Oracle License Audit – 22 secrets that will help you win – 2022

 

This is an Oracle license audit guide written to make it easy to search for the answers that you need to manage the  audit. Its designed to tell you what you should ask yourself to better prepare and complete the engagement successfully. This is written by Oracle licensing experts who has worked for Oracle conducting audits and now as consultants helping over 100 companies defend themselves in Oracle audits. The article will cover Oracle license audit process and what are the most common reasons customers are non-compliant with Oracle. Then we provide recommendations on how to manage the audit. The first recommendation we can give is that dont face an Oracle licensing audit alone.

 

Audits are a big part of Oracle license revenue. We estimate that 50% of all Oracle software license revenue streams from license audits. Oracle audits works like this; Every year the Oracle account team needs to nominate a customer suited for a license audit. The customers selected for audits are rarely randomly chosen.

 

After the license audit has been conducted, Oracle will present a report that is worst case scenario with the highest amount of fees paid to Oracle. This is a normal practice among software vendors and Oracle is not different. However, the license report is designed in a way that it looks at the most expensive licensing models to cover the license need.

 

There are also grey areas that deals with Oracle licensing and Oracle views the customer licensing most favorably to Oracle. That is where you need Oracle licensing expertise to articulate the licensing policy in the end customer favor and not Oracle. You can read about Oracle LMS compliance policy

 

Oracle License Audit Process 


Oracle usually audits customers every 36 months, but the time difference can vary, if you are a Oracle customer who in the past have been found to be out of compliance with your Oracle software license agreements, you are more likely to be audited again. The same goes if you decline to purchase Oracle software licenses and cloud you are more likely to be audited by Oracle. Oracle audits are difficult to manage because there are very few software tools that can accurately measure your Oracle licenses. It usually requires a combination of software and expert knowledge to accurately measure Oracle licenses.

oracle audit process

 

Audits can be easy to manage if you are pro-active when you receive the audit notification letter from Oracle. You should quickly engage with an Oracle license expert to help you understand your licensing position before the audit begins. If you do so there is a strong chance you will pay zero to Oracle after the official license audit has been completed.

 

Oracle audit process is something that companies must master in order to take control and make sure mistakes and avoidable fees to Oracle are paid.  This article is providing a high level introduction for the 4 major steps of an Oracle audit. Remember that you have 45 days to reply to the Oracle audit, that means you have 45 days to review your Oracle licensing and come up with an Oracle audit defense plan.

 

 

oracle license audit process

 

 

Oracle Audit Notification

 

Oracle LMS will send a notification letter to your CFO / CIO or both, notifying you that Oracle intention is to perform an audit of your Oracle software licenses. The letter has a friendly tone and either indicates that the  license audit will be conducted by Oracle of if Oracle would like an Oracle reseller / partner to conduct the audit on their behalf. Many audits are conducted by Oracle resellers

 

 

Audit kick off meeting

 

During the kickoff meeting Oracle wants to agree on a timeline for you to share all the necessary data. As Oracle is completely dependent on you co-operating and providing them with the data about your IT infrastructure, they are reliant on you running their Oracle LMS scripts or Oracle license compliance tools.

 

Data sharing  & Oracle LMS Scripts

 

Oracle provides you with access to a web-based license audit portal where you are asked to answer a questionnaire about your Oracle usage. Be careful to provide the correct information in this portal. You can then download the Oracle LMS scripts Oracle wants you to run and then upload the output in the same portal. Our advice is to not share any data with Oracle you have not yet analyzed independently.

 

Oracle audit report

 

You will receive the report approx. 4-6 weeks after you have shared the data with Oracle.
The report is almost always a “preliminary report” where Oracle asks you to review the findings and ask if you agree to them. If you are at this stage, do not agree with the findings until you have had an Oracle licensing expert provide a 2nd review of the license audit findings.

