Navigating an Oracle license audit can be a daunting task. That’s why we’ve created this comprehensive guide to give you the answers you need to manage the audit process effectively.
This guide is crafted by Oracle licensing experts who have been on both sides of the table – conducting audits for Oracle and now, as consultants, helping over 100 companies defend themselves in Oracle license audits.
We delve into the Oracle license audit process, highlighting the most common reasons customers are non-compliant with Oracle. We then offer strategic recommendations on how to manage the audit effectively. Our first piece of advice? Don’t face an Oracle licensing audit alone.
Audits form a significant part of Oracle’s license revenue. We estimate that 70% of all Oracle software license revenue stems from license audits. Here’s how it works: The Oracle account team nominates a customer for a license audit each year. The selection is rarely random.
No organization is compliant with their Oracle licensing, small or large organizations. We have conducted Oracle licensing assessments for over 300 companies, so far one company has been compliant.
Oracle software is very expensive, 8 cores of intel processor equals approx $ 300,000 in license fees and maintenance. If you miscalculate or misunderstand a licensing policy, it very quickly gets expensive.
Oracle customers should as soon as they recieve the audit notification, contact an Oracle licensing expert who can analyze the same license compliance scripts as Oracle uses. They conduct an audit before Oracle is allowed to start its own audit.
90%+ of all compliance issues are due to lack of knowledge of Oracle licensing rules and or policies, these can be remediated before the audit begins.
If you have an Oracle audit report and made the mistake to go alone, there are still many things an Oracle licensing expert can help with. Such as reviewing findings to identify errors in the report or find the most optimal way of licensing.
Oracle License Audit Process
Understanding the Oracle Audit Cycle
Oracle typically audits customers every 3 to 4 years. However, this timeframe can vary. If you’re an Oracle customer who has previously been found out of compliance with your Oracle software license agreements, you’ll likely face an audit again.
Similarly, if you decline to purchase Oracle software licenses and cloud services, your chances of being audited by Oracle increase.
The Challenge of Oracle Audits
Managing Oracle audits can be complex due to the lack of software tools that accurately measure your licenses. It usually requires a combination of the following:
To accurately measure Oracle licenses. According to our records at Redress, out of the 300 licensing assessments we’ve conducted over the years, only one organization has been fully compliant.
Proactive Management of Audits
Audits can be easier to manage if you’re proactive upon receiving the audit notification letter from Oracle. It’s crucial to:
Quickly engage with an Oracle license expert
Understand your licensing position before the audit begins
By doing so, there’s a strong chance you’ll pay zero to Oracle after the official license audit.
Mastering the Oracle Audit Process
Mastering the Oracle audit process is essential for companies to take control and avoid unnecessary fees to Oracle. Remember, you have 45 days to reply to the Oracle audit. This means you have 45 days to:
Review your Oracle licensing
Make sure your licensing is in order before the audit begins.
Come up with an Oracle audit defense plan
Taking these steps can help ensure a successful audit outcome.
The Oracle Audit Process Simplified
Here’s a breakdown of the Oracle audit process, simplified for better understanding:
1. Oracle Audit Notification
Oracle LMS will send a friendly notification letter to your CFO, CIO, or both. This letter notifies you of Oracle’s intention to perform an audit of your Oracle software licenses. The letter will also indicate whether the audit will be conducted by Oracle directly or by an Oracle reseller/partner on their behalf.
2. Audit Kick-off Meeting
During the kick-off meeting, Oracle aims to agree on a timeline for you to share all necessary data. This step is crucial as Oracle’s audit process depends entirely on your cooperation and data provision. Oracle audits rely on you running their Oracle LMS scripts or license compliance tools.
3. Data Sharing & Oracle LMS Scripts
Oracle provides you with access to a web-based license audit portal. You’ll be asked to answer a questionnaire about your Oracle usage here. It’s important to provide accurate information in this portal.
You can then download the Oracle LMS scripts that Oracle wants you to run and upload the output in the same portal. We advise not to share any data with Oracle that you haven’t independently analyzed.
