Oracle Audit Help: What to Do When Oracle

An Oracle audit starts with a letter from Oracle License Management Services (LMS), now folded into the Oracle Software Investment Advisory (SIA) practice. The letter cites the audit clause inside the OMA or OLSA and requests a kickoff call. The clause grants Oracle the right to verify license use, but every other parameter is open to negotiation.

The first 72 hours fix three things. The scope of the audit (products, entities, geographies). The script (who talks to Oracle, in what form, with what evidence). And the chain of communication (no direct DBA to LMS contact, no informal email threads).

Read this alongside the Oracle knowledge hub, the Oracle audit services, the audit landing page, and the Vendor Shield subscription.

Key Takeaways

What every Oracle customer needs to do in the first 72 hours

Acknowledge, do not commit. Reply within 10 business days, name a single point of contact, request a written scope letter before any kickoff.
Fix the scope. Products, legal entities, geographies, time period. Every audit defaults to broad. Pull it back in writing.
One script. No DBA, sysadmin, or procurement staff talks to LMS without legal review. Every script is rehearsed.
Run a parallel internal review. Use the same scripts Oracle will run. Surface gaps before LMS does.
Document the position. Effective licensing, contractual rights (matching service levels, partitioning), and audit clause limits all go in the position paper.
Settle on remediation, not list. Oracle opens at list price for shortfalls. Settlement clears at 30 to 65 percent of list with the right scope discipline.
Renewal lever. Pair the audit settlement with an ULA, cloud commit, or support reset to convert the find into a strategic deal.

What the LMS letter says, and what it does not

The Oracle LMS letter is a templated document. It cites the audit clause, requests a kickoff call, lists the products in scope, and asks for the verification scripts to be run within a defined window.

Standard LMS letter elements

Audit clause citation. The OMA or OLSA clause that grants Oracle the right to verify.
Product scope. Often broad, listing Database, Middleware, Applications, Java SE, and any other deployed Oracle product.
Kickoff request. A proposed call date inside 30 days.
Script request. The LMS measurement scripts, which capture deployment data from the database and middleware estate.

What the letter does not say

It does not bind you to a scope. The letter is an opening position. You negotiate the scope in writing before the kickoff.
It does not bind you to run LMS scripts. The audit clause grants verification, not script ownership. Internal scripts produce the same data.
It does not bind you to a timeline. The 30 day kickoff is a request, not a contract term.

First 72 hours checklist

The 72 hour window sets the tone of the audit. A clean response inside 72 hours establishes you as a structured customer and pulls Oracle into a process led by your counsel and your advisor.

The eight step 72 hour checklist

Acknowledge receipt with a holding letter inside 48 hours. No commitment, no scope confirmation.
Name a single point of contact on the buyer side. All Oracle communication flows through one named role.
Engage independent advisor on the buyer side before the kickoff call. The audit clause does not preclude representation.
Engage legal counsel on the contract, the audit clause, and any privileged communication framework.
Pull every Oracle contract in scope: OMA, OLSA, OMA amendments, ULA, cloud commit, support orders.
Freeze the deployment on Oracle Database, WebLogic, and Java SE. No new installations until scope is fixed.
Open internal lines to procurement, the CIO, and the CFO. The audit is a procurement event, not an IT event.
Draft the scope response letter for legal review and onward transmission to LMS inside 10 business days.

Scope and script discipline

Every Oracle audit lever traces back to two questions. What is the audit scope? And who controls the data Oracle sees?

Scope levers and the buyer side default

Scope dimension	Oracle opening position	Buyer side counter
Product scope	All Oracle products deployed	Only the products named in the letter, by product name and version
Legal entity scope	All affiliates and subsidiaries	Only the contracting entity and the entities named on the order
Geographic scope	Global	Specific data centers or regions named on the order
Time period	Inception to today	The current support term only
Script control	Oracle runs LMS scripts	Customer runs scripts under observation, output reviewed by counsel

Script discipline, line by line

Customer runs the scripts. Oracle observes. The script output goes to counsel before LMS.
Output is privileged. Run under attorney work product framework where jurisdiction permits.
Only in scope products. Do not run scripts on products outside the named scope.
Only in scope hosts. Lab, dev, and decommissioned hosts are not in scope unless agreed in writing.

Common LMS audit findings and the buyer side response

The Oracle audit playbook has eight or nine repeat findings. Knowing them in advance lets the buyer side prepare a position paper before the kickoff.

Oracle Database, the four common findings

Enterprise Edition options not licensed. Partitioning, Advanced Compression, Advanced Security, Diagnostics Pack, Tuning Pack, RAC.
Standard Edition 2 socket count. Two socket cap on SE2, four virtual core threshold per socket.
Named User Plus count below minimum. 25 NUP minimum per processor on Enterprise Edition.
Disaster recovery and standby. Active Data Guard, failover scenarios, and 10 day failover rule.

Virtualization and partitioning findings

VMware hard partitioning challenge. Oracle audit position counts every host in the cluster, then every host in the data center connected to vCenter.
Buyer side counter. The contractual right to use approved hard partitioning technology, and the technical right to cluster pin Oracle workloads.
vMotion documentation. Document that Oracle workloads do not vMotion to non licensed hosts.

Java SE findings, post January 2023 employee metric

Java SE Universal Subscription. The employee metric counts every employee, contractor, and temporary worker, not just Java users.
Buyer side counter. Document the legitimate Java installation perimeter, the OpenJDK migration path, and the desktop Java exit position.
Pre 2023 contract. Customers on a pre 2023 NUP or processor Java contract retain that metric on existing licenses.