The reports are almost always issues in the 2nd month of Oracle financial quarter, as you have 30 days to purchase licenses for any shortfalls identified in the reports. Hence the 2nd month is when you can expect the report.

 

What is the name and address of the department that handles Oracle audits?

 

You must have the right documentation and skills to successfully complete an Oracle software licensing audit to avoid the potential risks. This type of audit is complex and requires a lot documentation. Global License Advisory Services (GLAS) is the name of the Oracle department that handles licensing audits.

 

License rules are enforced by Oracle’s License Management Services Division. Most cases are complicated when it comes to licensing agreements between software vendors and customers. The license audit is dependent on the cooperation of end-users. The license agreement includes a clause about audit rights. Oracle gives notice 45 days before the licensing audit so customers have time to prepare. Oracle also conducts licensing audits in order to protect intellectual property rights of software developers.

 

An Oracle audit can result in unexpected costs. It is important to manage license entitlements to avoid additional costs. An internal audit can be used to determine license entitlements and actual deployable usage. Companies could miss vital information or take unnecessary risks if they don’t have the documentation. Although it is best to seek help before the Oracle licensing audit letter arrives, it is not too late to hire independent license experts. Even if an audit letter is sent in the middle, licensing experts can help you save time and provide guidance.

 

If you want to know more how independent license experts can help you Oracle audit negotiations support – audit advisors will help covers the topic in detail.

 

Frequently asked

 

What is Oracle LMS

 

Oracle LMS stands for Oracle License Management Services and is Oracle official audit organization that reports up to Oracle CFO. It does not report to Oracle sales organization. In 2020 Oracle renamed that organization to Oracle Global License Advisory Services (GLAS). The organization is divided into several groups, the main workforce is based in Bucharest Romania where they conduct all the licensing analysis of Oracle LMS script outputs, such as database outputs, middleware outputs and Oracle application outputs.

 

 

How is Oracle LMS conducting license audits?

 

There are local members in most countries/regions of the world. They act as a project manager / face of the Oracle license audit. They will host all Oracle license audit meetings, create the audit project plan and present and write the audit report. They are closely aligned with the local sales teams to decide which Oracle customers are selected for Oracle license audits. The bulk of the Oracle licensing audit work is done by the technical analysts in Romania.

 

 

Oracle LMS audit negotiations

 

Oracle LMS does not negotiate any commercial contracts with its end customers, this is managed by Oracle sales organization. Oracle sales teams and LMS likes to play the game “good and bad cop”. Don’t be fooled by this, Oracle sales teams pulls all the strings at Oracle.

 

 

What is Oracle LMS or Oracle JPE?

 

Oracle JPE is short for Joint Partner Engagement. It is Oracle initiative to use Oracle resellers to conduct and manage Oracle license audits. The JPE partners are not paid any consulting fees by Oracle and only rewarded if they are able to resell licenses to cover any shortfall in Oracle license audit report.

 

Warning: This is obviously a red flag for anyone who knows Oracle licensing. Oracle licensing around many topics such as Virtualization, Cloud and DR is vague and is open for interpretation. To have an company managing software audits with incentive to resell more licenses is questionable- you can imagine that the Oracle licensing interpretations are not favourable to the end customer.

 

 

What is Oracle SIA?

 

Oracle SIA is short for Oracle Software Investment Advisory. Former ex-Oracle LMS auditors accounts for 80% of its staff. Oracle started an initiative to help more customers to Oracle cloud and educate and train its customers about Oracle licensing topics. A noble mission, however, the results are clear for everyone. Many Oracle customers who started conversations with Oracle SIA about their licensing got surprised. When Oracle SIA discovered non-compliance during those educational sessions, they turned help into threats of official Oracle license audit unless a purchase for new licenses were done.

 

Recommendation: Ask for independent advice on Oracle licensing, not from the vendor.

 

 

What is Oracle LMSCollection Tool?

