featured blogs / oracle audit

Oracle License Audit – 22 secrets that will help in 2024

An Oracle license audit is:

  • A process to check if customers comply with their Oracle software license agreements.
  • Typically conducted every 3 to 4 years, but the timeframe can vary
  • Significant Revenue Source: License audits form a substantial part of Oracle’s license revenue. We estimate that about 70% of all Oracle software license revenue originates from license audits.
  • Top 10 Oracle Audit Triggers in 2023 – Oracle Audits have not decreased; how they select customers has changed. Read about the latest trends.

To understand the potential financial risk, read the  Oracle LMS compliance policy and view Oracle price lists.

A summary of this article

  • No organization, small or large, is compliant with its Oracle licensing. We have conducted Oracle licensing assessments for over 300 companies, and so far, one company has been compliant.
  • Oracle software is costly; 8 cores of intel processor equals approximately $ 300,000 in license fees and maintenance. It very quickly gets expensive if you miscalculate or misunderstand a licensing policy.
  • As soon as they receive the audit notification, Oracle customers should contact an Oracle licensing expert who can analyze the same license compliance scripts as Oracle. They conduct an audit before Oracle is allowed to start its audit.
  • 90%+ of all compliance issues are due to a lack of knowledge of Oracle licensing rules and or policies; these can be remediated before the audit begins.
  • Suppose you have an Oracle audit report and made the mistake of going alone. In that case, there are still many things an Oracle licensing expert can help with, such as reviewing findings to identify errors in the report or finding the most optimal way of licensing.

Oracle License Audit Process 

Oracle License Audit Process

Understanding the Oracle Audit Cycle

  • Oracle typically audits customers every 3 to 4 years, but the timeframe can vary.
  • Higher audit likelihood if previously non-compliant or declining Oracle purchases.

The Challenge of Oracle Audits

  • Complex due to inadequate tools for measuring licenses.
  • Requires software tools and expert knowledge.
  • Most organizations found non-compliant in assessments.

Proactive Management of Audits

  • Engage with an Oracle license expert immediately after receiving an audit notification.
  • Understand your licensing position before the audit.
  • Proactivity can lead to minimal or zero fees post-audit.

Mastering the Oracle Audit Process

  • You have 45 days to respond to an Oracle audit.
  • Use this time to review licensing, ensure compliance, and develop an audit defense plan.
  • Effective preparation can lead to a successful audit outcome.
oracle license audit process

The Oracle Audit Process Simplified

Here’s a breakdown of the Oracle audit process, simplified for better understanding:

  1. Oracle Audit Notification
    Oracle LMS will send a friendly notification letter to your CFO, CIO, or both. This letter notifies you of Oracle’s intention to perform an audit of your Oracle software licenses. The letter will also indicate whether the audit will be conducted by Oracle directly or by an Oracle reseller/partner on their behalf.
  2. Audit Kick-off Meeting
    During the kick-off meeting, Oracle aims to agree on a timeline for you to share all necessary data. This step is crucial as Oracle’s audit process depends entirely on your cooperation and data provision. Oracle audits rely on you running their Oracle LMS scripts or license compliance tools.
  3. Data Sharing & Oracle LMS Scripts
    Oracle provides you with access to a web-based license audit portal. You’ll be asked to answer a questionnaire about your Oracle usage here. It’s essential to provide accurate information in this portal. You can then download the Oracle LMS scripts that Oracle wants you to run and upload the output in the same portal. We advise you not to share any data you haven’t independently analyzed with Oracle.
  4. Oracle Audit Report
    You’ll receive a report approximately 4-6 weeks after you’ve shared the data with Oracle. This is usually a “preliminary report,” where Oracle asks you to review the findings and confirm whether you agree.

    If you’re at this stage, disagree with the findings until you’ve had an Oracle licensing expert provide a second review of the license audit findings.

The reports are almost always issued in the second month of Oracle’s financial quarter. You have 30 days to purchase licenses for any shortfalls identified in the reports.

Hence, you can expect the report in the second month of the quarter.

What can trigger an Oracle Audit?

Oracle Audit triggers
  1. Hardware Environment Refresh: If you’ve conducted a hardware environment refresh within the past 24 months, it could trigger an audit.
  2. Old or Outdated License Metrics: Using old or outdated license metrics can raise a red flag for Oracle.
  3. Mergers and Acquisitions: If your company has recently undergone a merger or acquisition, it could trigger an Oracle license audit.
  4. Failure to Renew Unlimited Licensing Agreements (ULAs): If you’ve failed to renew your ULAs, it could lead to an audit.
  5. Recent Changes in Software Spend: A sudden change in your software spend can alert Oracle and potentially trigger an audit.
  6. Declining to Purchase Oracle Software Licenses and Cloud Services: If you refuse to purchase Oracle software licenses and Oracle cloud services, you’re more likely to be audited by Oracle.

