Introduction to Oracle License Audit
Navigating an Oracle license audit can be a daunting task.
That’s why we’ve created this comprehensive guide to give you the answers you need to manage the audit process effectively.
- Expert Insights: This guide is the culmination of insights from Oracle licensing experts who have experienced both sides of the audit process. They’ve conducted audits for Oracle and, as consultants, have assisted over 100 companies in defending themselves during Oracle license audits.
- Deep Dive into the Audit Process: We’ll explore the Oracle license audit process in detail, pinpointing the most common reasons for non-compliance. With this knowledge, you’ll be better prepared to manage the audit effectively.
- Strategic Recommendations: We provide strategic advice on managing the audit process. Our primary suggestion? Don’t tackle an Oracle licensing audit solo.
- Significant Revenue Source: License audits form a substantial part of Oracle’s license revenue. We estimate that about 70% of all Oracle software license revenue originates from license audits.
- Top 10 Oracle Audit Triggers in 2023 – Oracle Audits have not decreased; how they select customers has changed. Read ab out the latest trends.
To understand the potential financial risk, read the Oracle LMS compliance policy and view Oracle price lists.
- Oracle License Audit Process
- The Oracle Audit Process Simplified
- What can trigger an Oracle Audit?
- Understanding Oracle LMS / Oracle GLAS
- Understanding Oracle JPE
- What is Oracle SIA?
- How to manage the Oracle audit
- Three Oracle license compliance risks
- FAQ on Oracle license audits
- Oracle License Audit Defense Service
A summary of this article
- No organization is compliant with their Oracle licensing, small or large organizations. We have conducted Oracle licensing assessments for over 300 companies, and so far, one company has been compliant.
- Oracle software is costly; 8 cores of intel processor equals approx $ 300,000 in license fees and maintenance. It very quickly gets expensive if you miscalculate or misunderstand a licensing policy.
- As soon as they receive the audit notification, Oracle customers should contact an Oracle licensing expert who can analyze the same license compliance scripts as Oracle. They conduct an audit before Oracle is allowed to start its audit.
- 90%+ of all compliance issues are due to a lack of knowledge of Oracle licensing rules and or policies; these can be remediated before the audit begins.
- Suppose you have an Oracle audit report and made the mistake of going alone. In that case, there are still many things an Oracle licensing expert can help with, such as reviewing findings to identify errors in the report or finding the most optimal way of licensing.
Oracle License Audit Process
Understanding the Oracle Audit Cycle
Oracle typically audits customers every 3 to 4 years. However, this timeframe can vary. If you’re an Oracle customer who has previously been found out of compliance with your Oracle software license agreements, you’ll likely face an audit again.
Similarly, if you decline to purchase Oracle software licenses and cloud services, your chances of being audited by Oracle increase.
The Challenge of Oracle Audits
Managing Oracle audits can be complex due to the lack of software tools that accurately measure your licenses. It usually requires a combination of the following:
- Software tools
- Expert knowledge
To accurately measure Oracle licenses. According to our records at Redress, out of the 300 licensing assessments we’ve conducted over the years, only one organization has been fully compliant.
Proactive Management of Audits
Audits can be easier to manage if you’re proactive upon receiving the audit notification letter from Oracle. It’s crucial to:
- Quickly engage with an Oracle license expert
- Understand your licensing position before the audit begins
By doing so, there’s a strong chance you’ll pay zero to Oracle after the official license audit.
Mastering the Oracle Audit Process
Mastering the Oracle audit process is essential for companies to take control and avoid unnecessary fees to Oracle. Remember, you have 45 days to reply to the Oracle audit. This means you have 45 days to:
- Review your Oracle licensing
- Make sure your licensing is in order before the audit begins.
- Come up with an Oracle audit defense plan.
Taking these steps can help ensure a successful audit outcome.