Oracle LMSCollection Tool is Oracle in-house developed set of scripts for measuring its customers Oracle software environments. Oracle customers are allowed to use this script for measuring Oracle licenses, however the difficulty comes into being able to correctly interpret the output towards a license requirement. The Oracle LMS scripts cover Oracle Database products and all its options, Oracle middleware products and Oracle E-business Suite, Oracle Siebel licensing, Primavera licensing, Peoplesoft licensing and JD Edwards licensing.

 

Oracle license compliance script

 

Our recommendation – if you want independent advice on Oracle licensing or cloud, you should work with a third party that is not incentivized to push you into one direction.

 

If you are under an Oracle license audit and need Oracle audit support, contact us and we can start immediately.

 

 

Audit extortion

 

Oracle is well-known for regularly auditing customers. Although it is a major source of revenue, license audits can be a frustrating problem for well-intentioned businesses. This audit is often difficult to understand and can lead companies to not comply with Oracle’s licensing obligations. Companies can avoid significant fines by being aware of the risks and taking compliance measures.

 

Users may feel tempted to end validation if they notice an increase in Oracle licenses. Although they may believe that Oracle has a complete list of all their licenses at once, this is not often the case. Instead of comparing their license lists with the actual agreements, they should look at the underlying agreements to determine if they are in violation of any terms. They should also verify that Oracle has registered the license metrics.

 

A notification letter from Oracle is the first step of the process. The letter includes a list all legal entities using Oracle software. It also asks for the CIO/CFO to be the single point of contact in the audit. These audits can be conducted by Oracle’s License Management Services and may involve any number of other parties. As part of their business strategy, Oracle sales representatives might also initiate license audits in some countries.
Our recommendation is to follow the guidelines we lay out in the, but if you have the chance use an external expert to help you reduce the claims by 90%+

 

 

Oracle licensing consultants

 

It is crucial to have a licensed solution in case of an Oracle licensing audit. You should contact a specialist licensing consultant provider immediately after being notified you are subject to an audit. These experts have extensive knowledge about Oracle licensing practices, Oracle contracts and the underlying architecture. These professionals can make recommendations to ensure compliance. These tips will help you get started if you aren’t sure where to begin.

 

Oracle licence exposure can be affected by changes to physical architecture, usage, or agreements with Oracle. You can check your licenses on a regular schedule to be proactive. You can schedule an audit for any changes to your Oracle license if you are unsure. If you are unsure when an Oracle licensing audit is required, you can save a lot of money by taking a proactive approach. Contact the leading Oracle licensing expert firm.

 

 

4-step plan for how to manage the license audit

 

Before the audit begins.

 

Delay the Oracle license, you normally have 45 days to acknowledge you have received the audit letter. This is the time when you should quickly engage with an Oracle licensing expert to review your licensing. This should be an ex-Oracle l auditor who has helped hundreds of Oracle customers before and can use the same tools and methods that Oracle will use in the official audit.

oracle license audit triggers

 

How to measure your Oracle installations.

 

Oracle will request you to run their Oracle LMS scripts and share the output with them. Oracle does not have a discovery script which means, whatever Oracle installations you cannot find, Oracle cannot find either. If you have done step 1 properly, you should not have anything to fear by running the Oracle LMS scripts. However, there may be reasons why you do not want to do so. Watch the video below to learn more.

 

 

 

Three license compliance risks in a software audit

 

 

Oracle Database Editions & Options

 

Oracle products have different editions, make sure that you have installed the correct version. Oracle database also have additional features that requires additional licenses. If you unknowingly have used those features now or in the past, you will be required to purchase licenses for both past and active usage.

 

License metrics such as Oracle Processor and Named User Plus licenses

 

Oracle have different rules for how to calculate Oracle licenses for processors (CPU) or Named User Plus. It is important to review the hardware you are running and understand Oracle licensing rules to make sure you have sufficient Oracle licenses to cover your needs. There are for example user minimums for each product, 25 user minimums for Oracle database enterprise edition and the options must have matching quantities and metrics.