4. Oracle Audit Report
You’ll receive a report approximately 4-6 weeks after you’ve shared the data with Oracle. This is usually a “preliminary report,” where Oracle asks you to review the findings and confirm whether you agree.
If you’re at this stage, do not agree with the findings until you’ve had an Oracle licensing expert provide a second review of the license audit findings.
The reports are almost always issued in the second month of Oracle’s financial quarter. You have 30 days to purchase licenses for any shortfalls identified in the reports. Hence, you can expect the report in the second month of the quarter.
What can trigger an Oracle Audit?
Hardware Environment Refresh: If you’ve conducted a hardware environment refresh within the past 24 months, it could trigger an audit.
Old or Outdated License Metrics: Using old or outdated license metrics can raise a red flag for Oracle.
Mergers and Acquisitions: If your company has recently undergone a merger or acquisition, it could trigger an Oracle license audit.
Failure to Renew Unlimited Licensing Agreements (ULAs): If you’ve failed to renew your ULAs, it could lead to an audit.
Recent Changes in Software Spend: A sudden change in your software spend can alert Oracle and potentially trigger an audit.
Declining to Purchase Oracle Software Licenses and Cloud Services: If you refuse to purchase Oracle software licenses and Oracle cloud services, you’re more likely to be audited by Oracle.
Understanding Oracle LMS / Oracle GLAS
Oracle LMS, which stands for Oracle License Management Services, is Oracle’s official audit organization. Reporting directly to the Oracle CFO, this organization operates independently from the Oracle sales team. In 2020, Oracle LMS was renamed Oracle Global License Advisory Services (GLAS).
The organization is structured into several groups, with the main workforce in Bucharest, Romania. This team is responsible for conducting all licensing analyses of Oracle LMS script outputs, including:
Oracle LMS has local members in most countries/regions worldwide. These individuals act as project managers and the face of the Oracle license audit. Their responsibilities include:
Hosting all Oracle license audit meetings
Creating the audit project plan
Presenting and writing the audit report
These local members work closely with the local sales teams to decide which Oracle customers are selected for Oracle license audits. However, most of the Oracle licensing audit work is done by Romania’s technical analysts.
Oracle LMS Audit Negotiations
It’s important to note that Oracle LMS does not negotiate commercial contracts with its end customers. The Oracle sales organization manages this task. The Oracle sales teams and LMS often play the “good cop, bad cop” game. However, don’t be fooled by this tactic – the Oracle sales teams pull all the strings at Oracle.
Understanding Oracle JPE
Oracle JPE, short for Joint Partner Engagement, is an Oracle initiative that uses Oracle resellers to conduct and manage Oracle license audits.
Oracle does not pay the JPE partners any consulting fees and is only rewarded if they can resell licenses to cover any shortfall in the Oracle license audit report.
Warning: This is a red flag for anyone familiar with Oracle licensing. Oracle licensing around many topics, such as Virtualization, Cloud, and DR, is vague and open to interpretation.
Having a company managing software audits with an incentive to resell more licenses is questionable – you can imagine that the Oracle licensing interpretations are unfavorable to the end customer.
What is Oracle SIA?
Oracle SIA, short for Oracle Software Investment Advisory, is an initiative started by Oracle to help more customers transition to Oracle cloud and educate and train its customers about Oracle licensing topics. Former ex-Oracle LMS auditors account for 80% of its staff.
However, the results of this initiative have been clear. Many Oracle customers who started conversations with Oracle SIA about their licensing were surprised when Oracle SIA discovered non-compliance during those educational sessions.
Oracle SIA has turned help into threats of official Oracle license audits unless a purchase for new licenses was made.
Recommendation: It’s advisable to seek independent advice on Oracle licensing, not from the vendor.
What is Oracle LMSCollection Tool?
Oracle LMSCollection Tool is Oracle in-house developed set of scripts for measuring its customers Oracle software environments.
Oracle customers are allowed to use this script for measuring Oracle licenses, however the difficulty comes into being able to correctly interpret the output towards a license requirement.
Our recommendation – if you want independent advice on Oracle licensing or cloud, you should work with a third party that is not incentivized to push you into one direction.
