Locations

Resources

Careers

Contact

Contact us

Oracle Licensing / Oracle Software Audit

The Audit Journey: What Happens in an Oracle Audit?

What to Expect During an Oracle Audit:

  • Formal notification with questions about software use.
  • Running Oracleโ€™s compliance scripts to detect software usage.
  • Using the Oracle Audit Portal for data submission.
  • Oracle reviews data and presents findings.
  • Liability for past and current unlicensed use.
  • Negotiation phase with potential resolution discounts.

What to Expect During an Oracle Audit

What to Expect During an Oracle Audit

An Oracle license audit is a formal review of your organization’s use of Oracle software to ensure compliance with the terms and conditions of your licensing agreements.

The process can be daunting, but understanding what to expect will help you better prepare, mitigate risks, and avoid unnecessary costs. Here’s a breakdown of the key stages in an Oracle audit and how to navigate them.

1. Initial Inquiry and Information Request

The Oracle audit process begins with a formal notification from Oracle. This letter will detail that your organization has been selected for an audit and provide some initial instructions.

Oracle will also request essential information to set the scope of the audit, which usually includes:

  • Legal entities involved: Oracle will want to know which subsidiaries or entities within your organization use Oracle software.
  • Applications in use: You must outline which applications run Oracle software.
  • Territory deployments: Specify where Oracle software is deployedโ€”whether in on-premise data centers or in the cloud. Oracle will want to understand your organization’s geographical spread and deployment environment.

These questions help Oracle form a baseline for their audit, giving them a sense of the scale and complexity of your Oracle software usage.

2. Running Oracle License Compliance Scripts

After the initial information request, Oracle will require you to run their license compliance scripts on your systems.

These scripts are critical in gathering detailed data on how Oracle software is used in your environment.

The scripts:

  • Detect current software usage: They capture the extent to which Oracle products are used, including user counts and software configurations.
  • Identify past unlicensed use: Oracle audits don’t just focus on your current state. If their scripts uncover evidence of past usage of unlicensed software or features, even if the issue was years ago, you are liable for it. Oracle holds you responsible for all historical non-compliance, possibly leading to backdated fees or penalties.

It’s important to note that these scripts will provide Oracle with comprehensive data about your Oracle deployments, including details on user access, database features, and add-on usage.

3. Using the Oracle Audit Portal

Throughout the audit process, Oracle GLAS provides access to its Audit Portal, which will act as the primary tool for sharing data and tracking the audit’s progress.

The Audit Portal allows your organization to:

  • Download compliance scripts: These must be run across your systems to gather compliance data.
  • Upload gathered data: Once you’ve run the scripts, youโ€™ll need to upload the output back to Oracle through the portal for further analysis.
  • Share additional documentation: You may also need to submit other documentation, such as contracts, invoices, deployment records, and proof of licenses, through the Audit Portal.

The portal helps streamline the process, but the data shared is critical and must be carefully vetted before submission. Reviewing everything with an expert is essential to ensure youโ€™re providing accurate and complete information.

4. Review and Findings

They will begin their review once Oracle has received the compliance data and additional documentation.

Based on the data collected, Oracle will prepare a preliminary audit report that outlines its findings. This report may highlight potential licensing gaps, including:

  • Over-deployment: Using more licenses than you are entitled to.
  • Use of unlicensed features: For example, Oracle databases have several optional add-ons, such as partitioning, advanced security, or management packs, which require separate licenses. If youโ€™ve been using these features without proper licensing, Oracle will flag this.
  • Historical non-compliance: If Oracle finds that unlicensed products were used in the past, they will hold you liable even if theyโ€™re not in use now. This can lead to backdated license fees or penalties.

The findings report is a critical juncture in the audit. While it may seem like the end of the process, it’s just the beginning of a negotiation phase.

5. Liability for Past Non-Compliance

One of the more challenging aspects of an Oracle audit is the liability for past non-compliance.

Even if your organization is currently in compliance, Oracle will assess whether there were periods of unlicensed usage in the past. This is why it is crucial to run the compliance scripts yourself beforehand and review the findings.

Past mistakes, such as:

  • Accidental over-deployment of Oracle software,
  • Misuse of database options or add-ons that were not properly licensed or
  • Incorrect configuration of virtualized environments,

All can result in hefty financial penalties. Oracle typically looks for evidence of these activities going back several years.

6. Negotiation and Resolution

Once Oracle has presented its findings, the next stage is negotiation. Many organizations make the mistake of assuming Oracleโ€™s findings are final, but the audit findings can often be negotiated.

Key aspects of this phase include:

  • Understanding the findings: Not all findings are clear-cut violations. Oracleโ€™s interpretation of licensing terms may differ from yours, and some findings can be subject to interpretation. Knowing the intricacies of Oracleโ€™s licensing agreements can help you challenge certain report aspects.
  • Avoid paying unnecessary penalties: If some findings are not straightforward violations, you can challenge them and avoid paying for ambiguous non-compliance issues. For example, Oracle might flag that your contract does not necessarily cover usage, but a deep understanding can help you push back.
  • Backdated support fees: If Oracle uncovers historical non-compliance, they may demand backdated support fees for past years. These fees can add up quickly and significantly increase your financial liability, making this an important area for negotiation.
  • Discounts on new licenses: If you need additional licenses, you can negotiate a discount on those purchases. Oracle often offers discounts to encourage quick resolution, particularly if youโ€™re purchasing large quantities or making new investments in their products.
  • Adjusting terms and conditions: Finally, you can negotiate changes to the terms of your future licensing agreements, ensuring that they better align with your organization’s needs and reduce the risk of future non-compliance.

7. Proactive Steps to Minimize Risk

To protect your organization from Oracleโ€™s strict audit processes, it’s crucial to take proactive steps long before an audit notification arrives.

Steps include:

  • Conduct regular internal audits: Use Oracleโ€™s LMS tools to run periodic checks on your software usage. This gives you time to resolve any internal issues before Oracle gets involved.
  • Engage with an Oracle licensing expert: Before any data is shared with Oracle, consult an expert who can help you review the findings and identify risk areas. These professionals have in-depth knowledge of Oracleโ€™s licensing models and can often identify errors in Oracleโ€™s reports.
  • Document everything: Ensure all contracts, licenses, and deployment records are well-documented and readily available. When Oracle asks for this information, youโ€™ll be prepared, which helps speed up the audit and reduce uncertainty.

FAQ on What to Expect During an Oracle Audit:

What triggers an Oracle audit? Various factors can trigger Oracle audits, including contract renewals, mergers, increased software usage, or Oracleโ€™s internal audit policies.

What happens first during an Oracle audit? You will receive a formal notification from Oracle requesting information about your software usage and the legal entities involved.

What information does Oracle request in the initial phase? Oracle asks about legal entities, applications running Oracle software, and the geographical deployment of their products.

What are Oracle license compliance scripts? Oracle requires you to run these tools on your systems to collect data about your current and past software usage.

Why are the scripts important? Oracleโ€™s compliance scripts detect unlicensed usage and gather detailed data on your deployments, helping Oracle identify any non-compliance.

What happens if Oracle finds unlicensed use in the past? Oracle holds you liable for past unlicensed usage, not just current violations. They can demand retroactive fees for any unlicensed usage they discover.

How do I use the Oracle Audit Portal? The Audit Portal is used to download compliance scripts, upload data, and submit necessary documents like contracts and invoices.

What does the review phase involve? Oracle reviews the data submitted through the compliance scripts and creates a preliminary audit report outlining compliance issues.

Can I challenge Oracleโ€™s audit findings? Many findings can be negotiated, as Oracleโ€™s interpretations of their licensing terms are often open to discussion.

What are the risks of an Oracle audit? Thereโ€™s a significant risk of financial penalties for non-compliance, especially for past unlicensed use, unlicensed add-ons, or over-deployment.

What role does negotiation play in the audit process? After Oracle presents its findings, negotiation helps resolve issues, secure discounts, and ensure you donโ€™t pay for non-clear violations.

How can I reduce the scope of the audit? You can negotiate with Oracle to limit the audit scope to specific products or environments, which helps manage risks.

Can an Oracle audit be delayed? You can request a delay to give yourself more time to prepare and correct any potential compliance issues before the audit starts.

How can I prepare for an Oracle audit? Running internal compliance checks using Oracleโ€™s LMS tools, maintaining proper documentation, and working with a licensing expert helps prepare for the audit.

What happens after the audit concludes? Once Oracle presents its findings, you can negotiate the final settlement, including possible backdated support fees and discounts for new licenses.

Read more about our Oracle Audit Defense Service.

Do you want to know more about our Oracle License Management Services?

Please enable JavaScript in your browser to complete this form.
Author

  • Fredrik Filipsson has 20 years of experience in Oracle license management, including nine years working at Oracle and 11 years as a consultant, assisting major global clients with complex Oracle licensing issues. Before his work in Oracle licensing, he gained valuable expertise in IBM, SAP, and Salesforce licensing through his time at IBM. In addition, Fredrik has played a leading role in AI initiatives and is a successful entrepreneur, co-founding Redress Compliance and several other companies.

    View all posts