Understanding Oracle LMS / Oracle GLAS

Oracle LMS, which stands for Oracle License Management Services, is Oracle’s official audit organization.

Reporting directly to the Oracle CFO, this organization operates independently from the Oracle sales team. In 2020, Oracle LMS was renamed Oracle Global License Advisory Services (GLAS).

The organization is structured into several groups, with the primary workforce in Bucharest, Romania.

This team is responsible for conducting all licensing analyses of Oracle LMS script outputs, including:

Roles in Oracle License Audits

Auditor’s Role:

  • Local Oracle LMS Members: Act as project managers and the audit’s face.
    • Host audit meetings.
    • Create the audit project plan.
    • Present and write the audit report.
  • Collaborate with local sales teams for customer selection.
  • Analysts in Romania do the majority of technical work.

Oracle LMS Audit Negotiations:

  • LMS does not handle commercial contract negotiations; Oracle sales teams manage this.
  • The “good cop, bad cop” dynamic between LMS and sales teams is a common tactic.

Understanding Oracle JPE:

  • Oracle JPE (Joint Partner Engagement) involves Oracle resellers conducting license audits.
  • JPE partners are rewarded for reselling licenses, potentially leading to biased audit results.

Oracle SIA:

  • Oracle SIA (Software Investment Advisory) aims to transition customers to Oracle Cloud and educate them on licensing.
  • Primarily staffed by former Oracle LMS auditors.
  • SIA’s approach sometimes leads to non-compliance discoveries and threats of official audits.

Recommendation:

  • Seek independent advice on Oracle licensing rather than relying solely on vendor-provided information.

What is Oracle LMSCollection Tool?

Oracle LMSCollection Tool is Oracle’s in-house developed set of scripts for measuring its customers’ Oracle software environments.

Oracle customers are allowed to use this script to measure Oracle licenses. However, the difficulty comes with correctly interpreting the output toward a license requirement.

The Oracle LMS scripts cover Oracle Database products and all its options, Oracle middleware products and Oracle E-business Suite, Oracle Siebel licensing, Primavera licensing, Peoplesoft licensing, and JD Edwards licensing.

Oracle license compliance script

We recommend that if you want independent advice on Oracle licensing or the cloud, you should work with a third party that is not incentivized to push you in one direction.

If you are under an Oracle license audit and need Oracle audit support, contact us, and we can start to help you as fast as possible.

How to manage the Oracle audit

Before the audit begins

Delay the Oracle license; you usually have 45 days to acknowledge receiving the audit letter. This is the time when you should quickly engage with an Oracle licensing expert to review your licensing.

This should be an ex-Oracle auditor who has helped hundreds of Oracle customers before and can use the same tools and methods that Oracle will use in the official audit.

oracle license audit triggers

Three Oracle License Compliance Risks

  1. Oracle Database Compliance Risks
    • Be cautious about installing the correct Oracle product edition.
    • Additional features in the Oracle database may require extra licenses.
    • Unknowing use of these features mandates purchasing licenses for past and current usage.
  2. License Metric Mistakes
    • Oracle has specific rules for the processor (CPU) or Named User Plus licenses.
    • Review hardware and understand Oracle’s licensing rules.
    • Note user minimums for each product (e.g., 25 user minimum for Oracle Database Enterprise Edition).
  3. Virtualization and Cloud Policy Risks
    • Deploying Oracle software on virtual technologies can easily lead to non-compliance.
    • Oracle’s soft partitioning guide, including virtualization technologies like VMware and Hyper-V, is often complex.
    • When deploying Oracle licenses in public clouds like AWS or Azure, specific rules apply.

FAQ on Oracle license audits 

How can we delay the Oracle audit?

You can delay the Oracle audit by negotiating with Oracle. This can be done by requesting more time to prepare for the audit, citing reasons such as needing time to gather the required data or engaging with an Oracle licensing expert.

What are the benefits of delaying the Oracle audit?

Delaying the Oracle audit gives you more time to prepare and understand your licensing position. This can help you identify and remediate potential compliance issues before the audit begins, reducing the risk of non-compliance findings.

What steps should we take internally while delaying the Oracle audit?

