How to Respond to an
Oracle Audit Letter in 30 Days

What the Oracle Audit Letter Actually Means

Knowing how to respond to an oracle audit letter correctly begins with understanding what the letter is — and what it is not. Oracle's formal audit notification is a contractual exercise of Oracle's audit rights, which are embedded in most Oracle licence agreements under clauses that allow Oracle to verify compliance up to once every twelve months (the exact frequency varies by agreement). The letter is also a commercial instrument: Oracle's LMS team uses the notification process to initiate a structured engagement designed to convert any discovered shortfall into a revenue outcome.

The letter is not an accusation. It does not mean Oracle has already found a problem. In many cases, Oracle sends audit notifications speculatively — targeting accounts that exhibit one or more of the oracle audit triggers that correlate historically with shortfalls, without having specific evidence of non-compliance. Your response to the letter should be calm, structured, and unhurried — even if LMS sets an aggressive initial response deadline. Review the full Oracle License Audit Defence playbook to understand the complete process you are entering.

Days 1 to 5: Immediate Actions

The most important action in the first five days is also the most commonly skipped: engage independent advisory before you communicate anything to Oracle. This sounds obvious but in practice many organisations send an initial acknowledgement, agree to Oracle's proposed kickoff meeting timeline, or — worse — allow an IT team member to begin gathering deployment data without any strategic framework in place. Each of these actions narrows your options and potentially hands Oracle information it will use to establish the highest possible shortfall figure.

Appoint a single internal project lead — ideally someone in procurement or legal, not IT infrastructure — whose only role is to coordinate the organisation's response. All communications with Oracle LMS should be channelled through this person. Brief your IT, legal, and finance stakeholders in writing that no one should speak to Oracle about the audit informally, including during account management calls or support interactions. Oracle LMS and Oracle's account team share intelligence, and informal conversations are a documented source of evidence in audit findings.

Review your Oracle Master Agreement and all associated order forms. Identify the specific audit rights clause — it will govern what Oracle can request, what methodology they must use, and any limitations on audit frequency or scope. Some older Oracle agreements contain clauses that limit LMS to specific products or deployment locations; these are valuable constraints worth identifying early. Download the complete response checklist from our Oracle Audit Defence resource page to ensure nothing is missed in this first phase.

Days 6 to 15: Internal Scoping Before You Agree to Oracle's Scripts

Oracle will request that you run LMS scripts — Oracle's own measurement tools — across your estate and submit the results. This is the critical juncture in how to respond to an oracle audit letter effectively. Oracle's scripts are designed to capture the broadest possible deployment picture. They identify every Oracle product installed on every server in scope, including software installed as a dependency of other applications, software in test or development environments that may technically be licensed differently under your agreement, and deployments in virtualised environments where Oracle's counting methodology will expand the licence obligation significantly.

Before you agree to run Oracle's scripts, conduct your own internal scoping exercise. Map every server and virtualisation host where Oracle software may be present. For VMware environments, work with your virtualisation team to identify whether any clusters could be characterised as hard-partitioned — which would limit Oracle's scope to the specific hosts where Oracle software runs rather than the entire cluster. Use our Oracle Virtualisation Licensing Risk Assessment to stress-test your environment against Oracle's virtualisation policy before LMS does.

This internal scoping phase also gives you the opportunity to identify and remediate any straightforward compliance gaps — products that are installed but not required, Oracle options that are enabled but not in use, or deployments in environments that could be cleanly decommissioned before Oracle's measurement date. Remediation before Oracle's scripts run is a legitimate and effective risk reduction strategy, provided it is done genuinely and not presented to Oracle as something it was not.

Days 16 to 30: Building Your Licence Position Document

The licence position document is your central artefact in the audit process — the structured, evidenced account of what you are licensed to use, how you are using it, and why your deployment is compliant on your reading of the contract. A well-prepared licence position document is the most powerful tool in any oracle license audit defence engagement. Without it, the settlement discussion happens entirely on Oracle's terms and Oracle's numbers.

Your licence position document needs to cover: your proof of entitlement (every licence agreement, order form, and written amendment); your technical architecture (server and VM configurations at the time of Oracle's measurement); your product entitlement mapping (which options, packs, and features are covered by your licences and which are not); and your contractual defences (any deployment flexibility rights, geography restrictions, or methodology obligations in your Oracle agreement that limit what LMS can claim). The more specific and evidenced your position document is, the harder Oracle's findings are to sustain without challenge.

By day thirty, you should have both your internal scoping completed and your initial licence position drafted — giving you a clear picture of your actual exposure before Oracle's LMS team presents its findings. In our experience across 500+ enterprise clients, organisations that complete this preparation typically reduce Oracle's initial shortfall claim by 30 to 45 percent before any negotiation begins — simply by correctly applying Oracle's own licensing rules to their situation. Engage our Oracle advisory team to lead this process, or explore the full Oracle advisory playbook available at our Oracle CIO Playbook landing page. You can also explore our Oracle Knowledge Hub for the complete library of supporting resources, and book a confidential call to get started immediately.