featured blogs / Oracle Licensing / Oracle Software Audit

Oracle License Audit Secrets to Know for 2024

What is an Oracle License Audit?

  • Oracle license audits are conducted to ensure compliance with software licensing agreements.
  • Oracle audits are either conducted directly by Oracle or through resellers.
  • The primary goal is identifying unlicensed usage, which can result in significant penalties.
  • Oracle may audit every 3-4 years, often targeting high-revenue products or past non-compliance issues.

What is an Oracle License Audit?

What is an Oracle License Audit

An Oracle license audit is a formal process where Oracle verifies that your organization is using its software in compliance with the terms of your licensing agreements.

While audits are framed as a compliance check, they are also a significant revenue generator for Oracle—60 % of its revenue comes from audits. Oracle uses audits primarily as a commercial tool to uncover unlicensed usage and push for additional license purchases.

How Oracle Conducts Audits

Oracle audits are conducted either:

  • Directly by Oracle, through their internal audit teams, or
  • Via resellers are auditors under Oracle’s Joint Partner Engagement (JPE) program.

These resellers are not independent auditors. Their only financial incentive comes from reselling Oracle licenses to cover any shortfalls found during the audit. This creates a conflict of interest, as they are primarily motivated to find non-compliance to generate sales. You should be especially careful with partner-led audits, as their goals may not align with your best interests.

Who Doesn’t Conduct Oracle Audits?

Unlike other industries, Oracle does not use big accounting firms like KPMG or Deloitte to conduct license audits. Instead, Oracle relies on its internal audit teams or the reseller partners to lead these efforts.

Potential Costs of an Oracle Audit

Oracle license audits can be very costly. Even a single server running Oracle software can carry a multi-million dollar risk if found to be non-compliant. This risk increases significantly if your organization uses unlicensed features, runs Oracle software in virtualized environments, or has legacy deployments that weren’t tracked properly.

Given the high stakes, it’s essential to approach an Oracle audit with caution. Before engaging with Oracle, carefully review your software usage and licensing.

How Oracle Licensing Works

How Oracle Licensing Works

Organizations must understand Oracle’s licensing models to ensure compliance and avoid unexpected costs.

Here’s a detailed look into some of the key licensing models and agreements used by Oracle:

Core-Based Licensing

Core-based licensing is typically used for Oracle Database and middleware products. In this model:

  • Licensing is based on the number of processor cores in the physical or virtual machine running Oracle software.
  • A core factor table is applied, which varies depending on the processor type. For example, some processors require fewer licenses per core than others.
  • All physical cores on a server must generally be licensed, even if Oracle is only running on a subset of them. This becomes particularly relevant in virtualized environments, where misinterpreting these rules can lead to non-compliance.

Named User Plus (NUP) Licensing

Named User Plus (NUP) licenses are typically used for environments with a defined and trackable number of users or devices.

Key aspects of NUP licensing include:

  • A license is required for each user or device that accesses Oracle software, whether directly or indirectly.
  • Organizations must track all users, including internal employees, contractors, and external users, to ensure compliance.
  • Even if users do not frequently access the system, they must still be licensed under the NUP model if they have access rights.

Application User Licensing

Oracle uses application user licensing for certain Oracle applications like E-Business Suite, Siebel, or PeopleSoft.

Key elements include:

  • Licensing is based on the number of users accessing the specific Oracle application.
  • Each application may have its definition of what constitutes a user, including employees, contractors, or even automated processes that access the application.
  • Miscounting application users can lead to licensing gaps, as indirect access or automation is sometimes overlooked.

Employee Metrics

Oracle applications, especially human capital management (HCM) and financial solutions use employee-based metrics.

The key considerations include:

  • Employee-based licensing counts the total number of employees in the organization, not just the ones directly using Oracle software.
  • This metric includes part-time, full-time, and sometimes contractors, which can significantly impact costs, especially in large organizations.
  • Tracking employee numbers accurately is crucial to avoiding non-compliance, as these licenses are tied to overall workforce size, not just software usage.

Oracle Agreements

Oracle Ordering Documents

Oracle Ordering Documents (OD) outline the specific terms and conditions for each Oracle product or service an organization purchases.

These documents:

  • Contain the exact licensing model, metrics, and entitlements applicable to the purchase.
  • Serve as the legal reference during audits or disputes.
  • It must be thoroughly reviewed to clarify what is being licensed and under what conditions.

Oracle Master Agreements (OMA)

The Oracle Master Agreement (OMA) is the overarching legal framework that governs the relationship between Oracle and its customers. Key components include:

  • These standard terms and conditions apply to all purchases, such as payment terms, confidentiality, and intellectual property rights.
  • It forms the foundation for any product or service agreements the customer enters into with Oracle.
  • Any changes to licensing terms or conditions are typically handled through amendments to the OMA.

Amendments

Amendments to the Oracle Master Agreement or individual Ordering Documents can be made to adjust specific terms, including:

  • Changes to licensing metrics, pricing structures, or support services.
  • Amendments are often negotiated during contract renewals or when purchasing additional products.
  • Keeping track of all amendments is essential to understand how they alter your licensing obligations.

By thoroughly understanding these key components—core-based licensing, NUP licensing, application user licensing, employee metrics, Oracle Ordering Documents, Oracle Master Agreements, and amendments—organizations can better manage their Oracle licenses and ensure compliance with Oracle’s complex licensing policies.

Common Oracle License Compliance Issues

Common Oracle License Compliance Issues

Oracle’s complex licensing models and frequently changing policies can make it difficult for organizations to stay compliant. Accurately misused or misunderstood can lead to significant financial penalties or legal consequences.

Below are some of the most common compliance issues organizations face with Oracle licensing:

  • Over-deployment of Oracle databases: Companies often deploy more instances than they have licenses due to poor tracking or misunderstandings of licensing terms. This can lead to significant fines during an audit.
  • Misuse of database options and management packs: Oracle provides various add-on features requiring separate licenses. Organizations may unknowingly use these features without the necessary licenses, creating compliance problems.
  • Incorrect licensing in virtualized environments: Licensing Oracle software can be complex. Misinterpreting these policies, like not licensing all physical cores on a server, is a common compliance issue.
  • Inaccurate user counts for Named User Plus (NUP) licenses: NUP licenses require a license for every user or device accessing the Oracle software. Many organizations fail to properly count all users, including indirect users, leading to licensing shortfalls.
  • Non-compliance with contractual terms: Violating contractual obligations, such as deployment restrictions or usage limitations, can result in compliance issues. This is particularly relevant during mergers, acquisitions, or divestitures, where license terms may change.
  • Inadvertent use of unlicensed features: Oracle software may have features enabled by default that require additional licenses. Accidentally using these features without proper licensing is a frequent compliance risk.

