Oracle Software Audit
When your company installs Oracle products, it must agree to a set of terms and conditions for using the software.
Although there are many different licensing agreements for the use of the software, one of the primary agreements is called the Oracle Master Agreement (OMA). It is complex, detailed, and it can change on short notice.
In addition to laying out the terms and conditions of usage, the OMA also provides that Oracle has the right to perform an audit of your software usage.
According to Gartner, Oracle is the second most likely software vendor to audit within 12 months.
If you are selected for an Oracle software audit by Oracle’s License Management Services (LMS), it can be quite an intimidating process if you do not know what to expect.
Scott & Scott can help you understand:
- Why you may be audited
- The audit process, including what happens during an audit
- What to do if there is a dispute following the audit
Read More → Oracle Audit Risks
Read More → 3 Actions Oracle Customers Should Take at the End of a ULA
Why did your organization get selected for an Oracle license audit?
It can be difficult to predict exactly what will trigger an Oracle software license audit. According to the company, it is essentially a random process.
In reality, most audits are initiated:
- From Oracle’s Sales organization; or
- From Oracle’s LMS department
- At the conclusion of an Unlimited License Agreement (ULA) term
Your Oracle sales representative may highlight instances of potential non-compliance to trigger an audit.
Alternatively, the LMS department at Oracle may suggest an audit if they feel that the cost of performing it is justified.
Some potential reasons for an Oracle license audit include:
- A company with end-users using old license metrics
- A sudden change in software spend
- A change in employee numbers without added software spend
- Company divestment, merger or acquisition
What happens when a company gets audited by Oracle?
If you are chosen for an Oracle software audit, the external audit costs involved are met by Oracle.
However, the manpower, time, and materials costs to an audited organization can be significant. You are required to provide Oracle with the information that they request and are responsible for all of the associated costs.
Your internal Oracle team be informed of the impending license audit (and its scope) in writing, at least 45 days in advance.
Typically, Oracle will include software such as the following in the audit:
- Oracle Database (including Database Options and Database Enterprise Managers)
- Oracle Application Server
- Weblogic and Tuxedo
- E-Business Suite
- Siebel software
- JD Edwards software
- Agile/Autovue programs
Your organization will be asked to nominate a single point of contact for the Oracle consultant to liaise with during the audit.
The audit itself will be performed by an Oracle LMS team member, who may be supported by third-party partners.
You are required to complete a spreadsheet (Oracle Server Worksheet) that details your IT infrastructure and Oracle use throughout the environment.
You may also be asked to run scripts on your servers to aid the audit team in retrieving and analyzing the information they require.
This is called the Oracle LMS Collection Tool (LMS tool) and more information about this is provided below.
The duration of the audit will depend on a number of factors, including the complexity of your corporate structure, system environment, and contractual arrangements.
At the conclusion of the audit, you will receive a final report detailing the findings of the audit team and highlighting your license compliance status.
What are the consequences of receiving an audit report from Oracle showing alleged deficiencies?
After an Oracle software audit, you may be informed of the requirement to purchase new licenses in order to comply with your agreement.
When Oracle believes your organization is not compliant, you may also be required to pay fees associated with the use of this software – without any discounts. You may also be charged for prior maintenance and support fees.
In many cases, your agreement to purchase these new licenses and support maintenance fees within 30 days is sufficient. The process will end there.
However, failure to allow a license review or to purchase the relevant licenses following a review may mean that the case is turned over to Oracle’s legal department.
If you do not cooperate fully with an audit, it will be treated as a breach of your agreement and legal steps may be taken against you, including termination of the organization’s licenses to use Oracle’s software.
In such cases, because of the complex nature of agreements and audit disputes, you should consider legal representation to defend your organization.
What is the Oracle LMS Collection Tool?
The Oracle LMS collection tool is a set of scripts that the Oracle License Management System team may request you to install and run during your license review.
These scripts detect and collect usage data for any Oracle Software running on Windows or Unix/Linux servers.
The scripts help Oracle identify instances where software usage may exceed the granted license rights.
In some instances, organizations can object to using Oracle’s scripts and proceed with an alternative data collection method.
Conclusion: How should you approach an Oracle audit?
It is imperative to understand what your Oracle license agreement contains. Be careful before signing it or otherwise accepting its terms.
When you first deploy Oracle software, you should look to negotiate clear and suitable terms upfront.
If you are audited, it is advisable to get legal advice as there have been some high-profile cases of Oracle requesting information that they were not entitled to request.
You will also require technical assistance with understanding and analyzing the raw data uncovered by the LMS tool and with analyzing the audit report that Oracle provides.
Scott & Scott LLP provides a free 30-minute consultation for organizations facing an Oracle audit.
We can discuss your unique situation and start preparing for the audit process or for challenging the findings of an Oracle audit.