Oracle Audit Defense – how to take control

Oracle audit defense is important because Oracle audits can cost companies millions in unexpected software license fees. Even for the experienced IT asset management professionals it can be a challenge and all will benefit from an Oracle audit defense strategy. The reason being, not all audits are the same – it’s different people, different challenges, different goals. One thing remains the same from Oracle audit to Oracle audit. That is how successful you are in an Oracle license audit very much depends on your ability to take control of the audit right from the beginning. So, here are some pointers on how to create your own Oracle audit defense strategy.

 

What is an Oracle license audit?

 

Oracle audits can unofficially be initiated in different ways. An example can be when Oracle sales is suspecting some sort of non-compliance and proceeds to nominate a customer for audit.

 

However, the official Oracle audit always start with a formal audit letter addressed to senior management. The letter is from the Oracle audit organization, also known as Oracle License Management Services (LMS). The intension of the letter is basically to notify the customer of the audit and then to set a date for a kick-off and to establish who will be involved in the audit on both sides. Oracle will from time to time elect an audit partner to front the audit.

 

As soon as you receive the Oracle audit letter, you should build your Oracle audit defense strategy and tactics.

 

Oracle LMS – or Oracle GLAS as they are called now – is Oracle’s feared audit organization that has earned Oracle billions of dollars in revenue and are still the main contributor to Oracle’s license sales. Oracle LMS is a loosely global organization that has its main analysis centre in Romania that reviews Oracle customers licensing data.

 

 

 

Why are you selected for an Oracle license audit?

 

why oracle audit

 

Oracle LMS – The feared audit team explained

 

What is Oracle LMS?

 

Oracle LMS stands for Oracle License Management Services and is Oracle official audit organization that reports to Oracle’s CFO. It does not report to Oracle’s sales organization. In 2020 Oracle renamed that organization to Oracle Global License Advisory Services (GLAS). The organization is divided into several groups, but the main workforce is based in Bucharest Romania where they conduct all the licensing analysis of Oracle LMS script outputs, such as database outputs, middleware outputs and Oracle application outputs.

 

How is Oracle LMS conducting license audits?

 

There are local members in most countries or regions of the world. They act as a project manager of the Oracle license audit. They will host all Oracle license audit meetings, create the audit project plan and present and write the audit report. They are closely aligned with the local sales teams and helps decide which Oracle customers are selected for Oracle license audits. The bulk of the Oracle licensing audit work is done by the technical analysts in Romania.

 

Oracle LMS audit negotiations

 

Oracle LMS does not negotiate any commercial contracts with its end customers, this is managed by Oracle sales organization. Oracle sales teams and LMS likes to play the game “good and bad cop”. Don’t be fooled by this, Oracle sales teams pulls all the strings at Oracle.

 

What is Oracle LMS or Oracle JPE?

 

Oracle JPE is short for Joint Partner Engagement. It is Oracle initiative to use Oracle resellers to conduct and manage Oracle license audits. The JPE partners are not paid any consulting fees by Oracle and only rewarded if they are able to resell licenses to cover any shortfall from the Oracle license audit report.

 

Warning: This is obviously a red flag for anyone who knows Oracle licensing. Oracle licensing around many topics such as Virtualization, Cloud and DR is vague and is open for interpretation. To have an company managing software audits with incentive to resell more licenses is questionable – you can imagine that the Oracle licensing interpretations are not favourable to the end customer.

 

What is Oracle SIA?

 

Oracle SIA is short for Oracle Software Investment Advisory. Former Oracle LMS auditors accounts for 80% of its staff. Oracle started an initiative to help more customers to Oracle cloud and educate and train its customers on Oracle licensing topics. A noble mission, however, the results are clear for everyone. Many Oracle customers who started conversations with Oracle SIA about their licensing got surprised. When Oracle SIA discovered non-compliance during those educational sessions, they turned help into threats of official Oracle license audit unless a purchase for new licenses were done.

 

Recommendation: Ask for independent advice on Oracle licensing, not from the vendor.

 

Oracle License Audit

 

Oracle Audit stages

 

After the kick-off, the audit process is divided into a few main stages:

 

  • Data collection – This includes the use of Oracle audit scripts for the servers running Oracle software.
  • Preliminary audit report – This is where Oracle or the audit partners is sharing a draft report of the results for the customer to review.
  • Final audit report – Oracle closes the report usually – but not always – after the customer has accepted the findings.
  • Resolving the audit findings – Oracle sales negotiates with the customer on sales of licenses, associated terms and conditions, to cover for any shortfall outlined in the audit report. The standard Oracle audit clause dictates that the customer has 30 days from the final report to cover any shortfall. In other words, the clock is ticking once you have accepted the findings.

