Oracle Audit Challenges
- Organizations that use Oracle software can expect to be audited every few years, and penalties for non-compliance can range into the tens of millions of dollars
- Professional management of the timing, communications and scope of an Oracle audit is important for optimized outcomes
- Oracle’s software licensing rules are complex, nuanced, and change frequently due to technological and non-technical developments
- Internal IT, Procurement and Executives have many responsibilities within the organization and limited ability to their expertise in Oracle Licensing rules and policies
Oracle Audit Opportunities
- Engaging specialized outsourced experts to oversee the organization’s audit response and negotiations greatly reduces the risk of non-compliance and associated unbudgeted expenditures
- Significant cost avoidance is possible through proper Oracle audit management
- Internal resources can make better and faster decisions with the help of trusted advisors who are subject matter experts in all aspects of software asset management
- Customized licensing options are available through Miro which Oracle doesn’t normally offer
Oracle Audit Overview
Oracle Audit Timing
No matter what stage of an Oracle audit you are in, Miro Consulting can help. The best time to start managing your Oracle audit is before you get the audit letter from Oracle, but the second best time is now, even if you already received your audit findings, Miro can help your organization negotiate the best possible outcome and avoid spending more than you should on your out-of-compliance costs.
Oracle audits all of their clients at least once every few years. Even if your organization is not being audited, likely it will be sooner than later, so the best thing you can do is prepare by understanding how a typical Oracle audit happens.
It’s vitally important to recognize the signs of an Oracle audit before it occurs, and not to mistake an Oracle salesperson’s communication for an official Oracle audit. For example, an Oracle account manager may suggest that you might have some licensing gaps and Oracle would like to help. They may even use the word “audit.” This is not a formal audit, yet. However, such a pre-Audit could be turned into a full audit if enough concern is generated from information shared during the pre-audit.
If you suspect that Oracle is about to audit your organization, contact us as soon as possible so you can prepare and control the audit conditions before it starts. Preparation is the most important part of an organization’s Oracle audit defense strategy, including how, when and what to communicate to Oracle at the start of the audit.
Formal Audit Letter
Oracle can also initiate an audit by sending a letter in the mail stating that they are engaging in their contractual right to audit the organization. Oracle tends to utilize this method when they are randomly choosing clients in which to perform audits. Miro can provide guidance through the entire process to ensure it achieves the most accurate and favorable outcome. This will involve everything from guidance for all communications, navigation details for the entire process, conveyance of all licensing rules pertinent to their particular situation, and negotiation strategies.
Step-by-Step Oracle Audit Response
Step 1: Negotiate Terms
The very first thing to do after an audit letter arrives is to validate Oracle’s right to audit the specified items. This is spelled out in the T&Cs of your SLAs. There should be rules and limits to the process, schedule and scope of audits, negotiated by your legal/ IT team in your original T&Cs. Before responding, try to determine the nuances , a defined scope for audit and cost parameters. To ensure the best possible outcome, it’s highly critical to contact a software license management expert before responding to the audit letter.
Step 2: Form Your Audit Team
Be sure to include appropriate experts from legal, IT and the C-suite. And, if you don’t have someone on staff with comprehensive, historical knowledge of Oracle’s tendencies, preferences and ongoing licensing changes, hire an outside expert. An Oracle expert can help you save money and optimize your licensing portfolio by negotiating the best T&Cs for you in the first place, and by helping you navigate the intricacies of the Oracle audit process after the formal audit letter arrives.
Step 3: Proof of Ownership
Collect and review all Oracle SLAs, and other renewal or procurement documents for proof of ownership. Oracle will want to review these items and this paper trail will facilitate the audit process. Do not assume that the Vendor will have a complete and accurate account of all your software license entitlements.
Step 4: Self-Audit
It’s very important to be fully aware of your licensing situation, including any shortfalls, before the formal audit, so be sure to perform a thorough self-audit that parallels Oracle’s license compliance assessment. Ensure that only those that require access to applications are given access to applications, along with any corresponding Oracle rules regarding particular license metrics.
If you don’t have someone on staff with comprehensive, historical knowledge of Oracle’s tendencies, preferences and ongoing licensing changes, hire an outside expert.
Step 5: Analyze Self-Audit Results
When reviewing the self-audit results, be sure to note how various enterprise modifications might have impacted Oracle licensing. Do your SLAs still conform to current business practices? Although potential violation areas are numerous, as any modification can impact Oracle licensing, pay special attention to potential areas of challenges and misunderstandings:
- Test servers: e.g., inadvertently taking software from brand-new development to production without additional licensing
- eBusiness user metrics and application user counts: double and multiple counting of the same user during audits are a typical oversight
- Software or hardware upgrades
- Disaster recovery process
- Backup and Restore processes
- Internet, intranet and extranet access
- Transfers of data to and from a system
- Merger and acquisition changes
- Geographic expansion
- Use of server virtualization
- Unplanned use of options or packs to which licenses were never purchased
- Transitioning all or a portion of your internal solutions to a Cloud service or Third-Party hosting site
- Use of Proprietary Application Hosting (apps used by your clients)
Step 6: Formulate a Plan of Action
The odds of finding your organization to be 100% compliant after a self-audit are slim. You’ll probably find several areas where you are either under-licensed or over-licensed, so get ready to cooperate and negotiate with Oracle. Licensing issues are not usually black and white, and situations vary from company to company in terms of how Oracle interprets “compliance.”
Unfortunately, SLA violations can cost hundreds of thousands, or even millions of dollars to true-up, depending on the size of your Oracle estate. Oracle will also go after clients for past use even if you currently no longer use the software in the same way, as previously installed software can leave a trail. They want to protect their intellectual property, but they also value your business.
Step 7: Prepare for Next Time!
Your next Oracle audit will undoubtedly come sooner than you think. As with any audit, whether it’s the IRS or Oracle, it’s always best to adhere to the official Boy Scout motto of “always be prepared”.
It’s important to remember that you are responsible for keeping track of the constant changes that Oracle makes to its licensing rules. Oracle does not issue notifications for any licensing policy changes or send you a newsletter with important updates.
The best way to avoid non-compliance fees arising from Oracle audits is to utilize proactive software license management practices, including regular self-audits and the use of experts to help you keep aware of the continuous changes to Oracle’s licensing rules, or any other software. Proactive management of software assets can reduce costs by avoiding both over and under-licensing. Average savings are usually about 30% the first year when a thoughtful IT asset management strategy is implemented, according to Gartner.
Being audited by Oracle can be an unexpected disruption to business activities, and the process can last well over a year. Penalty fees can reach upwards of millions of dollars. To achieve the most positive outcome, and resolve the matter in the fastest way possible, the best strategy is to closely monitor your assets, licenses and Oracle’s policies. If you are unsure of your situation, or have received an audit letter, contact a software license management expert as soon as possible, ideally before you respond to any audit letter.