The Oracle Audit Process Simplified
Here’s a breakdown of the Oracle audit process, simplified for better understanding:
- Oracle Audit Notification
Oracle LMS will send a friendly notification letter to your CFO, CIO, or both. This letter notifies you of Oracle’s intention to perform an audit of your Oracle software licenses. The letter will also indicate whether the audit will be conducted by Oracle directly or by an Oracle reseller/partner on their behalf. - Audit Kick-off Meeting
During the kick-off meeting, Oracle aims to agree on a timeline for you to share all necessary data. This step is crucial as Oracle’s audit process depends entirely on your cooperation and data provision. Oracle audits rely on you running their Oracle LMS scripts or license compliance tools. - Data Sharing & Oracle LMS Scripts
Oracle provides you with access to a web-based license audit portal. You’ll be asked to answer a questionnaire about your Oracle usage here. It’s essential to provide accurate information in this portal. You can then download the Oracle LMS scripts that Oracle wants you to run and upload the output in the same portal. We advise you not to share any data you haven’t independently analyzed with Oracle. - Oracle Audit Report
You’ll receive a report approximately 4-6 weeks after you’ve shared the data with Oracle. This is usually a “preliminary report,” where Oracle asks you to review the findings and confirm whether you agree.
If you’re at this stage, disagree with the findings until you’ve had an Oracle licensing expert provide a second review of the license audit findings.
The reports are almost always issued in the second month of Oracle’s financial quarter. You have 30 days to purchase licenses for any shortfalls identified in the reports. Hence, you can expect the report in the second month of the quarter.
What can trigger an Oracle Audit?
- Hardware Environment Refresh: If you’ve conducted a hardware environment refresh within the past 24 months, it could trigger an audit.
- Old or Outdated License Metrics: Using old or outdated license metrics can raise a red flag for Oracle.
- Mergers and Acquisitions: If your company has recently undergone a merger or acquisition, it could trigger an Oracle license audit.
- Failure to Renew Unlimited Licensing Agreements (ULAs): If you’ve failed to renew your ULAs, it could lead to an audit.
- Recent Changes in Software Spend: A sudden change in your software spend can alert Oracle and potentially trigger an audit.
- Declining to Purchase Oracle Software Licenses and Cloud Services: If you refuse to purchase Oracle software licenses and Oracle cloud services, you’re more likely to be audited by Oracle.
Understanding Oracle LMS / Oracle GLAS
Oracle LMS, which stands for Oracle License Management Services, is Oracle’s official audit organization. Reporting directly to the Oracle CFO, this organization operates independently from the Oracle sales team. In 2020, Oracle LMS was renamed Oracle Global License Advisory Services (GLAS).
The organization is structured into several groups, with the main workforce in Bucharest, Romania. This team is responsible for conducting all licensing analyses of Oracle LMS script outputs, including:
- Database outputs
- Middleware outputs
- Oracle application outputs
- Java Deployments
- Oracle SaaS Usage Reports
What Role does the auditor play in the audit
Oracle LMS has local members in most countries/regions worldwide. These individuals act as project managers and the face of the Oracle license audit. Their responsibilities include:
- Hosting all Oracle license audit meetings
- Creating the audit project plan
- Presenting and writing the audit report
These local members work closely with the local sales teams to decide which Oracle customers are selected for Oracle license audits. However, Romania’s technical analysts do most of the Oracle licensing audit work.
Oracle LMS Audit Negotiations
It’s important to note that Oracle LMS does not negotiate commercial contracts with its end customers. The Oracle sales organization manages this task.
The Oracle sales teams and LMS often play the “good cop, bad cop” game. However, don’t be fooled by this tactic – the Oracle sales teams pull all the strings at Oracle.
Understanding Oracle JPE
Oracle JPE, short for Joint Partner Engagement, is an Oracle initiative that uses Oracle resellers to conduct and manage Oracle license audits.
Oracle does not pay the JPE partners consulting fees and is only rewarded if they can resell licenses to cover any shortfall in the Oracle license audit report.
Warning: This is a red flag for anyone familiar with Oracle licensing. Oracle licensing around many topics, such as Virtualization, Cloud, and DR, is vague and open to interpretation.
Having a company managing software audits with an incentive to resell more licenses is questionable – you can imagine that the Oracle licensing interpretations are unfavorable to the end customer.
What is Oracle SIA?
