The Top 10 Triggers (and Deterrents) of an Oracle Audit


Let’s Dice_Risk Outcomes_June_2016be clear from the outset, Oracle software audits are not random.  Oracle is not going to waste their resources on efforts that will yield little to no results.  Oracle focuses where they know there is opportunity. Oracle’s Licensing Management Services (“LMS”) will tell you otherwise, but there are a number of triggers that will get you in their audit crosshairs.

Organizations concerned about potentially being selected for an audit often share the same feelings, fear and anxiety of the unknown.  Now, based upon our research and experience working with Oracle customers, we have taken a step to shed some light on the unknown by compiling a self-assessment questionnaire to gauge the likelihood of your organization being audited.

1. Have you received an Oracle license review notification letter?

  • Be concerned if the answer is “Yes”. Generally speaking, there is no difference between an Oracle license review and a license audit, except for the veil of assistance proffered by Oracle. An Oracle license review simply sounds friendlier and requires collaboration from the end-user. But make no mistake about it, you are being audited.

2. Have you conducted a hardware environment refresh within the past 24 months?

  • Oracle databases are typically licensed on a processor-based metric and any hardware refresh is likely to increase the processor count. For organizations adding or upgrading their servers, the resulting increase in processing power may lead to an increase in core count per processor as well as processor count per cluster. More often than not, this scenario results in additional license requirements. Further, organizations making changes in server type need to refer to the Oracle Processor Core Factor Table to apply the appropriate core processor licensing factor, which is another pitfall customers sometimes forget to factor into determining their license requirements.

3. Have you been audited within the past 36 months?

  • In recent years, most organizations typically conduct a hardware refresh every 3 to 5 years to boost productivity and reduce costs. Oracle LMS audit frequency coincides with these hardware refresh cycles. This interval may differ if Oracle learns of changes to your environment.

4. Are you using VMware vSphere 6 for virtualization? 

  • Oracle does not allow soft partitioning (a.k.a virtualization) as a means to circumvent its licensing rules. If you are running an Oracle database combined with VMware’s recent virtualization software, vSphere 6, things get more complicated. Because this version of vSphere enables Oracle customers to move virtual machines running Oracle databases and applications across servers within clusters of servers, Oracle requires its licensees to license their entire server farm, which most licensees are either unaware of or choose not to do on their own as these license fees can be very substantial. Therefore, Oracle looks to audit wherever they suspect vSphere 6 to be deployed.

5. Have you completed any mergers or acquisitions within the past 24 months?

  • This one is a pretty straightforward red flag for Oracle. During an M&A event, tracking IT assets and software licensing entitlements becomes difficult and reassigning licenses may easily lead to non-compliant practices. Any type of acquisitioned growth typically results in increased license requirements, with a heightened risk of being audited.

6. Have you experienced any significant organic employee or revenue growth greater than 10% per year in the past 24 months?

  • Similar to the effect of M&A activities on your IT environment, significant organic growth is likely to increase your licensing requirements and your Oracle sales rep may recommend to Oracle LMS department to look into matters through an audit or license review as discussed above.

7. Have you recently acquired competing solutions or displaced Oracle solutions within the past 24 months?

  • Oracle won’t let you go easily. Oracle audits can be used to discourage customers from selecting competing products and are also used to uncover if the use of any third party products necessitate additional Oracle licenses.

8. Have you cancelled or reduced any support agreements within the past 24 months?

  • Support fees are Oracle’s lifeblood and any reduction in support fees can prompt an audit to ensure all requirements and usage of remaining products are properly licensed.

9. Are you currently under a ULA for technology products or applications?

  • Unlimited Licensing Agreements (“ULA”) provide unlimited licenses for a specific period of time for technology products and/or applications. If you are currently under a ULA, Oracle is highly unlikely to audit for products covered under the ULA since no additional license fees would be owed. However, Oracle may still choose to audit for product licenses outside of the ULA.

10. Have you made Oracle Cloud purchases within the past 24 months?

  • Oracle is aggressively pushing its cloud. In fact, a number of UpperEdge clients have experienced pressure from their Oracle sales reps to make some cloud purchases to “resolve” an ongoing audit. Organizations having recently acquired some Oracle cloud subscriptions may deter audits for on premise licenses so as not to deter continued cloud investments with Oracle.

While we cannot predict every Oracle audit scenario, the business events and scenarios listed above represent some of the top red flags targeted by Oracle LMS. A good understanding of these triggers will allow your organization to better prepare for an audit by ensuring you have the appropriate internal policies and procedures in place to accurately monitor your licensing usage in accordance with your license entitlements. For additional information on what to expect during an Oracle software audit, here is a link to an earlier blog post from our team at UpperEdge.

UpperEdge is currently developing a web application for organizations to assess the risk of being the target of an Oracle audit. Subscribe to our Blog or send an email to ecouesbot@upperedge.com to receive access to our upcoming Oracle Audit Risk Profile Assessment tool when it becomes available.