To avoid these compliance risks, organizations should:

  • Conduct regular internal audits of their Oracle software deployments.
  • Maintain detailed documentation of their usage and entitlements.
  • Engage experienced Oracle licensing experts to help interpret licensing rules and avoid compliance mistakes.

10 Most Common Reasons for Oracle License Audit Triggers

oracle license audit triggers
  1. Hardware Environment Refresh
    Changes in the IT infrastructure, such as server upgrades or migrations, often trigger Oracle audits as Oracle checks for proper licensing in the new environment.
  2. Virtualization and Cloud Deployments
    Moving Oracle software to virtualized environments or the cloud can prompt an audit, as Oracle’s licensing rules differ.
  3. Mergers and Acquisitions
    When companies merge or acquire other businesses, Oracle often initiates audits to verify compliance across the combined entities.
  4. Failure to Renew Unlimited Licensing Agreements (ULA)
    Expiring ULAs are a major trigger. Oracle may audit to confirm whether the customer has accurately reported their usage or needs additional licenses.
  5. Increased Usage or Deployment
    Sudden spikes in Oracle software usage or the deployment of new products can lead Oracle to initiate an audit to verify that all additional usage is properly licensed.
  6. Use of Outdated License Metrics
    Licensing on outdated metrics or failing to update license agreements when introducing new products can raise red flags for Oracle.
  7. Significant Changes in Software Spend
    Decreases or significant fluctuations in Oracle license spending can trigger audits, as Oracle may suspect under-licensing or mismanagement.
  8. Non-Compliance History
    If a company has previously been found non-compliant, Oracle may conduct follow-up audits to ensure compliance has been restored and maintained.
  9. Choosing a Non-Oracle Cloud Strategy
    Moving to a cloud provider other than Oracle can trigger an audit, as Oracle may scrutinize how its software is being used and whether it aligns with licensing agreements.
  10. Downloading Java SE Products Without Proper Licensing
    Downloading Java SE products requiring a license without an employee licensing model is a common trigger for audits, as Java SE licensing rules are often misunderstood.

These triggers often arise when Oracle identifies potential changes or risks in compliance and initiates audits to enforce proper licensing.

How to Prepare for an Oracle License Audit

How to Prepare for an Oracle License Audit

Preparing for an Oracle license audit minimizes risks and avoids costly non-compliance penalties.

One of the most effective ways to prepare is by contacting an independent Oracle licensing expert firm, such as Redress Compliance, which is staffed by ex-Oracle auditors.

These experts can conduct a comprehensive internal audit of your environments before the official audit begins, allowing you to proactively identify and address compliance issues.

Steps to Prepare:

  • Internal Audit Using Oracle’s Tools
    Redress Compliance can perform a thorough internal audit using the same tools and methods that Oracle will use in the pending official audit. This ensures that your environment is assessed under the same criteria Oracle would use, giving you a realistic view of your licensing position.
  • Remediate Up to 100% of Non-Compliance Issues.
    Most compliance issues stem from unintentional mistakes, such as incorrect software deployment or misuse of database options. By identifying these issues early, Redress Compliance can help you remediate up to 100% of non-compliance problems before Oracle’s audit starts. This proactive approach significantly reduces your risk of fines or penalties.
  • Audit Defense Strategy
    Beyond remediation, Redress Compliance helps you craft a comprehensive Oracle audit defense strategy. This includes gathering the necessary documentation, aligning your software deployments with your license entitlements, and ensuring your systems meet Oracle’s requirements.
  • Negotiating a Delay in the Audit
    If you need more time to prepare, Redress Compliance can assist in negotiating a delay in the audit process. They can communicate with Oracle on your behalf, providing valid business reasons for requesting an extension. This gives you additional time to prepare without being rushed into the audit.
  • Narrowing the Scope of the Audit
    Additionally, Redress Compliance can help you negotiate the scope of the audit. This can involve limiting the review to specific products or environments, thus reducing the overall complexity and potential risks involved in the audit.

By engaging a firm like Redress Compliance before the Oracle audit begins, you gain insight into your licensing position and arm yourself with a clear strategy to ensure compliance and protect your organization from unnecessary costs.

Read our Oracle Audit Defense Guide for IT Executives.

What to Expect During an Oracle Audit

What to Expect During an Oracle Audit

An Oracle license audit is a structured process designed to assess whether your organization is using Oracle software in compliance with its licensing terms.

Preparing for this process can help you mitigate risks and avoid unnecessary costs. Here’s what to expect during an Oracle audit:

1. Initial Inquiry and Information Request

The audit begins with a formal notification from Oracle. They will ask your organization several key questions about how you use Oracle software, including:

  • Legal entities involved with Oracle products.
  • Which applications are using Oracle software?
  • Territory deployments, covering on-premises or cloud installations. These initial questions help Oracle understand the breadth of your software use and set the scope for the audit.

2. Running Oracle License Compliance Scripts

After gathering basic information, Oracle will require you to run license compliance scripts across your systems. These scripts will:

  • Detect current usage of Oracle software.
  • Identify past unlicensed use, even if non-compliant usage occurred years ago. Oracle holds you liable for any unlicensed software usage it uncovers, regardless of when it happened. The compliance scripts provide Oracle detailed data about your deployments, user access, and database features or add-on usage.

3. Using the Oracle Audit Portal

Your organization will use Oracle’s Audit Portal throughout the audit. This online tool allows you to:

  • Download compliance scripts and run them in your environment.
  • Upload gathered data back to Oracle for their analysis.
  • As Oracle requires, share additional documents, such as contracts, invoices, and deployment records.

4. Review and Findings

Oracle will review the data collected through the compliance scripts and any other information you provide. They will then prepare a preliminary audit report that outlines any potential licensing gaps, such as:

  • Over-deployment of software beyond your licensed limits.
  • Use unlicensed features or add-ons, like database options requiring additional licensing.
  • Any past unlicensed usage, which may result in liabilities for historical non-compliance.