While delaying the Oracle audit, you should take the time to review your Oracle contracts and understand your licensing position.

This includes identifying any potential compliance issues and taking steps to remediate them. You should also consider engaging with an Oracle licensing expert to help you navigate the audit process.

What should we do if we identify a license shortage while preparing for the audit?

If you identify a license shortage while preparing for the audit, you should consider purchasing the required licenses before the audit begins.

Oracle will almost always take your order now instead of waiting for the audit completion, which can take many months.

What is an Oracle license audit?

An Oracle license audit is a process where Oracle checks if a customer is compliant with their Oracle software license agreements. This process is typically conducted every 3 to 4 years, but the timeframe can vary.

What triggers an Oracle audit?

Several factors can trigger an Oracle audit, including a hardware environment refresh, use of old or outdated license metrics, recent mergers and acquisitions, failure to renew Unlimited Licensing Agreements (ULAs), sudden changes in software spend, and refusal to purchase Oracle software licenses and cloud services.

Who at Oracle decides which customers are selected for audits?

If the Oracle account team didn’t select you, at least the Oracle audit team asked them for approval before issuing an audit letter.

What is Oracle LMS / Oracle GLAS?

Oracle LMS (License Management Services) is Oracle’s official audit organization.

In 2020, Oracle LMS was renamed Oracle Global License Advisory Services (GLAS). This organization operates independently from the Oracle sales team and is responsible for conducting all licensing analyses of Oracle LMS script outputs.

What role does the auditor play in the audit?

Oracle LMS has local members in most countries/regions worldwide. These individuals act as project managers and the face of the Oracle license audit.

Their responsibilities include hosting all Oracle license audit meetings, creating the audit project plan, and presenting and writing the audit report.

What is Oracle JPE?

Oracle JPE (Joint Partner Engagement) is an Oracle initiative that uses Oracle resellers to conduct and manage Oracle license audits.

Oracle does not pay the JPE partners consulting fees and is only rewarded if they can resell licenses to cover any shortfall in the Oracle license audit report.

What is Oracle SIA?

Oracle SIA (Software Investment Advisory) is an initiative started by Oracle to help more customers transition to Oracle cloud and educate and train its customers about Oracle licensing topics.

What is Oracle LMSCollection Tool?

Oracle LMSCollection Tool is Oracle’s in-house developed set of scripts for measuring its customers’ Oracle software environments.

How to manage the Oracle audit?

It is recommended that you engage with an Oracle licensing expert to review your licensing as soon as you receive the audit notification letter from Oracle.

What are the common Oracle license compliance risks?

The common risks include Oracle Database Compliance Risks, License Metric Mistakes, and Virtualization and Cloud Policy Risks.

What should be the first step after receiving the audit letter?

The first step should be reviewing your contracts and understanding the audit clause.

Can we postpone the audit?

Yes, it is possible to postpone the audit. The duration of the delay depends on how well you negotiate with Oracle.

What actions should we take internally while we fend off Oracle with NDAs and negotiations?

You must figure out your compliance gap and how to fix it before the audit starts.

If we determine a license shortage, should we buy those licenses before the license audit begins?

Oracle will almost always take your order now instead of waiting for the audit completion, which can take many months.

How do we figure out what our Oracle license position is?

Getting external help from a partner who can analyze Oracle audit scripts. Then, you can remediate any exposure before the audit begins.

What mistake software audit should we avoid?

Don’t hand over any SAM tool data to Oracle without analyzing it.

We trust Oracle to do the right thing; we have a good business relationship with Oracle. Why should we use external help?

Even if Oracle can be good-hearted, inexperienced license auditors will lead to mistakes.

Our CIO/CFO received an Audit Letter, and Oracle LMS is contacting us now. Do we need to reply to their letter?

Take your time; per your contracts with Oracle – You usually have 45 days to reply to the notification and have no contractual obligation to acknowledge the letter until the 45 days are up.

If you want more than 45 days, you can try to negotiate a contract term giving you 90 90-day notice period.

We received an e-mail from our sales rep with an Excel spreadsheet they want to fill in with our licenses. Do we need to cooperate?

No, you have no obligation at all. This is not a formal audit.

What happens if we don’t reply to Oracle within the 45days?

Oracle will start to “chase” you, but there will not be any consequence of delaying. Once Oracle contacts you, let them know you missed the notification and are willing to discuss the audit.

Can we postpone the audit?

Yes, this happens all the time. How long it will take depends on how well you negotiate with Oracle. – The Oracle audit clause says, “The audit shall not reasonably interfere with your business operations.”