 

Virtualization and Cloud

 

If you deploy Oracle software on virtual technologies it is very easy to be out of compliance with your Oracle license entitlements. Oracle soft partitioning guide that includes vague rules for how to license Oracle in VMware, Hyper-V, IBM LPAR, and other technologies are often a cause for concern. If you are deploying Oracle licenses in AWS or Azure, there are rules for how to calculate the licensing when deploying in public cloud.


Many Oracle customers are being caught out in  license audits because they are not aware of these licensing policies.

 

License Audit advice:

 

Named User Plus licensing

 

Review your named user plus licensing; Do you cover the user minimums for each product? If you have 2 processors of Intel with a core factor 0,5 and you have 8 cores. That means you need to license Oracle database enterprise edition with 2x 8 cores = 4 processor licenses of Oracle database enterprise edition. The user minimums for Oracle database Enterprise Edition are 25 per processor. User minimums for this server is 100 named users plus regardless of if you only have 15 users.

 

Review if the server can be licensed with named user plus at all. It’s quite common that Oracle customers have incorrectly chosen a named user plus licensing model because they cannot count all users. For example, with a web application or integrations to other applications which require the other application population to be licensed as well.

 

Oracle database options usage

 

In almost every Oracle audit we come across, Oracle customers have unknowingly used features that trigger additional licenses. For example, that you run Oracle database standard edition and use Enterprise Edition features. That will require the Oracle customer to license Enterprise Edition (core licensing) and pricing is 47,500 $ per processor as well as the additional EE options licensing.


If a Oracle DBA or someone else have used this feature there is historical evidence saved in the Oracle database that is detected by Oracle LMS during the official audit.

 


Frequently asked questions and answers about Oracle audits – Audit Guide

 


1.Our CIO/CFO received an Audit Letter and now Oracle LMS is contacting us. Do we need to reply to their letter?

Answer: Take your time, per your contracts with Oracle – You normally have 45 days to reply to the
notification. You have no contractual obligation to acknowledge the letter until the 45 days are up. If you want more than 45 days, you can try to negotiate a contract term giving you 90 days notice period.

2. We received an e-mail from our sales rep with a excel spreadsheet they want to fill in with our licenses. Do we need to co-operate?

Answer: No, you have no obligation at all. This is not a formal audit.

3. What happens if we dont reply to Oracle within the 45days?

Answer: They will start to “chase” you, but there will not be any consequence of delaying.

4. Can we postpone the audit ?

Answer: Sure, the contract says “the audit shall not reasonable interfere with your business operations”


Oracle are often nice enough to delay an audit for a few months if you can provide them with a good business justifiction why you want to postpone the Oracle licensing audit. Good reasons can be you are currently undertaking changes in your IT infrastructure.

5. Can we persuade Oracle to cancel the license audit ?

That is more difficult, but I have seen it happen, usually that involves you making a large purchase. Then Oracle can withdraw the audit notification.

6. What should be our first step after we have recieved the audit letter?

Answer: Review your contracts, what does the audit clause say? Do Oracle have the right to audit you? Action to take: If you as many others don’t have copies of your agreements, you might now want to contact Oracle to get copies of all the relevant agreements. only support renewals are not sufficient, should be Oracle OMA, OLSA and Ordering Documents.

7. We reviewed our Oracle audit clause, -And we have come to the conclusion that Oracle has the right to audit our company. What should be our next step?

Answer: Now you should negotiate an NDA, ask Oracle to sign your company NDA. This usually takes them a few weeks, buying yourself more time to prepare for the audit.

8. And once our NDA is signed by Oracle?

Answer: Oracle always wants to schedule a kick-off meeting ASAP. The purpose of such meeting is to discuss the project plan, sharing scripts and so forth. Getting your agreement on specific dates when you will submit the data to Oracle.