Settlement math, worked through a real estate

An Oracle audit settles on remediation, not list. The math runs through three stages. Effective license position, gap by product, and settlement at a negotiated discount.

Effective license position

The ELP captures what the customer is entitled to, what is deployed, and what is missing.

An accurate ELP cuts the Oracle audit position by 20 to 60 percent on most engagements. Most internal license records under count entitlements because they miss ULA certifications, migrated licenses, and license bank credits.

Worked example: 4,000 NUP Enterprise Edition deployment

Line item	Oracle opening	Buyer side position	Settlement
Partitioning	16 processor at 11,500 USD list	4 processor, cluster pinned	6 processor settled
Diagnostics Pack	16 processor at 7,500 USD list	0 processor, no AWR queries	0 processor settled
Java SE Universal	12,000 employees at 15 USD per month	4,000 user perimeter	6,500 employee 1 year subscription
Standby database	4 processor	10 day failover rule	0 processor settled

Net settlement

Oracle list exposure opens at 2.8 million USD on the four line items.
Buyer side position closes at 480,000 USD on remediation plus one year Java subscription.
Settlement lands at 690,000 USD, paired with a three year ULA on Database that locks the next renewal.

Seven levers in any Oracle audit

The seven levers buyer side counsel carries to settlement

Scope discipline. Products, entities, geographies, time period all fixed in writing.
Script control. Customer runs, customer owns, counsel reviews before LMS sees.
Effective license position. Pull the ULA certifications, the license bank credits, and the migrated entitlements.
Technical defense. Hard partitioning, cluster pinning, 10 day failover rule, options usage history.
Java perimeter. Document the legitimate Java installation perimeter and the OpenJDK migration plan.
Settlement at remediation. Trade list price for remediation against a forward looking commercial event.
Forward deal lever. Pair the settlement with an ULA, a cloud commit, or a support reset. Convert the find into a strategic renewal.

What to do next

The eight step checklist takes an Oracle audit from the LMS letter to a controlled settlement position.

Acknowledge receipt with a holding letter inside 48 hours.
Name a single point of contact and engage independent advisor and counsel.
Pull every Oracle contract and freeze new deployments.
Negotiate the scope letter before any kickoff call.
Run scripts internally under counsel direction and review.
Build the effective license position with documented entitlements.
Draft the position paper with technical defenses and remediation math.
Settle on remediation against a forward looking ULA, cloud commit, or support reset.

Frequently asked questions

How long does an Oracle LMS audit last?

The typical Oracle audit runs 4 to 9 months from the LMS letter to settlement. Scope fights take 30 to 60 days at the front, script execution and review takes 60 to 120 days in the middle, and the commercial settlement takes 60 to 120 days at the back.

A controlled audit with disciplined scope and script work lands at the shorter end. An uncontrolled audit, where Oracle gets early script access, often extends past 12 months.

Can we refuse the LMS scripts?

The audit clause grants Oracle the right to verify license use. It does not grant LMS the right to run scripts directly on customer systems. The buyer side counter is to run the scripts internally, output to counsel, output to LMS under a defined scope.

This is the single most important lever in the first 72 hours. Once LMS owns the script output, the buyer side loses 60 percent of the settlement leverage.

What is the 10 day failover rule on Oracle Database?

Oracle Database licensing allows a failover instance to run on a designated standby host for up to 10 separate days in any 365 day period without requiring a separate license. The rule applies to a single failover environment, not active active.

Audit findings frequently challenge the 10 day rule. Document the failover events, the host, and the duration to defend the position.

How does Oracle audit Java SE under the 2023 employee metric?

The Java SE Universal Subscription, introduced January 2023, counts every employee, contractor, and temporary worker, not just Java users. The audit position lists the company headcount as the subscription quantity.

The buyer side counter documents the legitimate Java installation perimeter, the OpenJDK migration path, and the desktop Java exit position. Customers on a pre 2023 NUP or processor Java contract retain that metric.

What is an effective license position (ELP)?

The ELP captures what the customer is entitled to (licenses purchased, ULAs certified, migrations completed), what is deployed (current install base), and the gap. An accurate ELP cuts the Oracle audit opening position by 20 to 60 percent on most engagements.

Most internal license records under count entitlements because they miss ULA certifications, license bank credits, and migrated licenses across legal entities.

How does Redress engage on Oracle audits?

Redress runs Oracle audit defense inside the Vendor Shield subscription, the audit defense services, and on engagement basis where the LMS letter has already landed. The first session inside the 72 hour window costs nothing.

The output is a scope position letter, a script discipline protocol, an effective license position, a position paper, and a settlement memo. The engagement is led by a former Oracle commercial professional on the buyer side.

How Redress engages on Oracle audits

Redress runs Oracle audit advisory inside the Vendor Shield subscription, the audit services, the Software Spend Assessment, and the Renewal Program.

Read the related Oracle hub, the Oracle services page, the audit landing, the complete audit playbook, the ULA negotiation guide, the Java licensing guide, the licensing consultants guide, the benchmarking page, the about us page, and the contact page.

Vendor Advisory

Cloud & Emerging

Programs

Assessments

Research

Knowledge Hubs

Assessment Tools

Oracle Audit Help. What the first 72 hours decide.