Oracle SIA, short for Oracle Software Investment Advisory, is an initiative started by Oracle to help more customers transition to Oracle cloud and educate and train its customers about Oracle licensing topics. Former ex-Oracle LMS auditors account for 80% of its staff.
However, the results of this initiative have been precise. Many Oracle customers who started conversations with Oracle SIA about their licensing were surprised when Oracle SIA discovered non-compliance during those educational sessions.
Oracle SIA has turned help into threats of official Oracle license audits unless a purchase for new licenses was made.
Recommendation: It’s advisable to seek independent advice on Oracle licensing, not from the vendor.
What is Oracle LMSCollection Tool?
Oracle LMSCollection Tool is Oracle’s in-house developed set of scripts for measuring its customer’s Oracle software environments.
Oracle customers are allowed to use this script for measuring Oracle licenses. However, the difficulty comes with correctly interpreting the output toward a license requirement.
The Oracle LMS scripts cover Oracle Database products and all its options, Oracle middleware products and Oracle E-business Suite, Oracle Siebel licensing, Primavera licensing, Peoplesoft licensing, and JD Edwards licensing.
Our recommendation – if you want independent advice on Oracle licensing or cloud, you should work with a third party that is not incentivized to push you in one direction.
If you are under an Oracle license audit and need Oracle audit support, contact us, and we can start to help you as fast as possible.
How to manage the Oracle audit
Before the audit begins
Delay the Oracle license; you usually have 45 days to acknowledge receiving the audit letter. This is the time when you should quickly engage with an Oracle licensing expert to review your licensing.
This should be an ex-Oracle auditor who has helped hundreds of Oracle customers before and can use the same tools and methods that Oracle will use in the official audit.
Three Oracle license compliance risks
1. Oracle Database Compliance Risks
Oracle products have different editions; ensure you have installed the correct version. Oracle database also has additional features that require additional licenses. If you unknowingly have used those features now or in the past, you will be required to purchase licenses for both past and active usage.
2. License Metric Mistakes
Oracle has different rules for calculating Oracle licenses for processors (CPU) or Named User Plus. Reviewing the hardware you are running and understanding Oracle licensing rules to ensure you have sufficient Oracle licenses to cover your needs is important.
There are, for example, user minimums for each product, 25 user minimums for Oracle database enterprise edition, and the options must have matching quantities and metrics.
3. Virtualization and Cloud Policy Risks
If you deploy Oracle software on virtual technologies, it is straightforward to be out of compliance with your Oracle license entitlements. Oracle soft partitioning guide that includes vague rules for licensing Oracle in VMware, Hyper-V, IBM LPAR, and other technologies is often a cause for concern.
If you are deploying Oracle licenses in AWS or Azure, there are rules for calculating the licensing when deploying in the public cloud.
Many Oracle customers are caught out in license audits because they are unaware of these licensing policies.
FAQ on Oracle license audits
How can we delay the Oracle audit?
You can delay the Oracle audit by negotiating with Oracle. This can be done by requesting more time to prepare for the audit, citing reasons such as needing time to gather the required data or engaging with an Oracle licensing expert.
What are the benefits of delaying the Oracle audit?
Delaying the Oracle audit gives you more time to prepare and understand your licensing position. This can help you identify and remediate potential compliance issues before the audit begins, reducing the risk of non-compliance findings.
What steps should we take internally while delaying the Oracle audit?
While delaying the Oracle audit, you should take the time to review your Oracle contracts and understand your licensing position. This includes identifying any potential compliance issues and taking steps to remediate them. You should also consider engaging with an Oracle licensing expert to help you navigate the audit process.
What should we do if we identify a license shortage while preparing for the audit?
If you identify a license shortage while preparing for the audit, you should consider purchasing the required licenses before the audit begins. Oracle will almost always take your order now instead of waiting for the audit completion, which can take many months.
What is an Oracle license audit?
An Oracle license audit is a process where Oracle checks if a customer is compliant with their Oracle software license agreements. This process is typically conducted every 3 to 4 years, but the timeframe can vary.
What triggers an Oracle audit?