Oracle is often nice enough to delay an audit for a few months if you provide them with a reasonable business justification for why you want to postpone the Oracle licensing audit. Good reasons can be you are currently undertaking changes in your IT infrastructure.

Can we persuade Oracle to cancel the license audit?

That is more difficult, but I have seen it happen; usually, that involves you making a large purchase. Then, Oracle can withdraw the audit notification.

What should be our first step after we have received the audit letter?

Review your contracts; what does the audit clause say? Does Oracle have the right to audit you?

Action to take: If you and many others don’t have copies of your agreements, you might want to contact Oracle to get copies of all the relevant contracts. Support renewals are insufficient; they should be Oracle OMA, OLSA, and Ordering Documents.

We reviewed our Oracle audit clause And concluded that Oracle has the right to audit our company. What should be our next step?

Now, you should negotiate an NDA and ask Oracle to sign your company NDA. This usually takes them a few weeks, buying them more time to prepare for the audit.

And once our NDA is signed by Oracle?

Oracle always wants to schedule a kick-off meeting ASAP. Such a meeting aims to discuss the project plan, share scripts, etc.

Getting your agreement on specific dates when you will submit the data to Oracle. Our advice is to use the next meeting instead to negotiate:

Oracle is asking us to schedule a kick-off meeting; why are they in such a rush?

Oracle always wants to schedule the audit kick-off immediately; say no.

Oracle suspects that the more time you have to prepare for the Oracle audit, the greater the chance you might discover and fix any license gaps before the audit begins.

During the audit, will Oracle come onsite to our data center?

Oracle has no right to access your data center, and they also do not have any discovery tool to find all of your Oracle Software. The Oracle audit cannot occur without your collaboration, which is something to remember.

We are a global company, and Oracle wants to license audit our subsidiary. Should we allow it?

You can try to say no, but how can Oracle, on a local level, determine if they have enough licenses?

You might have spare licenses on another subsidiary covering any license shortfall. The audited subsidiary might have a shortfall of 20 Weblogic Licenses, but those might be available from another entity. It is challenging for Oracle to conduct an Oracle licensing audit on a subsidiary as you may have a surplus of Oracle licenses on another legal entity.

Oracle wants to include our Oracle ASFU Licenses in the Oracle licensing audit.

This is not allowed, But I have seen that Oracle LMS sometimes includes Oracle ASFU licenses. Per the contract, any audit on ASFU licenses should go thru the partner from which you bought the Oracle ASFU licenses.

Why is our company being selected for a license audit? Is it simply “our turn”?

No, there is no such thing as a “your turn system” when it comes to Oracle License Audits. The software audits are not random.

You have been selected by your Account Manager with the support of Oracle LMS. There is almost always a reason to suspect that Oracle has good grounds for suspecting you are audited. Some customers have not been audited for ten years. Others are audited every 3-4 years.

What actions should we take internally while we fend off Oracle with NDAs and negotiations?

You must figure out your compliance gap and how to fix it before the audit starts. 95% of all Oracle audits have a shortfall, and usually, they are in the millions. But most of the license gap is not because customers are “over-using” Oracle.

If we determine a license shortage – should we buy those licenses before the license audit begins?

Oracle will almost always take your order now instead of waiting for the audit completion, which can take many months.

You have a stronger negotiation position to purchase before the audit begins rather than after.

How do we figure out what our Oracle license position is?

I strongly recommend – getting external help from a partner who can analyze Oracle audit scripts.

Once Oracle hands the LMS scripts over to you, you run the scripts and then give the licensing partner the output first. They can analyze what Oracle will find out once they get the output.

We are not a big Oracle customer; should we be concerned?

We have helped companies that only have five servers of Oracle Software running, and they are being found to be millions of euros non-compliant. One customer had four servers and was facing a 9-million USD license gap.

What mistake software audit should we avoid?

Don’t hand over any SAM tool data to Oracle; you need to analyze it. The Oracle-verified tools by Oracle are not verified to analyze them correctly. If they were, Oracle would trust your SAM tool reports.

No, they want the raw script data under the tool, showing you are out of compliance. Also, even if you have skilled in-house Oracle SAM staff, you should consider getting external help if you are under audit – It can help to have “fresh” eyes looking at data to verify that you are correctly licensed.

Where does the contract say I need to run Oracle audit scripts?

In the Oracle audit clause, you can find it in your Oracle OMA. Many contracts do not mention running Oracle data measurement tools. However, some later versions have contract language saying you must run Oracle data measurement tools.