5. Liability for Past Non-Compliance

One critical aspect of an Oracle audit is that you are responsible for past unlicensed use, not just your current compliance. If Oracle finds that you previously used products without appropriate licenses, they can demand penalties or retroactive licensing fees. This makes it crucial to thoroughly understand your software usage over time, not just the present.

6. Negotiation and Resolution

After Oracle presents its findings, the resolution phase becomes a negotiation, where it’s essential to understand which non-compliance findings are valid and which may be subject to interpretation. Many issues in Oracle audits are not black-and-white, and some findings can be challenged based on how the licensing terms are applied. With the right knowledge, you can:

  • Avoid paying for non-compliance issues that are not clear violations of your agreements.
  • Challenge Oracle’s interpretation of licensing terms where ambiguity or misinterpretation may exist.

In addition to challenging the findings, the negotiation phase often involves:

  • Negotiating backdated support fees for past unlicensed use.
  • Securing discounts on new licenses to cover any shortfall.
  • Adjusting terms and conditions to better suit your business needs going forward.

Understanding Oracle’s licensing agreements and negotiating effectively can significantly reduce the financial impact of an audit. A well-prepared negotiation will ensure you only pay for actual, proven non-compliance and avoid unnecessary costs from unclear or misapplied findings.

Oracle Global Licensing and Advisory Services (GLAS)

Oracle Global Licensing and Advisory Services

Oracle Global Licensing and Advisory Services (GLAS) is Oracle’s audit organization, which is responsible for conducting license audits to ensure customers comply with their software agreements.

GLAS operates with a mix of local customer-facing auditors and a central technical team based in Romania.

  • Customer-Facing Auditors: Oracle often assigns a customer-facing auditor to a location in your country or region. This person coordinates the entire audit process, including the kick-off meeting, setting the scope of the audit, and ultimately presenting the findings to you as the end customer. They liaise directly with your organization and ensure smooth communication between your team and Oracle.
  • Technical Audit Team in Romania: While the local auditor handles coordination and communication, much of the technical analysis and audit review occurs at Oracle’s office in Romania. The team here conducts a detailed analysis of the data gathered during the audit, including running the Oracle license compliance scripts and interpreting the results.
  • Romanian Team Leading the Audit: In some cases, if no local auditor is assigned to your specific country, the audit may be led entirely by the team in Romania. In such cases, all communications and presentations are handled remotely.

Challenges with GLAS Audits

Our experience suggests that Oracle often hires junior auditors to conduct these audits. As a result, mistakes in the findings are not uncommon.

Given the complexity of Oracle’s licensing models and the potential for interpretation errors, it’s critical not to take the GLAS audit report at face value.

This is why a second-hand review of the audit findings with an expert is always recommended. Licensing experts can help you identify errors, challenge findings, and ensure compliance issues are correctly addressed, preventing you from overpaying or facing penalties for mistakes made in the audit process.

Trusting the GLAS report without independent review could result in paying for non-compliance that may not even be accurate.

How to Respond to an Oracle Audit Letter

Oracle Audit Letter Response Tips

Receiving an Oracle audit notification letter can be overwhelming, but how you respond is crucial in managing the audit process effectively.

Here are some best practices to keep in mind:

1. Read Your Audit Clause Carefully

Before responding, reviewing your Oracle audit clause in the relevant agreements is essential.

This will tell you your obligations during an audit, including how long you must respond to the notification.

Typically, you are given a 45-day notice period before any action is required. You are not obligated to respond immediately upon receiving the letter. Use this time wisely to prepare.

2. Understand the Scope of the Audit

Carefully read the audit letter to understand:

  • Which Oracle products does Oracle want to audit?
  • Which legal entities are included in the audit? Knowing which products and entities are targeted can help you identify where your compliance risks might be. If certain high-risk entities or products are listed, you can prioritize those areas in your internal review.

3. Acknowledge the Letter After 45 Days

We recommend waiting until the 45-day notice period is almost over before responding. This gives you valuable time to conduct an internal Oracle licensing assessment without rushing.

There is no benefit in responding too early; taking your time allows for better preparation.

4. Conduct an Internal Oracle Licensing Assessment

Before engaging with Oracle, an internal assessment of your Oracle licensing position is critical. This should include:

  • Running Oracle LMS scripts to gather data on your current software usage.
  • Review your contracts and agreements to fully understand your licensing entitlements and risks.
  • Identifying any compliance gaps that could be flagged during the official audit.

5. Prepare to Mitigate Risk

Conducting an internal review before responding to Oracle can help you:

  • Identify compliance issues early and fix them before Oracle finds them.
  • Anticipate Oracle’s findings and prepare a strategy for how to address any discrepancies.
  • If necessary, negotiate the audit’s scope, particularly if you believe some products or legal entities should be excluded from the review.

By taking a proactive and measured approach, such as delaying your response until the end of the notice period and conducting a thorough internal review, you can significantly improve your audit defense strategy and minimize potential compliance risks.

Oracle License Compliance Scripts

Oracle license compliance script

Oracle uses specialized Oracle license compliance scripts called Oracle LMSCollection Tools to gather data during a license audit. These scripts are designed to provide detailed information about the deployment and usage of various Oracle products.

Here’s a breakdown of what these tools cover and how they work:

What Oracle LMSCollection Tools Cover

The LMSCollection Tools are used to gather data from several Oracle products, including:

  • Oracle Database
  • Oracle Middleware products
  • Oracle E-Business Suite (EBS)
  • Oracle Siebel
  • Oracle Primavera
  • Oracle JD Edwards
  • And more Oracle products

Not a Discovery Tool

It’s important to note that the LMSCollection Tool is not a discovery tool. Oracle relies on you running the script on every server with Oracle software installed.

Oracle will not physically come to your data center or be able to scan your environment remotely. You are responsible for ensuring the tool runs correctly on all relevant systems.

Analyzing the Script Output

The output generated by the LMSCollection Tools is complex and requires years of training and expertise to interpret properly. The data will reveal detailed information about your Oracle software usage, including:

  • Which products are installed?
  • What features are being used?
  • Historical usage of certain Oracle software options and add-ons.

Before handing over this data to Oracle, you must analyze the output yourself with the help of an Oracle licensing expert.

These experts can help you understand what the data shows and what you are about to share with Oracle. If there are any compliance gaps or unexpected findings, this is your chance to remediate issues before Oracle sees the data.

