What is an Oracle Audit and what does it mean for you?
Most software licensing agreements contain some form of audit clause. Vendors wish to protect against abusive use of their software and IP thus including an audit clause allowing them to audit their customers to check compliant usage is thus a great deterrent to keep organisations in check but also a great way to obtain financial settlement where it is due.
And when it comes to vendors, Oracle is known to whack out the audit whip and crack it quite often.
With the Oracle Audit Season on the horizon and some saying it has already begun, the aim of this article is to educate you on what an Oracle Audit is (in its many forms), the likelihood of being audited, what that ultimately means for your business if you were to suffer one and some helpful tips in general.
What is the Oracle Audit Season?
When organisations are found to be non-compliant, they ‘owe’ Oracle money, meaning 1) Oracle can gain additional revenue by finding organisations on mass who owe them said money or 2) use the non-compliance as a form of leverage, often within the context of agreement renewals or up-selling specific product lines.
Even though the audit season has no fixed date of when it begins, during the time leading up to their year end (May 31st) Oracle often ramps their auditing with the aim to improve its balance sheet with additional revenue before they close off the year — hence the Oracle Audit season.
Are you likely to be audited?
Well if we knew a finite answer to that we’d have probably started with it, that being said it is assumed that audits are conducted randomly, however the industry has noted it is typically triggered by change.
This is a common one across all vendors, if substantial change occurred which could incur non-compliance, this would certainly draw audit attention:
- Infrastructure refresh, migration or expansion
- Company growth, merger or acquisitions
- Non-renewal of maintenance or no change in license counts in-conjunction with said changes above
- Consuming/discussion of information regarding non-licensed products e.g. support tickets, webinars, trainings, certifications, potentially even social media etc. — if it implies something you don’t own is in use, the audit ears perk.
- Significant shift in technical strategy
- Creation or acceleration in ITAM programs
Typically organisations would be audited every 3–4 years in line with that of hardware lifecycles and agreement timelines however it can be upto once a year if you are unlucky.
We like to apply a similar thought process to that of a cyber security department, “it’s not about if, it’s about when”.
What does an Oracle Audit entail?
You will typically receive a notification letter from the Oracle LMS (Oracle License Management Services) team to inform you of the ‘audit’ or ‘license review’ for the friendlier term, and in certain situations the process has been started by account representatives under names similar to that of ‘license optimisation’ engagements, where compliance is still often calculated, being valuable information for the LMS team.
Please note that Oracle enlists certain 3rd parties to also conduct their audits on their behalf.
The notification normally specifies the specific entity and solutions within scope of audit, and that they have the right to audit with 45 days notice of such.
Once you assign a single point of contact for the audit engagement Oracle will ask that a set of scripts be run on your environment to ascertain the information they require on your usage. Whilst you do not theoretically NEED to run their scripts specifically and can use other tooling, it is often that the information gathered is insufficient and the scripts need running anyway.
Please bear in mind that an Oracle “Verified” tool is only “Verified” because it collects the raw data required for the LMS team to conduct an audit, utilising an Oracle “Verified” tool does not increase your chances of compliance, only speeds up the process in which an audit can be completed by LMS.
Once the LMS scripts are run you will receive some very obscure outputs:
- SQL queries produces .csv files in the double digits (11) packed with information
- CPU queries produces a FAT .txt file packed again with information per server
- FMW queries produces a CHUNKY .zip file per server
Whilst not being able to confirm definitively why the results are so obscure… organisations being audited are not able to interpret these easily, you can either enlist a licensing specialist or just upload it to Licenseware to analyse (obligatory sales plug — see how)
As per the terms of the license agreement, if found non-compliant for the deployment or usage of Oracle solutions, you are required to pay fees i.e. purchasing the required licensing, support and any backdated fees if they have been used over a certain period, requiring payment within 30 days. — this is where you can negotiate a bit however.
What can be done during or before an Audit?
Here you would expect the sales pitch… however we will actually give you some general advice along with a soft nudge in our direction… 😅
- Do an internal audit:
- Obtain deployment data via scripts or tooling — tool wise there is a number on the market which can gather deployment data, not all can show exact usage, or contact us for our scripts 👍
- Obtain infrastructure data — again tooling or scripting can be used for this, you need to know what is deployed and on what to calculate license requirements.
- Obtain licensing requirements by applying Oracle licensing metrics and rules against the above data sets via manual analysis (IF you have the expertise, this will take time) or utilise a specialist or automated tool to analyse.
- Obtain your entitlement data from your contracts and apply this to your requirements.
- Position is understood.
- You can optimize costs here also or a create a method of doing so, this can aid in negotiation.
- Stay close to your account representatives at Oracle:
- If they are happy, it’s likely they won’t try a fast one
- Make sure you seem confident in your licensing decisions to not raise concerns
- Be wary of what was mentioned on drawing audit attention
- Speak with external specialists
- Gain independent advice on your situation or pay for an audit to be conducted
- If you have the LMS Scripts or other data sources, automate the analysis.
- Check this at least once a year!
- Do an internal audit, but faster…
- Be helpful and keep communication with Oracle
- Do not share data without checking it first
- Seek help!!!
- Plus more but can’t give away all our goodies now can we 😉
How can Licenseware help?
You may have seen a few links above and gained an understanding, however in short Licenseware has built automated Oracle analysis apps that can take data from multiple sources to derive Oracle Licensing positions fast and at low cost: