Oracle's Two Audit Structures and Why They Differ
When most people say "Oracle is auditing us," they mean LMS — Oracle's License Management Services team, the older and more widely experienced of Oracle's two audit arms. But since Oracle's commercial restructuring in 2019, understanding oracle LMS vs GLAS has become essential for any enterprise dealing with Oracle compliance questions. Each team has a different scope, different evidence-gathering methods, different commercial leverage points, and requires a meaningfully different defence approach. Treating both as interchangeable is a consistent mistake that leads to weaker audit positions and higher settlement outcomes.
The oracle LMS vs GLAS distinction also matters because many large enterprises now face both teams simultaneously — their on-premises Oracle Database, WebLogic, and Java estates fall under LMS jurisdiction, while their OCI (Oracle Cloud Infrastructure) workloads and SaaS subscriptions fall under GLAS oversight. A company with a complex Oracle estate that spans both on-premises and cloud may receive audit notifications from both teams within the same fiscal period. Read the complete Oracle License Audit Defence playbook for the full engagement framework, and use our Oracle Audit Risk Assessment to score your exposure across both audit channels.
Oracle LMS: The On-Premises Enforcement Engine
LMS — License Management Services — is Oracle's primary audit enforcement team for on-premises and hybrid deployments. LMS has operated in its current form since the early 2000s and has accumulated deep institutional knowledge about how enterprises deploy Oracle software, where shortfalls occur most commonly, and how to convert discovered shortfalls into commercial outcomes for Oracle. When LMS sends a formal audit notification, they are initiating a structured process that has been refined over hundreds of thousands of engagements globally.
LMS audits follow a predictable methodology. First, Oracle issues a formal notification letter citing the relevant audit rights clause in your agreement. Second, LMS requests that you run Oracle's proprietary LMS scripts — Java-based tools that scan your server estate and return detailed deployment data including product names, version numbers, and option configurations. Third, LMS reviews the script output and prepares a preliminary findings report showing all products deployed against all products licensed, with any shortfall priced at Oracle's full list price. Fourth, LMS presents findings in a structured discussion (typically called a "findings review") and begins the commercial negotiation phase.
LMS's primary leverage tool is information asymmetry. Their scripts collect more data than most customers realise they are providing, their product knowledge allows them to identify shortfalls that customers are unaware of, and their commercial experience means they understand exactly where settlements can be extracted. The most significant leverage point for the customer is the preparation phase — a well-documented licence position that challenges LMS's counting methodology before findings are presented. Our guide on how to respond to an Oracle audit letter in 30 days details exactly how to prepare that position. Download the supporting materials from our Oracle Audit Defence resource page.
Facing an LMS or GLAS Notification?
Redress Compliance handles both LMS and GLAS audit engagements. Our team understands both teams' methodologies, scripts, and commercial playbooks — and provides the independent position-building and negotiation support that changes settlement outcomes.
Talk to an Oracle SpecialistOracle GLAS: The Cloud Compliance and Advisory Function
GLAS — Global Licensing and Advisory Services — is Oracle's newer enforcement function, established formally to address the compliance and commercial issues arising from Oracle's cloud transition. GLAS operates with a different model from LMS. Where LMS initiates adversarial audits, GLAS positions its engagement as an "advisory" process — reviewing how customers are using Oracle cloud services and ensuring their contractual structure aligns with their actual usage. In practice, the advisory framing masks the same commercial objective: identifying shortfalls and converting them into revenue.
GLAS focuses primarily on Oracle Cloud Infrastructure (OCI) deployments, Oracle SaaS subscriptions (Fusion ERP, HCM, CX), and hybrid scenarios where on-premises Oracle agreements may or may not extend rights to cloud deployments. One of the most complex GLAS scenarios involves organisations that hold Oracle ULAs or PULAs and are migrating workloads to OCI — the question of whether BYOL (bring your own licence) rights extend to OCI under their specific agreement terms is a significant source of GLAS-driven commercial disputes. Our comparison of Oracle ULA vs PULA structures is directly relevant to understanding how your contractual position affects GLAS risk.
GLAS evidence gathering is structurally different from LMS scripts. Because Oracle has direct access to OCI and SaaS usage data, GLAS does not need you to run scripts — they already have the consumption data. Their leverage is contractual and commercial: whether your authorised use cases cover actual workloads, whether your subscription tier covers actual feature usage, and whether any cloud migration activity requires additional contractual entitlement. For organisations running Oracle workloads in AWS, Azure, or Google Cloud, GLAS can also assess whether BYOL deployments in those environments comply with Oracle's third-party cloud licensing policy, which restricts BYOL to a limited list of authorised cloud providers and specific configurations.
Migrating Oracle Workloads to Cloud?
GLAS scrutiny increases significantly during cloud migration. Our Oracle Cloud Migration Readiness Assessment identifies licence compliance risks before your workloads move — not after GLAS reviews your OCI usage data.
Start Cloud Risk Assessment →How to Structure Your Defence When Both Teams Are Involved
The most complex oracle audit scenarios are those where LMS and GLAS are active simultaneously. This happens most often in organisations that have legacy on-premises Oracle estates alongside active OCI or SaaS deployments — a configuration that describes a large proportion of Fortune 500 Oracle customers. In these situations, the two teams share information between themselves, meaning your position in one engagement can inadvertently affect the other.
The critical principle for dual-team defence is that your overall Oracle position needs to be managed as a single, coherent strategy — not as two separate audit processes. Concessions made to LMS on virtualisation counting methodology can create precedents that GLAS applies to cloud workloads. Conversely, statements made in GLAS advisory discussions about intended cloud usage can inform LMS's view of your on-premises entitlement needs. Ensure that all communications in both engagements are coordinated through the same advisory team with a single position document that covers your entire Oracle estate.
The ULA and PULA dimension is particularly important in dual-team audits. If you are in an active ULA and also deploying on OCI, the question of whether your ULA covers OCI workloads is both an LMS issue (at certification) and a GLAS issue (for current consumption). Our full guides on Oracle ULA exit strategy and ULA renewal negotiation cover the cloud licensing dimension of both ULA and PULA programmes. To understand how both audit teams could affect your specific Oracle estate, book a confidential advisory call with our team, or explore the full resource library in our Oracle Knowledge Hub. The complete framework for handling Oracle audit intelligence and settlement is available in our Oracle CIO Advisory Playbook.