By thoroughly reviewing the results and working with an experienced expert, you can control the narrative and avoid exposing yourself to unnecessary risks or potential non-compliance penalties.

Case Study 1: European Organization Faces Oracle Audit for Database, Middleware, EBS, and Java

oracle audit defense case study

Background

Oracle informed a large European financial services company of an upcoming audit covering its use of Oracle DatabaseMiddlewareE-Business Suite (EBS), and Java.

With a complex Oracle deployment spread across multiple business units and countries, the organization found it difficult to assess its compliance status internally.

Audit Defense Strategy

The company engaged Redress Compliance, an independent Oracle licensing consultancy, to develop a comprehensive audit defense strategy.

Key elements of this strategy included:

  • Delaying the Audit: Redress Compliance communicated with Oracle to negotiate an extension to the audit timeline, giving the organization more time to gather data, assess compliance, and properly prepare for the audit.
  • Conducting an Internal Assessment: Before the formal audit, Redress Compliance performed a thorough internal assessment of the company’s Oracle deployments and licensing entitlements. This involved collecting and analyzing data across the organization to identify potential non-compliance areas. A remediation plan was developed to address these issues.
  • Remediating Compliance Issues: The internal assessment revealed several areas of non-compliance. Redress Compliance worked with the company to remediate 97% of the compliance issues before the formal audit began, significantly reducing the company’s financial exposure.
  • Guiding the Audit Process: During the formal Oracle audit, Redress Compliance provided guidance and support, assisting with data collection, validating Oracle’s findings, and developing responses to any identified compliance issues.
  • Negotiating the Settlement: At the end of the audit, Oracle initially presented a compliance gap of €12 million. Redress Compliance worked with the company to challenge these findings. Using a combination of technical and contractual arguments, the consultancy successfully negotiated the final settlement down to €35,000 in additional license purchases.

Outcome

By leveraging Redress Compliance’s expertise, the organization significantly reduced its financial exposure during the Oracle audit. The settlement, reduced from an initial €12 million to just €35,000, illustrates the value of engaging independent experts to navigate complex Oracle audits.

Case Study 2: American Fortune 500 Company Undergoes Oracle Audit for Database, WebLogic, Java, and Siebel

case study oracle audit defense service

Background

A large American Fortune 500 technology company received notice from Oracle about a license audit covering their use of Oracle Database, WebLogic, Java, and Siebel CRM.

With hundreds of servers and thousands of users spread across multiple divisions, the company had a significant Oracle footprint that required careful management.

Audit Defense Strategy

The company partnered with Redress Compliance to manage the audit and minimize its financial exposure.

The key elements of the audit defense strategy included:

  • Delaying the Audit: Redress Compliance negotiated a 90-day delay with Oracle, giving the company time to assess its compliance status thoroughly and address any issues before the audit began.
  • Conducting an Internal Assessment: Redress Compliance performed a comprehensive internal review of the company’s Oracle deployments. The assessment revealed a potential compliance gap of $200 million, prompting the development of a detailed remediation plan.
  • Optimizing and Remediating: During the 90-day delay, Redress Compliance helped the company optimize Oracle deployments and address compliance gaps. This involved decommissioning unused servers, re-architecting certain systems, and re-harvesting unused licenses. As a result, the compliance gap was reduced from $200 million to $700,000.
  • Proceeding with the Audit: With the compliance gap reduced, the company proceeded with the formal Oracle audit. Redress Compliance provided support throughout the audit, validating Oracle’s findings and assisting in developing responses to any remaining compliance issues.
  • Negotiating the Settlement: At the audit’s conclusion, Oracle presented a compliance gap of $700,000. Redress Compliance worked closely with the company to negotiate a favorable settlement. By leveraging the company’s long-term relationship with Oracle and its significant investments in other Oracle products, Redress Compliance secured a 60% discount on the audit findings, resulting in a final settlement of just $270,000.

Outcome

This case demonstrates the significant impact of engaging independent experts like Redress Compliance.

The company reduced a potential $200 million compliance gap to a $270,000 settlement, highlighting the value of a well-executed audit defense strategy that includes internal assessments, optimization, remediation, and expert-led negotiations.

Oracle Audit Negotiation Tactics

Oracle Audit Negotiation Tactics

Negotiating an Oracle audit settlement requires a strategic approach. Here are essential tactics to help you reduce financial exposure and reach a more favorable outcome.

1. Ensure the Oracle Audit Report is Correct

  • Review the report carefully: Audit reports often contain errors due to misinterpretation or lack of experience from Oracle auditors.
  • Identify and leverage mistakes: When you find errors, use them to challenge other findings. Pointing out inaccuracies strengthens your position and can lead to higher discounts.
  • Question the accuracy: Even small errors can doubt the entire report, giving you leverage to negotiate better terms.

2. Understand Oracle Licensing Rules

  • Know how to interpret findings: Oracle’s licensing rules are complex and open to interpretation. A deep understanding of these rules allows you to challenge Oracle’s conclusions.
  • Work with experts: An Oracle licensing expert can help re-interpret findings in ways that reduce your liability and give you more negotiating power.

3. Counter Oracle’s Worst-Case Licensing Assumptions

  • Oracle assumes worst-case scenarios: Oracle’s audit report often applies the strictest licensing interpretations, inflating your liability.
  • Present best-case scenarios: With expert guidance, you can argue for more favorable licensing interpretations, lowering Oracle’s claims significantly.
  • Push back on inflated assumptions: Common tactics include challenging overestimated user counts, server deployments, and database options.

4. Benchmark Against Other Companies

  • Understand market trends: Knowing what other companies in your industry pay for similar audit findings helps you set realistic expectations.
  • Leverage benchmarks in negotiations: Use benchmarking data to argue for fairer terms and to demonstrate that Oracle’s demands are out of line with typical settlements.

5. Leverage Oracle’s Year-End or Quarter-End Timing

  • Oracle’s financial calendar matters: Oracle is motivated to close deals by the end of a quarter or fiscal year to meet sales targets.
  • Time your negotiations: If possible, delay negotiations until Oracle is pressured to close deals, which can result in larger discounts and more favorable terms.
  • Take advantage of Oracle’s urgency: Oracle’s need to finalize deals can work to your advantage, giving you leverage to push for bigger savings.

Oracle Licensing in Virtualized Environments Audits

Oracle has two ways to handle licensing in virtualized environments: soft and hard partitioning.

