared audit team explained
- What is Oracle LMS or Oracle JPE?
- What is Oracle SIA?
- Oracle License Audit Stages
- Oracle license audit process
- Oracle Audit Defense Questions
- Common Oracle audit license compliance issues
- Database compliance issues
- How to build your Oracle audit strategy
- Oracle LMS Negotiation
- Oracle audit defense service
Oracle Audit Defense
There are different ways in which Oracle audits can be initiated unofficially, such as when Oracle sales suspect non-compliance and nominate a customer for audit.
However, the official Oracle audit always starts with a formal audit letter addressed to senior management from Oracle’s audit organization, also known as Oracle License Management Services (LMS).
The letter’s purpose is to notify the customer of the audit, set a start date, and establish who will be involved in the audit on both sides. Oracle may elect an audit partner to lead the audit.
Upon receipt of the Oracle audit letter, it is essential to begin developing your Oracle audit defense strategy and tactics. Oracle LMS, now called Oracle GLAS, is a renowned audit organization that has contributed significantly to Oracle’s revenue through license sales.
It is a loosely global organization with its main analysis center in Romania, where they review the licensing data of Oracle customers.
Oracle LMS – The feared audit team explained
Oracle’s official audit organization is called Oracle License Management Services (LMS), which now goes by the name Oracle Global License Advisory Services (GLAS) since the name change in 2020. It reports to Oracle’s CFO and not the sales organization.
The organization is divided into multiple groups, but its primary workforce is in Bucharest, Romania.
They are responsible for conducting licensing analyses on outputs generated by Oracle LMS scripts, such as database outputs, middleware outputs, and Oracle application outputs.
How is Oracle LMS conducting license audits?
To conduct license audits, Oracle LMS typically has local members in most countries or regions worldwide who act as project managers.
These members are responsible for hosting all meetings related to the Oracle license audit, creating the audit project plan, and presenting and writing the audit report.
The local members are closely aligned with the local sales teams and assist in selecting which Oracle customers are chosen for license audits. However, most of the actual audit work is performed by technical analysts based in Romania.
Oracle LMS audit negotiations
Oracle LMS does not negotiate commercial contracts with its end customers; the Oracle sales organization manages this. Oracle sales teams and LMS likes to play the game “good and bad cop.” Don’t be fooled by this; Oracle sales teams pull all the strings at Oracle.
What is Oracle LMS or Oracle JPE?
Oracle JPE stands for Joint Partner Engagement, an initiative by Oracle to use its resellers to conduct and manage license audits.
Oracle does not compensate these JPE partners for consulting fees but is only rewarded if they can sell additional licenses to cover any shortfall identified in the audit report.
However, this is a significant concern for those familiar with Oracle licensing practices. Oracle’s licensing rules around various topics such as Virtualization, Cloud, and DR are often unclear and open to interpretation.
Having a company that manages software audits with incentives to sell more licenses raises questions about the accuracy and impartiality of the Oracle licensing interpretations provided to the end customer.
What is Oracle SIA?
Oracle SIA, which stands for Oracle Software Investment Advisory, is an organization established by Oracle to assist more customers in migrating to Oracle Cloud and educate them on Oracle licensing topics. The organization comprises former Oracle LMS auditors, who account for 80% of its staff.
While Oracle SIA’s mission is noble, many Oracle customers who engaged with them regarding their licensing were surprised by the results.
When Oracle SIA discovered non-compliance during educational sessions, they sometimes switched from offering help to making threats of an official Oracle license audit unless the customer purchased new licenses.
Our recommendation is to seek independent advice on Oracle licensing rather than relying solely on the information provided by the vendor.
Oracle License Audit Stages
After the kick-off, the audit process is divided into a few main stages:
- Data collection includes using Oracle audit scripts for the servers running Oracle software.
- Preliminary audit report – This is where Oracle or the audit partners share a draft report of the results for the customer to review.
- Final audit report – Oracle closes the report usually – but not always – after the customer has accepted the findings.
- Resolving the audit findings – Oracle sales negotiates with the customer on sales of licenses, and associated terms and conditions, to cover for any shortfall outlined in the audit report. The standard Oracle audit clause dictates that the customer has 30 days from the final report to cover any shortfall. In other words, the clock is ticking once you have accepted the findings.
