Oracle audit defense is important because Oracle audits can cost companies millions in unexpected software license fees. Even for the experienced IT asset management professionals it can be a challenge and all will benefit from an Oracle audit defense strategy. The reason being, not all audits are the same – it’s different people, different challenges, different goals. One thing remains the same from Oracle audit to Oracle audit. That is how successful you are in an Oracle license audit very much depends on your ability to take control of the audit right from the beginning. So, here are some pointers on how to create your own Oracle audit defense strategy.
Oracle audits can unofficially be initiated in different ways. An example can be when Oracle sales is suspecting some sort of non-compliance and proceeds to nominate a customer for audit.
However, the official Oracle audit always start with a formal audit letter addressed to senior management. The letter is from the Oracle audit organization, also known as Oracle License Management Services (LMS). The intension of the letter is basically to notify the customer of the audit and then to set a date for a kick-off and to establish who will be involved in the audit on both sides. Oracle will from time to time elect an audit partner to front the audit.
As soon as you receive the Oracle audit letter, you should build your Oracle audit defense strategy and tactics.
Oracle LMS – or Oracle GLAS as they are called now – is Oracle’s feared audit organization that has earned Oracle billions of dollars in revenue and are still the main contributor to Oracle’s license sales. Oracle LMS is a loosely global organization that has its main analysis centre in Romania that reviews Oracle customers licensing data.
Oracle LMS stands for Oracle License Management Services and is Oracle official audit organization that reports to Oracle’s CFO. It does not report to Oracle’s sales organization. In 2020 Oracle renamed that organization to Oracle Global License Advisory Services (GLAS). The organization is divided into several groups, but the main workforce is based in Bucharest Romania where they conduct all the licensing analysis of Oracle LMS script outputs, such as database outputs, middleware outputs and Oracle application outputs.
There are local members in most countries or regions of the world. They act as a project manager of the Oracle license audit. They will host all Oracle license audit meetings, create the audit project plan and present and write the audit report. They are closely aligned with the local sales teams and helps decide which Oracle customers are selected for Oracle license audits. The bulk of the Oracle licensing audit work is done by the technical analysts in Romania.
Oracle LMS does not negotiate any commercial contracts with its end customers, this is managed by Oracle sales organization. Oracle sales teams and LMS likes to play the game “good and bad cop”. Don’t be fooled by this, Oracle sales teams pulls all the strings at Oracle.
Oracle JPE is short for Joint Partner Engagement. It is Oracle initiative to use Oracle resellers to conduct and manage Oracle license audits. The JPE partners are not paid any consulting fees by Oracle and only rewarded if they are able to resell licenses to cover any shortfall from the Oracle license audit report.
Warning: This is obviously a red flag for anyone who knows Oracle licensing. Oracle licensing around many topics such as Virtualization, Cloud and DR is vague and is open for interpretation. To have an company managing software audits with incentive to resell more licenses is questionable – you can imagine that the Oracle licensing interpretations are not favourable to the end customer.
Oracle SIA is short for Oracle Software Investment Advisory. Former Oracle LMS auditors accounts for 80% of its staff. Oracle started an initiative to help more customers to Oracle cloud and educate and train its customers on Oracle licensing topics. A noble mission, however, the results are clear for everyone. Many Oracle customers who started conversations with Oracle SIA about their licensing got surprised. When Oracle SIA discovered non-compliance during those educational sessions, they turned help into threats of official Oracle license audit unless a purchase for new licenses were done.
Recommendation: Ask for independent advice on Oracle licensing, not from the vendor.
After the kick-off, the audit process is divided into a few main stages:
Oracle LMS has a well-established audit process. They have been doing audits successfully for many years and it is a very lucrative business. While LMS auditors are handling several audits in parallel every day of the year, you might be on the first or second audit with Oracle. This is an opportunity to use a well proven Oracle audit defense tactic, which is to delay the Oracle audit.
This might come as a surprise to you, but the audit process is designed to take you to the final report as quickly and painless (for the LMS team) as possible without you asking too many questions.
Questions that Oracle LMS want to avoid:
… and the list goes on and on.
Oracle LMS will not tell you how to deal with these questions. They are going to avoid them for a reason. If you don’t know the answers or these questions are new to you, you are most likely not able to take control of the Oracle license audit and defend yourself.
There are many different compliance problems with Oracle software, but the Oracle database is still king of compliance problems because it is expensive to license, there are many different products, and it is widely used with a 40% market shared.
Again, the list goes on and on….
How do you take control and defend yourself in an Oracle audit? It starts with the audit letter. Already at the beginning you need to stop the Oracle LMS team in its tracks. Doing so will help you to buy time and used that time to do your internal audit and remediation. The best Oracle audit defense strategy starts by using independent Oracle licensing experts who knows how to analyze Oracle audit scripts. Also, you need to make sure that all communication to Oracle goes through one person, otherwise there is no way of knowing what information is shared and with who.
An Oracle audit negotiation advisor should be an individual who has many years working with Oracle license management and audits. Ideally this should be someone who has worked at Oracle for you to benefit from all the insider secrets that are an essential part in an Oracle audit defense.
Oracle audit negotiation advisors are important to include not only at the end of an Oracle audit, but also before the Oracle audit begins because you need to negotiate the audit scope and methods.
Why you need an Oracle audit negotiation advisor at the end of the audit
If you would like to be updated on Oracle licensing and receive more tips, follow us on
✔️ Follow us on LinkedIn
✔️ Subscribe to our channel on YouTube
Thanks for reading! Contact us, if you want to know more about our Oracle audit defense services.