1. Soft Partitioning

  • In soft partitioning, Oracle does not recognize sub-capacity licensing. This means you must license the entire server, cluster, or even more, regardless of how much Oracle software runs.
  • Major risk: One of the biggest risks is using Oracle on VMware, where soft partitioning rules require you to license all physical hosts, even if only one is running Oracle.

2. Hard Partitioning

  • With hard partitioning, Oracle recognizes sub-capacity licensing, meaning you only need to license the capacity used by Oracle software.
  • However, your virtualization must be configured according to Oracle’s rules. You may have to license the entire server or cluster if not properly set up properly, leading to unexpected costs.

3. Review Oracle’s Partitioning Policy Document

Studying Oracle’s partitioning policy document is essential to avoid compliance issues. This will help you understand the risks involved and assess your licensing correctly, whether you’re using soft or hard partitioning.

Oracle Software Investment Advisory (SIA) Services

Oracle’s Software Investment Advisory (SIA) services are presented to help customers optimize their Oracle investments, but it’s important to understand that SIA is not independent or neutral.

While Oracle promotes SIA as a resource for licensing guidance, SIA operates within Oracle’s commercial interests, aiming to maximize revenue.

Why You Should Avoid Cooperating with Oracle SIA

  • SIA is not impartial. SIA is part of Oracle, meaning its advice may align with Oracle’s goal of selling more licenses rather than offering neutral guidance.
  • Compliance issues often arise from mistaken use: Most compliance issues with Oracle software are due to accidental deployments or mistaken usage. If you cooperate with SIA, you risk exposing these issues to Oracle, potentially leading to large licensing fees or penalties.
  • Better to work with an independent advisor: Rather than sharing your compliance gaps or mistakes with Oracle, engaging an independent Oracle licensing expert is far better. An independent advisor can help you identify and fix compliance issues without paying for accidental deployments or unintentional use of Oracle software.

Stay in Control of Your Licensing

By working with someone truly independent, you can ensure that you become compliant in a way that aligns with your actual needs and without being pushed into unnecessary purchases or penalties by Oracle.

Avoiding cooperation with SIA allows you to protect your organization from overpaying for Oracle software due to misunderstandings or misconfiguration.

Oracle License Management Services (LMS)

Oracle License Management Services (LMS), now rebranded as Oracle Global License Advisory Services (GLAS), is Oracle’s official audit team.

The rebranding is likely an attempt to distance itself from LMS’s reputation as an aggressive auditor, but the core function remains the same—ensuring compliance through audits.

Key Roles of Oracle LMS (GLAS)

  • Conducting official audits: Oracle LMS is responsible for conducting formal license audits for customers worldwide. These audits verify that customers use Oracle software through their licensing agreements.
  • Global presence with local staff: Oracle LMS has a mix of local auditors stationed in various countries. These local auditors handle coordination, initial communications, and presenting findings to customers.
  • Technical analysis based in Romania: While local staff manage the client-facing aspects of the audit, Oracle’s central team in Romania performs the actual technical analysis of your software environment. This team analyzes the data collected from your systems to determine compliance with Oracle’s licensing rules.

Understanding the role of Oracle LMS and how it operates is crucial if you are facing an audit. The rebranding to GLAS doesn’t change this team’s core purpose: ensuring compliance and generating revenue through audits.

Always approach Oracle audits carefully, and consider working with independent experts to review your compliance before engaging directly with LMS.

Cost of Non-Compliance with Oracle Licensing

Failing an Oracle license audit can result in significant financial penalties, as Oracle’s software licensing costs are high, especially for products like Oracle Database Enterprise Edition.

To illustrate the potential impact, let’s walk through a real-world scenario:

Example Scenario: Missing Licenses for 1 Server

  • Server Configuration: Each server has 32 cores, which equals 16 Oracle processors (due to Oracle’s core factor calculations for most processors).
  • License Cost: Oracle Database Enterprise Edition costs $47,500 per processor.

Let’s assume the customer runs 20 servers with this configuration but is missing licenses for 1 server.

Cost Breakdown

For one server with 16 processors:

  • 16 processors x $47,500 per processor = $760,000 in licensing costs.

Additional Costs

Oracle typically requires the purchase of backdated support fees for the period during which the unlicensed usage occurred. Support costs are generally 22% of the license cost per year. So for 1 year of backdated support:

  • 22% of $760,000 = $167,200.

Total Cost of Non-Compliance

  • $760,000 (license cost) + $167,200 (support cost) = $927,200 for failing to license just one server correctly.

If this missing license is discovered during an Oracle audit, the total financial impact could approach $1 million for just one server.

Non-compliance can quickly escalate when multiple servers or other Oracle products are involved, making audits potentially costly for organizations. This example highlights the importance of ensuring compliance before an Oracle audit occurs.

Oracle License Audit Remediation Strategies

When preparing for an Oracle audit, taking proactive steps to remediate potential compliance issues before Oracle identifies them is crucial.

Between 90% and 100% of non-compliance findings stem from mistaken or accidental use of Oracle software within your organization.

For Oracle applications, issues often arise from not end-dating users who have left your company or mistakenly giving users access to applications for which you don’t have licenses.

Here are some key actions you can take to clean up and optimize your Oracle licensing position before an audit:

1. Clean Up Your Oracle Database

  • Remove usage/evidence: Before the audit begins, it’s important to thoroughly review your Oracle databases and remove any unauthorized or unnecessary use of software features. This could mean disabling unused options or ensuring unlicensed features are inactive. Cleaning up your environment will reduce the risk of non-compliance findings during the audit.

2. Optimize Your Oracle Licensing

  • Reallocate deployments: If you have Oracle software deployed on a server requiring 16 processor licenses and another server that requires only eight processor licenses, consider migrating your deployments to the smaller server. Optimizing where Oracle software is deployed can drastically reduce your license requirements and costs.

3. End Date Users and Adjust Access

  • End-date inactive users: One of the most common issues in Oracle application audits is the failure of end-date users who have left the company or no longer require access to certain applications. Before the audit begins, review your user lists and end-date inactive users to avoid being charged for unnecessary licenses.
  • Review user access: Ensure users aren’t mistakenly given access to applications or features your organization is not licensed for. Adjust user access to ensure compliance with your current licenses.