Oracle license audit process
Oracle LMS has a well-established audit process. They have been doing audits successfully for many years, and it is a very lucrative business. While LMS auditors handle several audits in parallel every day of the year, you might be on the first or second audit with Oracle.
This is an opportunity to use a well-proven Oracle audit defense tactic, which is to delay the Oracle audit.
This might surprise you, but the audit process is designed to take you to the final report as quickly and painlessly (for the LMS team) as possible without you asking too many questions.
Oracle Audit Defense Questions
Questions that Oracle LMS wants to avoid:
- Who decides on the overall timeline of the Oracle audit?
- Do I have to run Oracle scripts?
- How do Oracle license policies apply to me when not referenced in my contract?
- Where will the data Oracle scripts collect go for analysis?
- What information is the script picking up?
- Should I sign an NDA with Oracle before the audit?
Oracle LMS will not tell you how to deal with these questions. They are going to avoid them for a reason. If you don’t know the answers or these questions are new to you, you are most likely unable to take control of the Oracle license audit and defend yourself.
Common Oracle audit license compliance issues
There are many different compliance problems with Oracle software, but the Oracle database is still king of compliance problems because it is expensive to license, there are many different products, and it is widely used with a 40% market share.
Database compliance issues
- Use management packs that you don’t have licenses for – very common mistake where even the best Oracle DBA gets it wrong.
- Use of management packs on standard edition – possible but not allowed
- Historical use of database options and packs – years and years of use is common and very costly.
- Use of advanced compression – is a feature used in many different situations
- Use of Oracle databases in virtual environments
How to build your Oracle audit strategy
How do you take control and defend yourself in an Oracle audit? It starts with the audit letter. Already at the beginning, you need to stop the Oracle LMS team in its tracks. Doing so will help you to buy time and use that time to do your internal audit and remediation.
The best Oracle audit defense strategy starts with independent Oracle licensing experts who analyze Oracle audit scripts. Also, you need to ensure that all communication to Oracle goes through one person. Otherwise, there is no way of knowing what information is shared and with who.
What is an Oracle audit negotiation advisor?
An Oracle audit negotiation advisor should be an individual who has many years of working with Oracle license management and audits. Ideally, this should be someone who has worked at Oracle for you to benefit from all the insider secrets that are an essential part of an Oracle audit defense.
When to include an Oracle audit negotiation advisor?
Oracle audit negotiation advisors are important to include not only at the end of an Oracle audit but also before the Oracle audit begins because you need to negotiate the audit scope and methods.
Why you need an advisor before the Oracle audit begins
- You can negotiate which products Oracle will audit – there may be a reason for excluding a product with more uncertainty about your compliance position.
- You can also exclude geographical areas such as legal entities in other countries.
- You should also negotiate which tools will be used – will you use Oracle scripts or use manual declaration/sharing of data?
- Negotiate the Oracle audit timeline to ensure the Oracle audit has an end date both parties agree on.
Why you need an Oracle audit negotiation advisor at the end of the audit
The Oracle audit report can be difficult to understand if you haven’t seen an Oracle license audit report before. An audit advisor can explain the findings and uncover mistakes in the report.
Oracle will never include pricing or discounts in an Oracle license audit report If the advisor is experienced, he can tell you how much other companies paid for similar findings to ensure you don’t overpay to Oracle.
Why you need an Oracle audit negotiation advisor at the end of the audit
- The Oracle audit report can be difficult to understand if you haven’t seen an Oracle license audit report before. An audit advisor can explain the findings and uncover mistakes in the report.
- Oracle will never include pricing or discounts in an Oracle license audit report If the advisor is experienced, he can tell you how much other companies paid for similar findings to ensure you don’t overpay to Oracle.
Oracle LMS Negotiation
- Oracle LMS negotiations can be challenging as you will have different reasons why Oracle believes you are out of compliance.
- Reasons range from missing products not following non-contractual licensing policies and contractual terms in your Oracle licensing agreements.
- One important factor to success is to understand how severely Oracle views each compliance issue.
Oracle audit defense service
- Independent review of all your Oracle deployments before the Oracle audit begins
- Review all your Oracle license agreements to identify contractual compliance.
- Design an Oracle audit defense strategy for all phases of the audit
- Help you negotiate with Oracle during the audit
- Help you optimize your Oracle licenses before the audit begins
- Provide Oracle audit defense advisory services
- Customize the audit service to your requirements, even if the audit has already begun.