Important Questions to Ask During an Oracle License Audit
Some Oracle customers are not aware that by simply installing an Oracle program (even if it is never used), you agree to the terms and conditions of Oracle’s license agreement.
During an Oracle Audit or compliance review, the software publisher is looking for violations of the license agreement and will leave no stone unturned in ensuring that you comply.
The audit process will generally be managed by Oracle’s License Management Services (LMS) department and may involve third parties (LMS partners), who perform the audit on Oracle’s behalf.
During the audit, you will be asked to complete an Oracle Server Worksheet (a spreadsheet) with details of your organization’s IT infrastructure and you will likely be asked to run scripts on your servers to retrieve data that Oracle will want to analyze.
If you are selected for an audit, Oracle may already have information that suggests your organization does not have all the relevant licenses. As part of the audit results process, you will receive a report, which requires you to purchase the missing licenses so that you fully comply with the Oracle terms and conditions.
Obtaining the requisite licenses should end the matter but before committing to anything, it is advisable to seek external assistance from an Oracle licensing expert. You should ask some questions of your own.
The following are the most important questions to ask during an Oracle license audit…
TOP POSTS → How to Survive an Oracle License Audit and Manage Compliance
Why is Oracle auditing our organization?
If you have not been audited by Oracle for more than three years, the chances of receiving an audit notification increase with each passing month.
You are also more likely to be audited if you opted out of an Oracle licensing or cloud solution, informed Oracle that you were not interested in meeting or new “projects” requiring more Oracle software, or declined to renew your Oracle agreement.
In addition to these fairly common situations, the following are the most common reasons for companies to be audited by Oracle:
- You have Old License Metrics or NUP licenses (Tech)
- Your organization has merged with another company, making one or both of the organizations non-compliant according to the license agreements
- You have refreshed hardware, which changed the licensing requirements
- You use virtualization technologies (VMWare)
- In support tickets logged with Oracle, you describe using features that aren’t licensed
- You were non-compliant in the last license audit
Do we need to respond to an Oracle LMS Notification Letter?
Yes, and there is a limited amount of time in which to do so. It is usually not a good idea to ignore the letter.
Are Oracle audits ever cancelled?
Some Oracle customers have been successful in having their audit delayed or postponed indefinitely, but this is extremely rare. If you have been selected for an audit, do not make any major software purchases before having an expert examine your Oracle environment.
Can we request a postponement of an Oracle audit?
As per the terms of Oracle’s license agreement, an audit should not unreasonably interfere with normal business operations. Therefore, if you can justify a postponement for a few months, you are within your rights to request it.
After receiving an audit letter, what’s the first step?
The first thing you should do is to read your contract. Oracle does not have the right to audit every company that uses its software and you need to make sure that it is within its right to audit you.
If you cannot locate a copy of your Oracle OMA or OLSA agreement, contact Oracle for a copy, along with a copy of the ordering documentation.
Assuming Oracle has the right to audit us, what’s the next step?
If your contracts say that Oracle is within its rights to audit you, start by negotiating a nondisclosure agreement (NDA) with Oracle.
What’s covered in the kick-off meeting with Oracle?
Oracle’s preference is usually to schedule a “kick-off” meeting with the company it is auditing. Typical topics to cover include the project plan, sharing scripts, and agreeing to dates for the data to be submitted to Oracle.
However, before agreeing to anything, you should consider nailing down and negotiating the following:
- The business entities included in the audit
- The scope of products included
- The timeline of the audit
- How the audit will be conducted – will there be onsite visits?
- The tools/output that Oracle will request
- The possibility of supplying data manually if you don’t want to use the Oracle Audit Scripts
This establishes the parameters that Oracle has committed to and which they should not overstep during the upcoming audit.
TOP POST → Licensing Oracle Software in a Third Party’s Cloud
Should we allow Oracle to audit our subsidiary?
With some global companies, Oracle requests to audit subsidiary companies of the main organization. In many instances, you may not be legally required to agree to such a request.
What steps should we take internally before the audit?
It is a good idea to always be prepared for your Oracle audit. It is especially important to understand whether there is a “gap” between the licensing you have and the licensing you should have. Nearly all audits illustrate a lack of compliance simply because the company is not aware of Oracle licensing and contract policies – not because the company is intentionally using software non-compliantly.
Many of the issues can be resolved with better knowledge of the licensing requirements and by performing a pro-active license review internally.
Should we purchase licenses to cover a shortfall before the audit begins?
No, it is best not to make any purchases during an Oracle audit until you receive Oracle’s audit findings.
How do we work out the extent of our compliance issues?
If your team is struggling to determine whether there is a delta between installations and appropriate licenses, the best way to assess what your potential expsoure may be is to seek external assistance.
For instance, our team can often analyze the Oracle audit scripts once you have run them. If you provide the data to us before Oracle, we can identify the shortfall and the potential fees involved to correct it.
TOP POSTS → Software Audits: The Importance of Timely Completion of Post-Settlement Obligations
Should we be worried if we have made no changes since the last Oracle audit?
In our experience, it is extremely rare for an organization to make no changes to the environment in between Oracle audits. Even if you received a clean bill of health during the last Oracle audit, if there was not a proper release of liability, Oracle may try to revisit old installations.
What are the biggest mistakes to avoid during an Oracle audit?
The biggest mistake that organizations make is a lack of complete understanding of the organization’s licensing obligations.
Another error is giving data to Oracle before having it analyzed thoroughly themselves.
An audit will involve key members of your in-house Oracle team but by taking the extra step of enlisting the help of experienced counsel, you can reduce the risks related to the purchase of unnecessary licenses that waste a lot of money.
TOP POST → Litigation Risks of Ignoring Software Audits
Over the years, Scott & Scott LLP has helped more than 250 organizations navigate the complexities of the software audit process.
To learn more about how we can help you, contact rjscott@scottandscottllp.com.