4. Run Oracle LMS Scripts and Analyze Results

It’s critical to run Oracle LMS scripts to gather data on your environment before the audit and have an expert analyze the findings. Most non-compliance issues identified will likely be caused by accidental or mistaken use. An independent Oracle licensing expert can help you understand the results and take corrective actions before the audit proceeds.

These steps can significantly reduce compliance risk and avoid hefty penalties during an Oracle audit.

Oracle Audit Settlement Best Practices

Oracle Audit Settlement Best Practices

When settling an Oracle audit, it’s essential to document every aspect of the resolution to protect your organization and ensure clarity in the settlement terms.

A proper Oracle audit settlement goes beyond just purchasing additional licenses; it requires careful attention to detail in how the agreement is structured and what it includes.

Here are some best practices to follow:

1. Document Everything

Ensure that every step of the audit and settlement process is thoroughly documented. This includes:

  • Communications with Oracle: Keep detailed records of all interactions with Oracle throughout the audit process.
  • Internal meetings: Document internal discussions and decisions regarding the audit and compliance strategy.
  • Licensing analysis: Record the findings from any internal or third-party licensing assessments.

2. Oracle Ordering Document

When purchasing additional licenses as part of the settlement, create an Oracle Ordering Document. This document will define what licenses are being purchased, for which products, and under what terms.

It’s a legal record that guarantees clarity on what was bought, helping to avoid future disputes.

3. Audit Settlement Agreement

In addition to the ordering document, there should be a formal audit settlement agreement. This agreement should clearly define:

  • What compliance issues were resolved: Identify the issues uncovered in the audit and how they were addressed.
  • Why the purchase was made: Clearly state the reason for any purchases, whether they were to resolve non-compliance, backdated support fees, or other reasons.
  • Terms and conditions of the settlement: Ensure the agreement includes all relevant terms, including any negotiated discounts, backdated support fees, or changes to licensing terms.

4. Protect Future Compliance

The settlement agreement should also include language protecting your organization from future audits on the same issues. This can prevent Oracle from revisiting resolved matters in future audits and helps secure your organization’s compliance status.

Oracle Third-Party Auditors: Who They Are and What to Expect

Oracle Third-Party Auditors

Oracle refers to its third-party audit program as Joint Partner Engagement (JPE). In this model, resellers act as auditors, conducting license audits on behalf of Oracle.

However, Oracle does not pay these resellers in service fees; their compensation comes from reselling licenses to cover any shortfall found during the audit.

This structure creates a potential conflict of interest that can be risky for organizations.

Why Third-Party Auditors Can Be Risky

  • Motivated by sales: Since resellers are only paid through the resale of shortfall licenses, their incentive is to find non-compliance, which can result in larger licensing purchases.
  • Different interpretations of Oracle licensing: Oracle’s complex licensing rules can be interpreted differently, depending on the desired outcome. Resellers may interpret the rules more aggressively to generate higher license shortfalls.

The Importance of an Independent Expert

Given the financial incentives behind JPE audits, having an independent Oracle licensing expert on your side is essential.

These experts can:

  • Challenge aggressive interpretations: An independent expert will ensure that the Oracle licensing rules are applied fairly and that the reseller’s findings are not skewed to inflate your compliance gap.
  • Offer guidance during the audit: Having an expert who understands Oracle’s licensing complexities can help minimize your exposure and negotiate a better settlement if any non-compliance is found.

In JPE audits, resellers are motivated to find compliance issues to drive sales, making engaging with an independent expert who can protect your interests and ensure a fair audit process even more critical.

Post-Audit Oracle License Management

Post-Audit Oracle License Management

If your organization was found non-compliant during an Oracle audit, it will likely face another audit in the future.

Oracle often audits companies every 3 to 4 years, especially if they’ve previously identified compliance issues.

One of Oracle’s common audit triggers is to revisit customers who have shown a lack of effective license management. Additionally, Oracle may audit your organization for other products not included in the initial audit.

Steps for Post-Audit License Management

  1. Expect Future Audits
    • After a non-compliance finding, Oracle will likely audit your organization again, potentially within the next three years.
    • Oracle could also focus on other products you use, expanding the scope of future audits.
  2. Implement an Annual License Review
    • An annual Oracle license review is recommended to mitigate non-compliance risk in future audits.
    • Regular reviews ensure you proactively manage your licenses and address potential compliance gaps before Oracle finds them.
  3. Avoid Future Penalty Fees
    • By conducting annual internal audits and working with independent Oracle licensing experts, you can stay compliant and avoid hefty penalty fees in future audits.
    • These reviews help you maintain accurate licensing for new deployments, employee changes, and system updates, significantly reducing risk during future Oracle audits.

Proactive license management is key to staying compliant with Oracle’s complex licensing rules and avoiding repeated audits and penalties.

Regularly reviewing and adjusting your Oracle licenses will ensure you are prepared if Oracle audits your organization again.

Avoiding Future Oracle License Audits

Here are proactive steps to help minimize the chances of facing future Oracle audits:

  1. Be compliant when Oracle audits you
    • Oracle reviews past audit history. Ensuring you are compliant during an audit reduces the likelihood of future audits.
  2. Demonstrate licensing knowledge
    • When communicating with Oracle, show that you understand licensing and contracts. Organizations knowledgeable about licensing are less likely to be audited again.
  3. Maintain good vendor relationships.
    • Keep a positive relationship with your Oracle account manager. A strong vendor relationship can sometimes prevent Oracle from initiating an audit.

Following these steps can reduce the chances of Oracle targeting your organization for future audits.

FAQ on Oracle License Audits

How can we delay the Oracle audit?
You can negotiate with Oracle to delay the audit or request more preparation time, citing reasons such as needing time to gather the required data or engaging with an Oracle licensing expert.

What are the benefits of delaying the Oracle audit?
Delaying the Oracle audit gives you more time to prepare and understand your licensing position. This can help you identify and remediate potential compliance issues before the audit begins, reducing the risk of non-compliance findings.

What steps should we take internally while delaying the Oracle audit?
While delaying the Oracle audit, you should take the time to review your Oracle contracts and understand your licensing position. This includes identifying any potential compliance issues and taking steps to remediate them. You should also consider engaging with an Oracle licensing expert to help you navigate the audit process.

What should we do if we identify a license shortage while preparing for the audit?
If you identify a license shortage while preparing for the audit, you should consider purchasing the required licenses before the audit begins. Oracle will almost always take your order now instead of waiting for the audit to be completed, which can take many months.