If Oracle audits you, Redress Compliance can analyze the Oracle LMS Script and tell you what Oracle will discover in the audit. The independent audit will give you more options before the official Oracle audit begins.

Which tool does Oracle use when they are auditing customers?

Oracle uses the Oracle LMS Collection Tool. An in-house developed set of scripts that can measure licensing and deployments for Oracle database, middleware, and Oracle applications.

We tried to do the audit with Oracle ourselves. Can you still help?

Yes, we find errors in almost every Oracle audit report we review. These errors can either reduce the findings or make your negotiation position stronger.

Look at Oracle’s price list and compare it to our services price. It is easy to make an ROI.

How quickly can you help us?

We can usually start an engagement within a few days after agreeing to the commercial contract between you and us.

What is included in the preliminary report we received from Oracle after the audit, and what should we do with it?

The preliminary report contains Oracle’s findings on your software deployments, backups, and number of users. Reviewing the information to ensure no mistakes and confirm the report’s accuracy is essential.

How can the audit report be inaccurate?

You may have provided Oracle with incorrect information about your Oracle deployments, backups, or several users. Additionally, Oracle may make mistakes in their calculations or miss the licenses that you have.

What other types of mistakes can Oracle make in its audit report?

Oracle may miscalculate licensing, misinterpret contract terms, or overlook licenses you have already purchased. The possibilities are many.

Does Oracle deliberately include errors in its audit reports?

No, it is simply because the Oracle License Management Services (LMS) team that conducts the audit often has auditors with only a few years of experience in Oracle licensing.

To understand Oracle licensing thoroughly, you need years of experience.

What else should we consider when reviewing the audit report besides errors?

Oracle will typically assume the worst-case licensing scenario, which may not be necessary for your situation.

Many licensing models are available for Oracle software, and it’s essential to understand which model is most appropriate for your organization.

Do we have to purchase the licenses the audit report says we are missing within 30 days?

No, it is best to acknowledge that you have received the report and need time to review it.

Never agree with the report immediately; this will start the 30-day period when you must resolve any licensing gaps with Oracle.

Can we negotiate discounts when resolving the audit?

Yes, but expect the discounts to be lower than the ones you may have received in the past. The average discount for audit-related purchases is around 30-40% lower than regular purchases.

Do all customers get treated equally in a license audit?

Unfortunately, no. Your success in an Oracle license audit depends on your knowledge, negotiation skills, and determination to pay zero.

It’s best to work with expert firms who can share their experiences with other companies to avoid overpaying.

What if Oracle starts the 30-day countdown before we confirm the findings?

Let Oracle know they are incorrect, and that you need more time to review the report.

Can we extend the 30-day negotiation period by talking to Oracle?

Yes, the rule of thumb is that negotiations can extend until the end of Oracle’s fiscal year (end of May). However, Oracle may not agree to extend it beyond this date.

What is the difference between a preliminary and final Oracle license audit report?

The only difference is that with the final report, you are contractually obliged to resolve any licensing gaps within 30 days. Disagree with the report’s findings, as the clock will start ticking.

What is your best and final advice?

Contact us for help; engaging with us may be your company’s best investment this year.

Oracle License Audit Defense Service

Former Oracle license auditors deliver our Oracle License Audit Defense service, which includes the following services:

  • Oracle Licensing Assessment: We assess your current Oracle licensing and provide a comprehensive report on your compliance status.
  • Oracle License Compliance Report: Our report includes a detailed analysis of your compliance risk, financial exposure, and recommendations for solving compliance issues.
  • Contractual Compliance Review: We review your contracts and agreements to ensure you meet all your contractual obligations and maximize your licensing benefits.
  • Advisory in Oracle License Audit: We provide guidance and support throughout the entire Oracle license audit process, from initial notification to final resolution.
  • Audit Negotiation Service: Our experienced negotiators work on your behalf to minimize any financial exposure and ensure a fair outcome for your organization.

Most Redress Compliance clients end up paying zero to Oracle in audit penalties;

contact us today to get help!

Author

  • Fredrik Filipsson

    Fredrik Filipsson brings two decades of Oracle license management experience, including a nine-year tenure at Oracle and 11 years in Oracle license consulting. His expertise extends across leading IT corporations like IBM, enriching his profile with a broad spectrum of software and cloud projects. Filipsson's proficiency encompasses IBM, SAP, Microsoft, and Salesforce platforms, alongside significant involvement in Microsoft Copilot and AI initiatives, enhancing organizational efficiency.