Several factors can trigger an Oracle audit, including a hardware environment refresh, use of old or outdated license metrics, recent mergers and acquisitions, failure to renew Unlimited Licensing Agreements (ULAs), sudden changes in software spend, and refusal to purchase Oracle software licenses and cloud services.
Who at Oracle decides which customers are selected for audits?
The Oracle account team, if they didn’t select you, at least the Oracle audit team asked them for approval before issuing an audit letter.
What is Oracle LMS / Oracle GLAS?
Oracle LMS (License Management Services) is Oracle’s official audit organization. In 2020, Oracle LMS was renamed Oracle Global License Advisory Services (GLAS). This organization operates independently from the Oracle sales team and is responsible for conducting all licensing analyses of Oracle LMS script outputs.
What role does the auditor play in the audit?
Oracle LMS has local members in most countries/regions worldwide. These individuals act as project managers and the face of the Oracle license audit. Their responsibilities include hosting all Oracle license audit meetings, creating the audit project plan, and presenting and writing the audit report.
What is Oracle JPE?
Oracle JPE (Joint Partner Engagement) is an Oracle initiative that uses Oracle resellers to conduct and manage Oracle license audits. Oracle does not pay the JPE partners consulting fees and is only rewarded if they can resell licenses to cover any shortfall in the Oracle license audit report.
What is Oracle SIA?
Oracle SIA (Software Investment Advisory) is an initiative started by Oracle to help more customers transition to Oracle cloud and educate and train its customers about Oracle licensing topics.
What is Oracle LMSCollection Tool?
Oracle LMSCollection Tool is Oracle’s in-house developed set of scripts for measuring its customer’s Oracle software environments.
How to manage the Oracle audit?
It is recommended to engage with an Oracle licensing expert to review your licensing as soon as you receive the audit notification letter from Oracle.
What are the common Oracle license compliance risks?
The common risks include Oracle Database Compliance Risks, License Metric Mistakes, and Virtualization and Cloud Policy Risks.
What should be the first step after receiving the audit letter?
The first step should be reviewing your contracts and understanding the audit clause.
Can we postpone the audit?
Yes, it is possible to postpone the audit. The duration of the delay depends on how well you negotiate with Oracle.
What actions should we take internally while we fend off Oracle with NDAs and negotiations?
You must figure out your compliance gap and how to fix it before the audit starts.
If we determine a license shortage, should we buy those licenses before the license audit begins?
Oracle will almost always take your order now instead of waiting for the audit completion, which can take many months.
How do we figure out what our Oracle license position is?
Getting external help from a partner who can analyze Oracle audit scripts. Then you can remediate any exposure before the audit begins.
What mistake software audit should we avoid?
Don’t hand over any SAM tool data to Oracle without analyzing it.
We trust Oracle to do the right thing; we have a good business relationship with Oracle. Why should we use external help?
Even if Oracle can be good-hearted, inexperienced license auditors will lead to mistakes.
Our CIO/CFO received an Audit Letter, and Oracle LMS is contacting us now. Do we need to reply to their letter?
Take your time; per your contracts with Oracle – You usually have 45 days to reply to the notificationYou have no contractual obligation to acknowledge the letter until the 45 days are up. If you want more than 45 days, you can try to negotiate a contract term giving you 90 day notice period.
We received an e-mail from our sales rep with an Excel spreadsheet they want to fill in with our licenses. Do we need to cooperate?
No, you have no obligation at all. This is not a formal audit.
What happens if we don’t reply to Oracle within the 45days?
Oracle will start to “chase” you, but there will not be any consequence of delaying. Once Oracle contacts you, just let them know that you missed the notification and are willing to discuss the audit.
Can we postpone the audit?
Yes, this happens all the time. For how long, that depends on how well you negotiate with Oracle. – The Oracle audit clause says, “The audit shall not reasonably interfere with your business operations” Oracle is often nice enough to delay an audit for a few months if you can provide them with a good business justification for why you want to postpone the Oracle licensing audit. Good reasons can be you are currently undertaking changes in your IT infrastructure.
Can we persuade Oracle to cancel the license audit?