What is an Oracle license audit?
An Oracle license audit is a process by which Oracle checks whether a customer is compliant with their Oracle software license agreements. This process is typically conducted every 3 to 4 years, but the timeframe can vary.

What triggers an Oracle audit?
Several factors can trigger an Oracle audit, including a hardware environment refresh, use of old or outdated license metrics, recent mergers and acquisitions, failure to renew Unlimited Licensing Agreements (ULAs), sudden changes in software spend, and refusal to purchase Oracle software licenses and cloud services.

Who at Oracle decides which customers are selected for audits?
If the Oracle account team didn’t select you, at least the Oracle audit team asked them for approval before issuing an audit letter.

What is Oracle LMS / Oracle GLAS?
Oracle LMS (License Management Services) is Oracle’s official audit organization. In 2020, Oracle LMS was renamed Oracle Global License Advisory Services (GLAS). This organization operates independently from the Oracle sales team and is responsible for conducting all licensing analyses of Oracle LMS script outputs.

What role does the auditor play in the audit?
Oracle LMS has local members in most countries/regions worldwide. These individuals act as project managers and the face of the Oracle license audit. Their responsibilities include hosting all Oracle license audit meetings, creating the audit project plan, and presenting and writing the audit report.

What is Oracle JPE?
Oracle JPE (Joint Partner Engagement) is an initiative that uses Oracle resellers to conduct and manage Oracle license audits. Oracle does not pay the JPE partners consulting fees and rewards them only if they can resell licenses to cover any shortfall in the Oracle license audit report.

What is Oracle SIA?
Oracle SIA (Software Investment Advisory) is an initiative started by Oracle to help more customers transition to Oracle cloud and educate and train its customers about Oracle licensing topics.

What is Oracle LMSCollection Tool?
Oracle LMS Collection Tool is an in-house-developed set of scripts for measuring customers’ Oracle software environments.

How do you manage the Oracle audit?
When you receive Oracle’s audit notification letter, consult an Oracle licensing expert to review your licensing.

What are the common Oracle license compliance risks?
The common risks include Oracle Database Compliance Risks, License Metric Mistakes, and Virtualization and Cloud Policy Risks.

What should be the first step after receiving the audit letter?
The first step should be reviewing your contracts and understanding the audit clause.

Can we postpone the audit?
Yes, it is possible to postpone the audit. The duration of the delay depends on how well you negotiate with Oracle.

What actions should we take internally while we fend off Oracle with NDAs and negotiations?
You must figure out your compliance gap and how to fix it before the audit starts.

If we determine a license shortage, should we buy those licenses before the license audit begins?
Oracle will almost always take your order now instead of waiting for the audit to be completed, which can take many months.

How do we figure out what our Oracle license position is?
Getting external help from a partner who can analyze Oracle audit scripts. Then, you can remediate any exposure before the audit begins.

What mistake software audit should we avoid?
Don’t hand over any SAM tool data to Oracle without analyzing it.

We trust Oracle to do the right thing and have a good business relationship with It. So why should we use external help?
Even if Oracle can be good-hearted, inexperienced license auditors will lead to mistakes.

Our CIO/CFO received an Audit Letter, and Oracle LMS is contacting us now. Should we reply to their letter?
Take your time. Per your contracts with Oracle, you usually have 45 days to reply to the notification and are not contractually obligated to acknowledge the letter until the 45 days are up.

If you want more than 45 days, you can try to negotiate a contract term giving you a 90-day notice period.
If you need more time, you can negotiate a longer notice period, like 90 days.

We received an email from our sales rep with an Excel spreadsheet they want to fill in with our licenses. Do we need to cooperate?
No, you have no obligation at all. This is not a formal audit.

What happens if we don’t reply to Oracle within 45 days?
Oracle will start to “chase” you, but there will be no consequence for delaying. Once Oracle contacts you, let them know you missed the notification and are willing to discuss the audit.

Can we postpone the audit?
Yes, this happens all the time. How long it will take depends on how well you negotiate with Oracle. The Oracle audit clause says, “The audit shall not reasonably interfere with your business operations.” Oracle is often nice enough to delay an audit for a few months if you provide them with a reasonable business justification for why you want to postpone the Oracle licensing audit. Good reasons can be you are currently undertaking changes in your IT infrastructure.

Can we persuade Oracle to cancel the license audit?
That is more difficult, but I have seen it happen; usually, that involves you making a large purchase. Then, Oracle can withdraw the audit notification.

What should be our first step after we have received the audit letter?
Review your contracts; what does the audit clause say? Does Oracle have the right to audit you? Action to take: If you and many others don’t have copies of your agreements, you might want to contact Oracle to get copies of all the relevant contracts. Support renewals are insufficient; they should be Oracle OMA, OLSA, and Ordering Documents.

We reviewed our Oracle audit clause and concluded that Oracle has the right to audit our company. What should be our next step?
Now, you should negotiate an NDA and ask Oracle to sign your company NDA. This usually takes them a few weeks, buying them more time to prepare for the audit.

And once our NDA is signed by Oracle?
Oracle always wants to schedule a kick-off meeting as soon as possible. This meeting aims to discuss the project plan, share scripts, and more.

Oracle is asking us to schedule a kick-off meeting; why are they in such a rush?
Oracle always wants to schedule the audit kick-off immediately; say no. Oracle suspects that the more time you have to prepare for the Oracle audit, the greater the chance you might discover and fix any license gaps before the audit begins.

During the audit, will Oracle come onsite to our data center?
Oracle does not have the right to access your data center and does not have a discovery tool to find all of your Oracle Software. However, the Oracle audit cannot occur without your collaboration, which is something to remember.

We are a global company, and Oracle wants to license audit our subsidiary. Should we allow it?
You can try to say no, but how can Oracle, locally, determine if they have enough licenses? You might have spare licenses on another subsidiary covering any license shortfall. The audited subsidiary might have a shortfall of 20 Weblogic Licenses, but those might be available from another entity. It is challenging for Oracle to conduct an Oracle licensing audit on a subsidiary as you may have a surplus of Oracle licenses on another legal entity.

Oracle wants to include our Oracle ASFU Licenses in the Oracle licensing audit.
This is not allowed, but I have seen that Oracle LMS sometimes includes Oracle ASFU licenses. Per the contract, any audit on ASFU licenses should go through the partner from which you bought them.