 

My advice is to instead use the next meeting to negotiate:

 

  • Negotiate which legal entities are included in the audit. There can be both benefits and drawbacks with including all majority subsidiaries, especially if you are a global company.
  • Negotiate the timeline of the audit and how the audit will be conducted.
  • What tools and output will Oracle ask for? By establishing the parameters, you can then say no to Oracle if they want to expand the audit or ask for additional information.
  • If you don’t want to run Oracle Audit Scripts, can you supply Oracle with data manually?
  • Negotiate are there any onsite visits included?
  • Which products should be in scope of the audit?

 

9. Oracle is asking us to schedule a kick-off meeting, why are they in such a rush?

Answer: Oracle always wants to schedule the kick-off of the audit as soon as possible, say no to that. Oracle suspect that the more time have to prepare for the Oracle audit, the bigger chance that you might discover any license gaps and fix them before the audit begins.

10. During the audit will Oracle come onsite to my datacentre?

Answer: They have no right to access your data centre, and they also do not have any discovery tool finding all of your Oracle Software. The Oracle audit cannot take place without your collaboration. Which is something to keep in mind.

11. We are a global company and Oracle wants to license audit a subsidiary of ours. Should we allow it?

Answer: You can try to say no, for how can Oracle on a local level determine if they have enough licenses. You might have spare licenses on another subsidiary that might cover any license shortfall. The audited subsidiary might have a shortfall of 20 Weblogic Licenses, but those might be available from another entity. It is very difficult for Oracle to conduct an Oracle licensing audit on a subsidiary as you may have a surplus of Oracle licenses on another legal entity.

12. Oracle wants to include our Oracle ASFU Licenses in the Oracle licensing audit?

Answer: This is not allowed, But i have seen that Oracle LMS sometimes to include Oracle ASFU licenses. Per contract any audit on ASFU licenses should go thru the partner from which you bought the Oracle ASFU licenses.

13. Why is our company being selected for an license audit? Is it simply “our turn”?

Answer: No, there is no such thing as a “your turn-system” when it comes to Oracle License Audits. The software audits are not random. You have been selected by your Account Manager with the support of Oracle LMS. There is almost always a reason to suspect that Oracle have good reasons for suspecting you are audited. Some customer have not been audited for 10 years others are audited every 3-4 years.

 

Most common reasons for being selected for an Oracle audit are:

 

  • You have Old License Metrics or NUP licenses (Tech)
  • You have acquired a company or merged with another company, by default you can be non-compliant on simply the contract itself.
  • You have made a large hardware refresh, which often changes licensing requirements.
  • You have not been audited for more than 3 years.
  • You have Oracle EBS but don’t have full use licensing for technology.
    Oracle (often Sales) have heard that you are using virtualization technologies. (VMWare)
  • You have logged support tickets with Oracle and in the ticket, you are describing using technology features that you don’t have a license for.
  • You decided to NOT to accept an Oracle licensing or cloud solution.
  • You told Oracle that you are not interested in meeting or have any new “projects” that might involve buying more Oracle Software.
  • You have a new sales rep; some sales reps believe in auditing customers more than others.
  • Declining to renew your Oracle ULA.
  • You were non-compliant in the last audit
  • What activities should I do internally?

 

14. While we fend off Oracle with NDAs and negotiations, what actions should we take internally?

Answer: You need to figure out what is the compliance gap you have and how to fix it before the audit starts. 95% of all Oracle audits have a shortfall and usually they are in the millions. But most of the license gap is not because customers are “over-using” Oracle.

 

The main culprit is:

 

  • A lack of knowledge of Oracle licensing and contract policies.
  • After being involved in a lot of Oracle audits on (both sides of the table) i estimate that 90% of all non-compliance could have been fixed by the company. If they only had the right licensing knowledge. This can be resolved by performing a pro-active license review If you do that there is a good chance you dont need to pay Oracle anything the next time you are audited.
  • If you are found to be struggling with being compliant with Oracle, it comes down to you not realizing that you need to invest in proper resources. (and i am not talking about a SAM tool) far too many companies have bought into the marketing hype of the SAM tool vendors who promises everything.