That is more difficult, but I have seen it happen; usually, that involves you making a large purchase. Then Oracle can withdraw the audit notification.
What should be our first step after we have received the audit letter?
Review your contracts; what does the audit clause say? Does Oracle have the right to audit you? Action to take: If you and many others don’t have copies of your agreements, you might want to contact Oracle to get copies of all the relevant agreements. Support renewals are insufficient; they should be Oracle OMA, OLSA, and Ordering Documents.
We reviewed our Oracle audit clause And concluded that Oracle has the right to audit our company. What should be our next step?
Now you should negotiate an NDA and ask Oracle to sign your company NDA. This usually takes them a few weeks, buying them more time to prepare for the audit.
And once our NDA is signed by Oracle?
Oracle always wants to schedule a kick-off meeting ASAP. Such a meeting aims to discuss the project plan, share scripts, etc. Getting your agreement on specific dates when you will submit the data to Oracle. Our advice is to use the next meeting instead to negotiate:
Oracle is asking us to schedule a kick-off meeting; why are they in such a rush?
Oracle always wants to schedule the audit kick-off immediately; say no. Oracle suspects that the more time you have to prepare for the Oracle audit, the greater the chance you might discover and fix any license gaps before the audit begins.
During the audit, will Oracle come onsite to our data center?
Oracle has no right to access your data center, and they also do not have any discovery tool to find all of your Oracle Software. The Oracle audit cannot occur without your collaboration, which is something to remember.
We are a global company, and Oracle wants to license audit our subsidiary. Should we allow it?
You can try to say no, for how can Oracle, on a local level, determine if they have enough licenses? You might have spare licenses on another subsidiary covering any license shortfall. The audited subsidiary might have a shortfall of 20 Weblogic Licenses, but those might be available from another entity. It is challenging for Oracle to conduct an Oracle licensing audit on a subsidiary as you may have a surplus of Oracle licenses on another legal entity.
Oracle wants to include our Oracle ASFU Licenses in the Oracle licensing audit.
This is not allowed, But I have seen that Oracle LMS sometimes includes Oracle ASFU licenses. Per the contract, any audit on ASFU licenses should go thru the partner from which you bought the Oracle ASFU licenses.
Why is our company being selected for a license audit? Is it simply “our turn”?
No, there is no such thing as a “your turn system” when it comes to Oracle License Audits. The software audits are not random. You have been selected by your Account Manager with the support of Oracle LMS. There is almost always a reason to suspect that Oracle has good reasons for suspecting you are audited. Some customers have not been audited for ten years. Others are audited every 3-4 years.
What actions should we take internally while we fend off Oracle with NDAs and negotiations?
You must figure out your compliance gap and how to fix it before the audit starts. 95% of all Oracle audits have a shortfall, and usually, they are in the millions. But most of the license gap is not because customers are “over-using” Oracle.
If we determine a license shortage – should we buy those licenses before the license audit begins?
Oracle will almost always take your order now instead of waiting for the audit completion, which can take many months. You have a stronger negotiation position to purchase before the audit begins rather than after.
How do we figure out what our Oracle license position is?
I strongly recommend – getting external help from a partner who can analyze Oracle audit scripts. Once Oracle hands the LMS scripts over to you. You run the scripts and then give the licensing partner the output first. They can analyze what Oracle will find out once they get the output.
We are not a big Oracle customer; should we be concerned?
We have helped companies that only have five servers of Oracle Software running, and they are being found to be millions of euros non-compliant. One customer had four servers and was facing a 9-million USD license gap.
What mistake software audit should we avoid?
Don’t hand over any SAM tool data to Oracle; you need to analyze it. The Oracle-verified tools by Oracle are not verified to analyze them correctly. If they were, Oracle would trust your SAM tool reports. No, they want the raw script data under the tool, showing you are out of compliance. Also, even if you have skilled in-house Oracle SAM staff, if you should consider getting external help if you are under audit – It can help to have “fresh” eyes looking at data to verify that you are correctly licensed.
Where does the contract say I need to run Oracle audit scripts?