Why is our company being selected for a license audit? Is it simply “our turn”?
No, there is no such thing as a “your turn system” when it comes to Oracle License Audits. The software audits are not random. You have been selected by your Account Manager with the support of Oracle LMS. There is almost always a reason to suspect that Oracle has good grounds for suspecting you are audited. Some customers have not been audited for ten years, while others are audited every 3-4 years.

What actions should we take internally while we fend off Oracle with NDAs and negotiations?
You must figure out your compliance gap and how to fix it before the audit starts. 95% of all Oracle audits are short, usually in the millions. However, most license gaps are not caused by customers “over-using” Oracle.

If we determine a license shortage, should we buy those licenses before the license audit begins?
Oracle will almost always take your order now instead of waiting for the audit to be completed, which can take many months. You have a stronger negotiation position to purchase before the audit begins rather than after.

How do we figure out what our Oracle license position is?
I strongly recommend getting external help from a partner who can analyze Oracle audit scripts. Once Oracle hands the LMS scripts over to you, you run the scripts and then give the licensing partner the output first. Once they get the output, they can analyze what Oracle will find out.

We are not a big Oracle customer; should we be concerned?
We have helped companies that only have five servers of Oracle Software running, and they are being found to be millions of euros non-compliant. One customer had four servers and was facing a 9-million USD license gap.

What mistake software audit should we avoid?
Don’t hand over any SAM tool data to Oracle; you need to analyze it. Oracle-verified tools are not verified to analyze them correctly. If they were, Oracle would trust your SAM tool reports. No, they want the raw script data under the tool, showing that you are out of compliance. Also, even if you have skilled in-house Oracle SAM staff, you should consider getting external help if you are under audit. It can help to have “fresh” eyes looking at data to verify that you are correctly licensed.

Where does the contract say I need to run Oracle audit scripts?
You can find the Oracle audit clause in your Oracle OMA. Many contracts do not mention running Oracle data measurement tools. However, some later versions have contract language saying you must. If Oracle audits you, Redress Compliance can analyze the Oracle LMS Script and tell you what Oracle will discover in the audit. The independent audit will give you more options before the official Oracle audit begins.

Which tool does Oracle use when they are auditing customers?
Oracle uses the Oracle LMS Collection Tool, an in-house-developed set of scripts that measures licensing and deployments for Oracle databases, middleware, and applications.

We tried to do the audit with Oracle ourselves. Can you still help?
Yes, we find errors in almost every Oracle audit report we review. These errors can either reduce the findings or strengthen your negotiation position. Look at Oracle’s price list and compare it to the price of our services. It is easy to calculate an ROI.

How quickly can you help us?
We can usually start an engagement within a few days after you and we agree to the commercial contract.

What is included in the preliminary report we received from Oracle after the audit, and what should we do with it?
The preliminary report contains Oracle’s findings on your software deployments, backups, and user numbers. Reviewing the information to ensure no mistakes and confirm the report’s accuracy is essential.

How can the audit report be inaccurate?
You may have provided Oracle with incorrect information about your Oracle deployments, backups, or several users. Additionally, Oracle may make mistakes in their calculations or miss the licenses that you have.

What other types of mistakes can Oracle make in its audit report?
Oracle may miscalculate licensing, misinterpret contract terms, or overlook licenses you have already purchased. The possibilities are many.

Does Oracle deliberately include errors in its audit reports?
No, it is simply because the Oracle License Management Services (LMS) team that conducts the audit often has auditors with only a few years of experience in Oracle licensing. Years of experience are needed to understand Oracle licensing thoroughly.

What else should we consider when reviewing the audit report besides errors?
Oracle will typically assume the worst-case licensing scenario, which may not be necessary for your situation. Many licensing models are available for Oracle software, and it’s essential to understand which model is most appropriate for your organization.

Do we have to purchase the licenses the audit report says we are missing within 30 days?
No, it is best to acknowledge that you have received the report and need time to review it. Never agree with the report immediately; this will start the 30-day period when you must resolve any licensing gaps with Oracle.

Can we negotiate discounts when resolving the audit?
Yes, but expect the discounts to be lower than the ones you may have received in the past. The average discount for audit-related purchases is around 30-40% lower than regular purchases.

Do all customers get treated equally in a license audit?
Unfortunately, no. Your success in an Oracle license audit depends on your knowledge, negotiation skills, and determination to pay zero. To avoid overpaying, it’s best to work with expert firms that can share their experiences with other companies.

What if Oracle starts the 30-day countdown before we confirm the findings?
Let Oracle know they are incorrect, and that you need more time to review the report.

Can we extend the 30-day negotiation period by talking to Oracle?
Yes, the rule of thumb is that negotiations can extend until the end of Oracle’s fiscal year (end of May). However, Oracle may not agree to extend it beyond this date.

What is the difference between a preliminary and final Oracle license audit report?
The only difference is that with the final report, you are contractually obliged to resolve any licensing gaps within 30 days. Disagree with the report’s findings, as the clock will start ticking.

What is your best and final advice?
Contact us for help; engaging with us may be your company’s best investment this year.

Oracle License Audit Defense Service

Former Oracle license auditors deliver our Oracle License Audit Defense service, which includes the following services:

  • Oracle Licensing Assessment: We assess your current Oracle licensing and provide a comprehensive report on your compliance status.
  • Oracle License Compliance Report: Our report includes a detailed analysis of your compliance risk, financial exposure, and recommendations for solving compliance issues.
  • Contractual Compliance Review: We review your contracts and agreements to ensure you meet all your contractual obligations and maximize your licensing benefits.
  • Advisory in Oracle License Audit: We provide guidance and support throughout the entire Oracle license audit process, from initial notification to final resolution.
  • Audit Negotiation Service: Our experienced negotiators work on your behalf to minimize any financial exposure and ensure a fair outcome for your organization.

Read more about our Oracle Audit Defense Service.

Do you want to know more about our Oracle License Management Services?

Please enable JavaScript in your browser to complete this form.

Author

  • Fredrik Filipsson

    Fredrik Filipsson brings two decades of Oracle license management experience, including a nine-year tenure at Oracle and 11 years in Oracle license consulting. His expertise extends across leading IT corporations like IBM, enriching his profile with a broad spectrum of software and cloud projects. Filipsson's proficiency encompasses IBM, SAP, Microsoft, and Salesforce platforms, alongside significant involvement in Microsoft Copilot and AI initiatives, improving organizational efficiency.

    View all posts