 

15. If we realize there is a license shortage – should we buy those licenses before the license audit begins?

Answer: Oracle will almost always take your order now instead of waiting for the  audit completion which can be many months in the future. You have a stronger negotiation position to purchase before the audit begins rather than after.

16. How do we figure out what our Oracle license position is?

Answer: I strongly recommend – get external help by a partner who can analyse Oracle audit scripts. Once Oracle hands the lms scripts over to you. You run the scripts and then give the licensing partner the output first. They can analyse what Oracle will find out once they get the output.

Also review the most common reasons for being audited and you might find out why Oracle believes you are non-compliant. The only people who dont want you to get external help is Oracle, because then they will not get much revenue.

17. We have not made any changes to our Oracle environments since the last Oracle audit. Should we have any concerns about our compliance position?

Answer: Are you aware of what features IT staff or DBAs have used when operating your Oracle environments? It could have been a DBA 2 years ago who used features that triggered license purchase. But there are no warning flags. But Oracle will detect that in the audit. I have seen it many times. Remember there is a reason why Oracle is auditing you, they expect to get revenue.

18. We are not a big Oracle customer, should we be concerned?

Answer: I have helped companies that only have 5 servers of Oracle Software running and they are being found to be millions of euros non-compliant. One customer had 4 servers and was facing a 9-million-euro license gap.

19. Are Oracle java audits happening?

Answer: It is currently not happening on any large scale if it happens its a almost a one-off. rare, but this can change. Most likely it will be sales reps who wants to review your Java usage. 

20. What mistake sofware audit should we avoid?

Answer: Don’t hand over any SAM tool data to Oracle, you need to analyse it. Dont believe the LMS certification marketing hype.

Also even if you have skilled in-house Oracle SAM staff. If you should consider get external help in if you are under audit – It can help to have a “fresh” eyes looking at data to verify that you are correctly licensed.

21. We trust Oracle to do the right thing, we have a good business relationship with Oracle. Why should we use external help?

Answer: Oracle audit organization have gone thru a large re-organization. Most of their audit staff is now based in Romania. The average experience of a consultant is probably 1-2 years. Even how good-hearted Oracle can be, by having in-experienced license auditors will to lead to mistakes. It can be good to make sure you keep them honest by getting external help.

By doing so might actually save your relationship with Oracle, as most companies that have “soured” on Oracle – have done so because they felt they were unfairly treated in an audit.

22. Where in the contract does it say i need to run Oracle audit scripts?

Answer: Nowhere, it only says you need to co-operate with Oracle LMS. However some later versions do have contract language saying you need to run Oracle data measurement tools. If you are audited by Oracle, Redress Compliance can analyze the Oracle LMS Script and tell you what Oracle will discover in the audit. By doing the independent audit it will give you more options before the official Oracle audit begins.

 

If you are an Oracle customer who needs help with Oracle licensing, please use the contact button to organize an online meeting.
We are serving clients worldwide with Oracle license management services.

 

Read more on our blog

 

Oracle License Audit – how to take control
Oracle License Compliance Scripts –  Oracle LMSCollection Tool

 

If you would like to be updated on Oracle licensing and receive more tips, follow us on
social media:

 

✔️ Follow us on LinkedIn
✔️ Subscribe to our channel on YouTube

 

 

Related Services

 

 

If you need with an oracle license audit, contact us for expert support. We are ex Oracle auditors who knows all the weaknesses and strengths in Oracle license audit process. We also have the ability to analyze Oracle license compliance scripts tools aka Oracle LMS scripts. It is well known in the industry that you should not go into an Oracle licensing audit alone. At Redress all of our clients who are facing audits are coming to the front of the line and we start helping you as soon as we can. Contact us to discuss how we can help your company.