In the Oracle audit clause, you can find it in your Oracle OMA. Many contracts do not mention running Oracle data measurement tools. However, some later versions have contract language saying you must run Oracle data measurement tools. If Oracle audits you, Redress Compliance can analyze the Oracle LMS Script and tell you what Oracle will discover in the audit. The independent audit will give you more options before the official Oracle audit begins.
Which tool does Oracle use when they are auditing customers?
Oracle uses Oracle LMS Collection Tool. An in-house developed set of scripts that can measure licensing and deployments for Oracle database, middleware, and Oracle applications.
We tried to do the audit with Oracle ourselves. Can you still help?
Yes, we find errors in almost every Oracle audit report we review. These errors can either reduce the findings or make your negotiation position stronger. Look at Oracle’s price list and compare it to our services price. It is easy to make an ROI.
How quickly can you help us?
We can usually start an engagement within a few days after agreeing to the commercial contract between you and us.
What is included in the preliminary report we received from Oracle after the audit, and what should we do with it?
The preliminary report contains Oracle’s findings on your software deployments, backups, and number of users. Reviewing the information to ensure no mistakes and confirm the report’s accuracy is essential.
How can the audit report be inaccurate?
You may have provided Oracle with incorrect information about your Oracle deployments, backups, or several users. Additionally, Oracle may make mistakes in their calculations or miss the licenses that you have.
What other types of mistakes can Oracle make in its audit report?
Oracle may miscalculate licensing, misinterpret contract terms, or overlook licenses you have already purchased. The possibilities are many.
Does Oracle deliberately include errors in its audit reports?
No, it is simply because the Oracle License Management Services (LMS) team that conducts the audit often has auditors with only a few years of experience in Oracle licensing. To understand Oracle licensing thoroughly, you need years of experience.
What else should we consider when reviewing the audit report besides errors?
Oracle will typically assume the worst-case licensing scenario, which may not be necessary for your situation. Many licensing models are available for Oracle software, and it’s essential to understand which model is most appropriate for your organization.
Do we have to purchase the licenses the audit report says we are missing within 30 days?
No, it is best to acknowledge that you have received the report and need time to review it. Never agree with the report immediately; this will start the 30-day period when you must resolve any licensing gaps with Oracle.
Can we negotiate discounts when resolving the audit?
Yes, but expect the discounts to be lower than the ones you may have received in the past. The average discount for audit-related purchases is around 30-40% lower than regular purchases.
Do all customers get treated equally in a license audit?
Unfortunately, no. Your success in an Oracle license audit depends on your knowledge, negotiation skills, and determination to pay zero. It’s best to work with expert firms who can share their experiences with other companies to avoid overpaying.
What if Oracle starts the 30-day countdown before we confirm the findings?
Let Oracle know they are incorrect and you need more time to review the report.
Can we extend the 30-day negotiation period by talking to Oracle?
Yes, the rule of thumb is that negotiations can extend until the end of Oracle’s fiscal year (end of May). However, Oracle may not agree to extend it beyond this date.
What is the difference between a preliminary and final Oracle license audit report?
The only difference is that with the final report, you are contractually obliged to resolve any licensing gaps within 30 days. Disagree with the report’s findings, as the clock will start ticking.
What is your best and final advice?
Contact us for help; engaging with us may be your company’s best investment this year.
Oracle License Audit Defense Service
Former Oracle license auditors deliver our Oracle License Audit Defense service, which includes the following services:
- Oracle Licensing Assessment: We assess your current Oracle licensing and provide a comprehensive report on your compliance status.
- Oracle License Compliance Report: Our report includes a detailed analysis of your compliance risk, financial exposure, and recommendations for solving compliance issues.
- Contractual Compliance Review: We review your contracts and agreements to ensure you meet all your contractual obligations and maximize your licensing benefits.
- Advisory in Oracle License Audit: We provide guidance and support throughout the entire Oracle license audit process, from initial notification to final resolution.
- Audit Negotiation Service: Our experienced negotiators work on your behalf to minimize any financial exposure and ensure a fair outcome for your organization.
Most Redress Compliance clients end up paying zero to Oracle in audit penalties; contact us today to get help!