Navigating an Oracle Software Audit – Here’s What To Expect

Oracle NavigationSo, you received a letter from Oracle informing you that your company has been selected for a license audit, and now you’re asking yourself—why me?! Take a deep breath and remain calm, knowing that your company has followed the licensing rules and you have nothing to worry about. Well, that may not be entirely true, as Oracle’s sales teams can initiate an audit if they suspect non-compliance, which we have suspiciously found to happen more often once price protections have expired and/or the licensee’s products or metrics are out of date. However, you also could have been systematically selected for an audit by Oracle’s License Management Services (LMS), which tends to occur every 3-4 years. With that said, let’s discuss what you can expect from Oracle and how to navigate this license audit process.

What Will Oracle Ask You To Do?

Oracle will initiate the audit by providing you a letter stating their intent to conduct an audit, or they may refer to the audit as a “license review”. The letter will specify the purpose of the audit is to verify the quantity and type of Oracle products currently licensed, validate the current usage, and reconcile the license entitlement with the actual license usage. This letter will be accompanied by an Oracle Server Worksheet, an Excel sheet that requests in depth information about your IT infrastructure. Additionally, Oracle will almost certainly request that you run their scripts on your servers, which will generate reports for you to return to Oracle detailing the results.

What Are Your Obligations?

Ignoring the audit request is not a viable option. Your agreement likely provides Oracle with the right to initiate a software audit by providing you with 45 days advanced notice of Oracle’s intention to conduct an audit, and includes the affirmative obligation that you “cooperate with Oracle’s audit and provide reasonable assistance and access to information.” You may have developed some savvy delay tactics over the years, but unfortunately those will likely be viewed and interpreted as non-cooperation, which in many Oracle contracts is considered to be a material breach. This is not a desirable outcome because Oracle will then turn the matter over to their legal team, who are far less amenable to negotiation.

The first steps you need to take are to confirm receipt of Oracle’s letter and designate a single point of contact with Oracle. This is also an excellent time to seek outside assistance from contract negotiation consultants because the clock is ticking regarding your options.

You are probably now asking: what do I actually need to provide to Oracle? Well, Oracle’s “search warrant” is not unlimited. For instance, you are not obligated to run the scripts Oracle requested. Additionally, your agreement probably includes language stating that the “audit shall not unreasonably interfere with your normal business operations”, which limits Oracle’s ability to conduct a fishing expedition and completely disrupt your business. However, it is worth mentioning that this language is conspicuously absent from Oracle’s most recent license agreement template.

The level of effort that your company needs to put forth in assisting Oracle with the audit is a complicated issue. In short, you are only required to cooperate and provide reasonable assistance and access to information about your Oracle software deployment and usage details. UpperEdge can help coach you as to what data you need to provide and what level of cooperation is considered “reasonable”.

Proactive Activities

Based on our experience advising clients during Oracle audit negotiations, we recommend that you do the following as soon as possible:

  • Internally review your Oracle contracts for specific rights and obligations that may have been negotiated relating to the audit;
  • Determine your contractual license levels from all Order Forms;
  • Identify your actual deployed licenses based on the associated product license metrics; and
  • Provide notice of the audit to all internal parties who have communications with Oracle to ensure that all further communications with Oracle flow through the single point of contact.

These steps will allow you to properly prepare by identifying your rights and licensing gaps prior to the audit and any subsequent negotiations.

A Compliance Gap is Discovered

If the results of your Oracle audit reveal that you are under-licensed, then I have a bit of bad news for you. Your Oracle agreement probably says that you have 30 days to pay for (1) the requisite licenses required to bring you in compliance, (2) the go-forward maintenance fees for the remainder of the year on the requisite licenses, and (3) the back maintenance fees on the requisite licenses pro-rated to the date when your company began using the licenses and became non-compliant. Per the standard terms of Oracle’s agreement, you have 30 days to pay, otherwise Oracle can terminate your license and support. This is a non-viable option for almost every organization, as ceasing to use the Oracle software within 30 days is simply not practical. The slight bit of good news is that any active price protections typically apply to the commercial resolution of your compliance issue, provided there are no restrictions in the price protection language.

With our wealth of experience, UpperEdge can help identify your options and alternatives for resolution, and assist you in quantifying your potential compliance exposure. We can leverage our Oracle intelligence to assist your company in developing a negotiation strategy that maximizes your leverage and minimizes your exposure.

If you found this article insightful, please share with someone else who might find it useful. If you find yourself in a situation where Oracle has informed you of an impending audit or simply want to learn more, contact UpperEdge to discuss how we can help. Also, if you are an SAP customer and are experiencing a similar software audit, please check out our SAP License Compliance post.


Leave a Comment