If you are under an Oracle license audit and need Oracle audit support, contact us and we can start to help you as fast as possible.
How to manage the Oracle audit
Before the audit begins
Delay the Oracle license, you normally have 45 days to acknowledge you have received the audit letter. This is the time when you should quickly engage with an Oracle licensing expert to review your licensing.
This should be an ex-Oracle auditor who has helped hundreds of Oracle customers before and can use the same tools and methods that Oracle will use in the official audit.
Three Oracle license compliance risks
1. Oracle Database Compliance Risks
Oracle products have different editions, make sure that you have installed the correct version. Oracle database also have additional features that requires additional licenses. If you unknowingly have used those features now or in the past, you will be required to purchase licenses for both past and active usage.
2. License Metric Mistakes
Oracle have different rules for how to calculate Oracle licenses for processors (CPU) or Named User Plus. It is important to review the hardware you are running and understand Oracle licensing rules to make sure you have sufficient Oracle licenses to cover your needs.
There are for example user minimums for each product, 25 user minimums for Oracle database enterprise edition and the options must have matching quantities and metrics.
If you are deploying Oracle licenses in AWS or Azure, there are rules for how to calculate the licensing when deploying in public cloud.
Many Oracle customers are being caught out in license audits because they are not aware of these licensing policies.
FAQ on Oracle license audits
Our CIO/CFO received an Audit Letter and now Oracle LMS is contacting us. Do we need to reply to their letter?
Take your time, per your contracts with Oracle – You normally have 45 days to reply to the notification. You have no contractual obligation to acknowledge the letter until the 45 days are up. If you want more than 45 days, you can try to negotiate a contract term giving you 90 days notice period.
We received an e-mail from our sales rep with a excel spreadsheet they want to fill in with our licenses. Do we need to co-operate?
No, you have no obligation at all. This is not a formal audit.
What happens if we dont reply to Oracle within the 45days?
Oracle will start to “chase” you, but there will not be any consequence of delaying. Once Oracle contacts you just let them know that you missed the notification and are willing to discuss the audit.
Can we postpone the audit ?
Yes, this happens all the time. For how long that depends how well you negotiate with Oracle. – The Oracle audit clause says “the audit shall not reasonable interfere with your business operations” Oracle are often nice enough to delay an audit for a few months if you can provide them with a good business justifiction why you want to postpone the Oracle licensing audit. Good reasons can be you are currently undertaking changes in your IT infrastructure.
Can we persuade Oracle to cancel the license audit ?
That is more difficult, but I have seen it happen, usually that involves you making a large purchase. Then Oracle can withdraw the audit notification.
What should be our first step after we have recieved the audit letter?
Review your contracts, what does the audit clause say? Do Oracle have the right to audit you? Action to take: If you as many others don’t have copies of your agreements, you might now want to contact Oracle to get copies of all the relevant agreements. only support renewals are not sufficient, should be Oracle OMA, OLSA and Ordering Documents.
We reviewed our Oracle audit clause, -And we have come to the conclusion that Oracle has the right to audit our company. What should be our next step?
Now you should negotiate an NDA, ask Oracle to sign your company NDA. This usually takes them a few weeks, buying yourself more time to prepare for the audit.
And once our NDA is signed by Oracle?
Oracle always wants to schedule a kick-off meeting ASAP. The purpose of such meeting is to discuss the project plan, sharing scripts and so forth. Getting your agreement on specific dates when you will submit the data to Oracle. Our advice is to instead use the next meeting to negotiate:
Negotiate which legal entities are included in the audit. There can be both benefits and drawbacks with including all majority subsidiaries, especially if you are a global company. Negotiate the timeline of the audit and how the audit will be conducted. What tools and output will Oracle ask for? By establishing the parameters, you can then say no to Oracle if they want to expand the audit or ask for additional information. If you don’t want to run Oracle Audit Scripts, can you supply Oracle with data manually? Negotiate are there any onsite visits included? Which products should be in scope of the audit?
Oracle is asking us to schedule a kick-off meeting, why are they in such a rush?
Oracle always wants to schedule the kick-off of the audit as soon as possible, say no to that. Oracle suspect that the more time have to prepare for the Oracle audit, the bigger chance that you might discover any license gaps and fix them before the audit begins.