 

Oracle LMS Scripts

 

 

oracle lms scripts

 

 

Oracle license audit process

 

Oracle LMS has a well-established audit process. They have been doing audits successfully for many years and it is a very lucrative business. While LMS auditors are handling several audits in parallel every day of the year, you might be on the first or second audit with Oracle. This is an opportunity to use a well proven Oracle audit defense tactic, which is to delay the Oracle audit.

 

This might come as a surprise to you, but the audit process is designed to take you to the final report as quickly and painless (for the LMS team) as possible without you asking too many questions.

Oracle Audit Defense Questions

 

Questions that Oracle LMS want to avoid:

 

  • Who decides on the overall timeline of the Oracle audit?
  • Do I have to run Oracle scripts?
  • How does Oracle license policies apply to me when they are not referenced in my contract?
  • Where will the data Oracle scripts collect go for analysis?
  • What information is the scripts picking up?
  • Should I sign an NDA with Oracle before the audit?

… and the list goes on and on.

 

Oracle LMS will not tell you how to deal with these questions. They are going to avoid them for a reason. If you don’t know the answers or these questions are new to you, you are most likely not able to take control of the Oracle license audit and defend yourself.

 

 

oracle audit delay

 

 

Common Oracle audit compliance issues

 

There are many different compliance problems with Oracle software, but the Oracle database is still king of compliance problems because it is expensive to license, there are many different products, and it is widely used with a 40% market shared.

 

Database compliance and software compliance issues

 

  • Use management packs that you don’t have licenses for – very common mistake where even the best Oracle DBA get it wrong
  • Use of management packs on standard edition – possible but not allowed
  • Historical use of database options and packs – year and years of use is common and very costly
  • Use of advanced compression – is a feature used in many different situations
  • Use of Oracle databases in virtual environments
  • Multiplexing

 

 

Again, the list goes on and on….

 

How to build your Oracle audit strategy

 

How do you take control and defend yourself in an Oracle audit? It starts with the audit letter. Already at the beginning you need to stop the Oracle LMS team in its tracks. Doing so will help you to buy time and used that time to do your internal audit and remediation. The best Oracle audit defense strategy starts by using independent Oracle licensing experts who knows how to analyze Oracle audit scripts. Also, you need to make sure that all communication to Oracle goes through one person, otherwise there is no way of knowing what information is shared and with who.

 

What is an Oracle audit negotiation advisor?

 

An Oracle audit negotiation advisor should be an individual who has many years working with Oracle license management and audits. Ideally this should be someone who has worked at Oracle for you to benefit from all the insider secrets that are an essential part in an Oracle audit defense.

 

When to include an Oracle audit negotiation advisor?

 

Oracle audit negotiation advisors are important to include not only at the end of an Oracle audit, but also before the Oracle audit begins because you need to negotiate the audit scope and methods.

 

Why you need an advisor before the Oracle audit begins

 

  • You can negotiate which products Oracle will audit – there may be a reason for you to exclude a product where there is more uncertainty about your compliance position.
  • You can also exclude geographical areas such as legal entities in other countries.
  • You should also negotiate which tools will be used – will you use Oracle scripts or use manual declaration / sharing of data.
  • Negotiate the Oracle audit timeline to make sure that the Oracle audit has an end date both parties agree on.

 

Why you need an Oracle audit negotiation advisor at the end of the audit

 

  • The Oracle audit report can be difficult to understand if you haven’t seen an Oracle license audit report before. An audit advisor can explain the findings and uncover mistakes in the report.
  • Oracle will never include pricing or discounts in an Oracle license audit report If the advisor is experienced, he can tell you how much other companies paid for similar findings to make sure that you don’t overpay to Oracle.

 

3 reasons why you should get help from an advisor

 

  • An external audit negotiation advisor will help to uncover blindspots and is not emotionally invested in certain outcomes or findings.
  • An audit negotiation advisor with the right experience will help you control the audit and eliminate surprises.
  • An audit negotiation advisor will help you avoid mistakes negotiating the audit before it begins,  but also at the end when finding the right solution is is important to close the audit. Oracle licensing mistakes are very costly and the worst ones have a tendency to come back and haunt you.

 

Oracle LMS Negotiation

 

  • Oracle LMS negotiations can be challenging as you will have different reasons for why Oracle believes you are out of compliant.
  • Reasons range from, missing products, not following non-contractual licensing policies and contractual terms in your Oracle licensing agreements.
  • One important factor to succeed is to understand how severe Oracle views each compliance issue.

 

oracle audit negotiations

 

 

 

If you would like to be updated on Oracle licensing and receive more tips, follow us on
social media:

 

✔️ Follow us on LinkedIn
✔️ Subscribe to our channel on YouTube

Related Services

 

 

Thanks for reading! Contact us, if you want to know more about our Oracle audit defense services.