During the audit will Oracle come onsite to my datacentre?
hey have no right to access your data centre, and they also do not have any discovery tool finding all of your Oracle Software. The Oracle audit cannot take place without your collaboration. Which is something to keep in mind.
We are a global company and Oracle wants to license audit a subsidiary of ours. Should we allow it?
You can try to say no, for how can Oracle on a local level determine if they have enough licenses. You might have spare licenses on another subsidiary that might cover any license shortfall. The audited subsidiary might have a shortfall of 20 Weblogic Licenses, but those might be available from another entity. It is very difficult for Oracle to conduct an Oracle licensing audit on a subsidiary as you may have a surplus of Oracle licenses on another legal entity.
Oracle wants to include our Oracle ASFU Licenses in the Oracle licensing audit?
This is not allowed, But i have seen that Oracle LMS sometimes to include Oracle ASFU licenses. Per contract any audit on ASFU licenses should go thru the partner from which you bought the Oracle ASFU licenses.
Why is our company being selected for an license audit? Is it simply “our turn”?
No, there is no such thing as a “your turn-system” when it comes to Oracle License Audits. The software audits are not random. You have been selected by your Account Manager with the support of Oracle LMS. There is almost always a reason to suspect that Oracle have good reasons for suspecting you are audited. Some customer have not been audited for 10 years others are audited every 3-4 years.
Most common reasons for being selected for an Oracle audit are:
You have Old License Metrics or NUP licenses (Tech) You have acquired a company or merged with another company, by default you can be non-compliant on simply the contract itself. You have made a large hardware refresh, which often changes licensing requirements. You have not been audited for more than 3 years. You have Oracle EBS but don’t have full use licensing for technology. Oracle (often Sales) have heard that you are using virtualization technologies. (VMWare) You have logged support tickets with Oracle and in the ticket, you are describing using technology features that you don’t have a license for. You decided to NOT to accept an Oracle licensing or cloud solution. You told Oracle that you are not interested in meeting or have any new “projects” that might involve buying more Oracle Software. You have a new sales rep; some sales reps believe in auditing customers more than others. Declining to renew your Oracle ULA. You were non-compliant in the last audit What activities should I do internally?
While we fend off Oracle with NDAs and negotiations, what actions should we take internally?
You need to figure out what is the compliance gap you have and how to fix it before the audit starts. 95% of all Oracle audits have a shortfall and usually they are in the millions. But most of the license gap is not because customers are “over-using” Oracle.
The main culprit is:
A lack of knowledge of Oracle licensing and contract policies. After being involved in a lot of Oracle audits on (both sides of the table) i estimate that 90% of all non-compliance could have been fixed by the company. If they only had the right licensing knowledge. This can be resolved by performing a pro-active license review If you do that there is a good chance you dont need to pay Oracle anything the next time you are audited. If you are found to be struggling with being compliant with Oracle, it comes down to you not realizing that you need to invest in proper resources. (and i am not talking about a SAM tool) far too many companies have bought into the marketing hype of the SAM tool vendors who promises everything. This is not rocket science, if you want to pay zero engage with someone like Redress Compliance, who are ex Oracle License Auditors and knows how to measure your Oracle deployments with Oracle license compliance scripts.
If we determine there is a license shortage – should we buy those licenses before the license audit begins?
Oracle will almost always take your order now instead of waiting for the audit completion which can be many months in the future. You have a stronger negotiation position to purchase before the audit begins rather than after.
How do we figure out what our Oracle license position is?
I strongly recommend – get external help by a partner who can analyse Oracle audit scripts. Once Oracle hands the lms scripts over to you. You run the scripts and then give the licensing partner the output first. They can analyse what Oracle will find out once they get the output. Also review the most common reasons for being audited and you might find out why Oracle believes you are non-compliant. The only people who dont want you to get external help is Oracle, because then they will not get much revenue.
We have not made any changes to our Oracle environments since the last Oracle audit. Should we have any concerns about our compliance position?
Are you aware of what features IT staff or DBAs have used when operating your Oracle environments? It could have been a DBA 2 years ago who used features that triggered license purchase. But there are no warning flags. But Oracle will detect that in the audit. I have seen it many times. Remember there is a reason why Oracle is auditing you, they expect to get revenue.
We are not a big Oracle customer, should we be concerned?
We have helped companies that only have 5 servers of Oracle Software running and they are being found to be millions of euros non-compliant. One customer had 4 servers and was facing a 9-million-euro license gap.
What mistake sofware audit should we avoid?
Don’t hand over any SAM tool data to Oracle, you need to analyse it. The Oracle verified tools by Oracle are not verified to analyze them correctly. If they were Oracle would trust your SAM tool reports. No they want the raw script data under the tool, which will show you are out of compliance. Also even if you have skilled in-house Oracle SAM staff. If you should consider get external help in if you are under audit – It can help to have a “fresh” eyes looking at data to verify that you are correctly licensed.
We trust Oracle to do the right thing, we have a good business relationship with Oracle. Why should we use external help?
Oracle audit organization have gone thru a large re-organization. Most of their audit staff is now based in Romania. The average experience of a consultant is probably 1-2 years. Even how good-hearted Oracle can be, by having in-experienced license auditors will to lead to mistakes. It can be good to make sure you keep them honest by getting external help.
By doing so might actually save your relationship with Oracle, as most companies that have “soured” on Oracle – have done so because they felt they were unfairly treated in an audit.
Where in the contract does it say i need to run Oracle audit scripts?
In the Oracle audit clause, you can find it in your Oracle OMA. Many contracts does not mention running Oracle data measurement tools However some later versions do have contract language saying you need to run Oracle data measurement tools. If you are audited by Oracle, Redress Compliance can analyze the Oracle LMS Script and tell you what Oracle will discover in the audit. By doing the independent audit it will give you more options before the official Oracle audit begins
How to do an audit in Oracle?
Work with an independent Oracle licensing specialist like Redress Compliance. We can tell you your license position and you can take the appropiate actions to be compliant with your Oracle software assets.
Which tool does Oracle use when they are auditing customers?
Oracle uses Oracle LMS Collection Tool. An in-house developed set of scripts that are able to measure licensing and deployments for Oracle database, middleware and Oracle applications.
We tried to do the audit with Oracle ourselves, can you still help?
Yes, In almost every Oracle audit report that we review we find errors. These erros can either reduce the findings or make your negotiation position stronger. Look at Oracle price list and compare to our services price. It is easy to make an ROI.
How quickly can you help us?
We are usually able to start an engagement within a couple of days after agreeing to the commercial contract between you and us.
What is included in the preliminary report we received from Oracle after the audit, and what should we do with it?
The preliminary report contains Oracle’s findings on your software deployments, backups, and number of users. It’s important to review the information to ensure there are no mistakes and to confirm the accuracy of the report.
How can the audit report be inaccurate?
You may have provided Oracle with incorrect information about your Oracle deployments, backups, or number of users. Additionally, Oracle may make mistakes in their calculations or miss licenses that you have.
What other types of mistakes can Oracle make in their audit report?
Oracle may miscalculate licensing, misinterpret contract terms, or overlook licenses you have already purchased. The possibilities are many.
Does Oracle deliberately include errors in their audit reports?
No, it is simply because the Oracle License Management Services (LMS) team that conducts the audit often has auditors with only a few years of experience in Oracle licensing. To understand Oracle licensing thoroughly, you need years of experience
What else should we consider when reviewing the audit report besides errors?
Oracle will typically assume the worst-case licensing scenario, which may not be necessary for your specific situation. There are many licensing models available for Oracle software, and it’s important to understand which model is most appropriate for your organization.
Do we have to purchase the licenses that the audit report says we are missing within 30 days?
No, it is best to acknowledge that you have received the report and need time to review it. Never agree with the report right away, as this will start the 30-day period during which you must resolve any licensing gaps with Oracle.
Can we negotiate discounts when resolving the audit?
Yes, but expect the discounts to be lower than the ones you may have received in the past. The average discount for audit-related purchases is around 30-40% lower than regular purchases.
How do we understand the implications of the audit report’s many different “issues”?
Oracle will present all possible issues, and it’s essential to determine which ones apply to your organization and which ones you can dispute. Understanding what Oracle expects you to pay for is crucial to the negotiation process.
Do all customers get treated equally in a license audit?
Unfortunately, no. Your success in an Oracle license audit depends on your knowledge, negotiation skills, and determination to pay zero. It’s best to work with expert firms who can share their experiences with other companies to avoid overpaying.
What if Oracle starts the 30-day countdown before we confirm the findings?
Let Oracle know that they are incorrect and that you need more time to review the report.
Can we extend the 30-day negotiation period by talking to Oracle?
Yes, the rule of thumb is that negotiations can extend until the end of Oracle’s fiscal year (end of May). However, Oracle may not agree to extend it beyond this date.
If we are missing licenses and our contracts are incomplete, what should we expect from Oracle?
If the missing licenses and incomplete contracts are identified together, Oracle may waive them if you purchase on-premises software licenses. However, if there are no gaps, Oracle may ask you to purchase new software. It all depends on who at Oracle is negotiating the audit.
Will Oracle provide us with a commercial proposal for the missing licenses identified in the audit report?
No, Oracle does not provide a commercial proposal for the missing licenses. You will need to calculate the number of licenses required and refer to the Oracle price list available on their website.
How often are there errors in Oracle’s audit reports?
Almost every audit report has substantial errors. Oracle tends to assume worst-case scenarios, leading to over-licensing. It’s important to review the report thoroughly and dispute any errors to avoid overpaying.
Do we need to purchase licenses for accidentally using Oracle products, such as Database Enterprise Edition Options?
Yes, if you are using Oracle products without the proper licensing, you will need to purchase licenses. However, it’s essential to review your Oracle licensing to ensure compliance before Oracle conducts an audit.
What should we consider when agreeing to a commercial deal with Oracle before the audit report?
Ensure that you document in an amendment with Oracle why you are acquiring the licenses. This will provide clear backup documentation if Oracle questions your compliance in the future.
Is it helpful to have someone review the audit report to ensure there are no errors and to position the optimal licensing model?
Yes, it’s highly recommended to engage an Oracle licensing expert before the audit to avoid complications. Identifying and addressing any issues before the audit begins can save time, money, and headaches.
Does the audit report include processor calculations for deployments in virtual environments?
Yes, the audit report will include processor calculations for virtual environments such as VMware. However, licensing Oracle software in virtual environments can be complex, and it’s best to have an Oracle licensing expert to advise on these discussions.
What is the difference between a preliminary and final Oracle license audit report?
The only difference is that with the final report, you are contractually obliged to resolve any licensing gaps within 30 days. Do not agree with the report’s findings, as it will start the clock ticking.
What is your best and final advice?
Contact us to get help, engaging with us may be the best investment your company makes this year.
Oracle License Audit Defense Service
Our Oracle License Audit Defense service is delivered by former Oracle license auditors, and includes the following services:
Oracle Licensing Assessment: We assess your current Oracle licensing and provide a comprehensive report on your compliance status.
Oracle License Compliance Report: Our report includes a detailed analysis of your compliance risk and financial exposure, as well as recommendations for solving any compliance issues.
Contractual Compliance Review: We review your contracts and agreements to ensure that you are meeting all of your contractual obligations and maximizing your licensing benefits.
Advisory in Oracle License Audit: We provide guidance and support throughout the entire Oracle license audit process, from initial notification to final resolution.
Audit Negotiation Service: Our experienced negotiators work on your behalf to minimize any financial exposure and ensure a fair outcome for your organization.
Most of Redress Compliance clients end up paying zero to Oracle in audit penalties, contact us today to get help!
Fredrik Filipsson possesses 20 years of experience in Oracle license management. Having worked at Oracle for 9 years, he gained an additional 11 years of expertise in Oracle license consulting projects. Fredrik has provided assistance to over 150 organizations worldwide, ranging in size and tackling various Oracle licensing challenges, including Licensing Assessments, Oracle audits, Oracle ULAs, and more.