Why is 2025 important for Oracle audits?
Oracle seems to be doing very well according to their quarterly financial statements. But, if you study these statements carefully and also , a couple of aspects come out very clearly:
- There is no growth in license fees.
- There is growth in SaaS and IaaS but not in PaaS.
Oracle’s core business is license fees and the continuity annuity achieved through the sale of initial licenses.
The de-growth in license fees will force Oracle to increase the license audits in 2025.
Guide to Oracle Audits
This blog article will answer the following questions:
- What is an Oracle audit?
- What are the types of Oracle license audits?
- Who can conduct Oracle audits?
- What is the formal Oracle license audit process?
- What are the reasons for license non-compliance?
- What is the Oracle audit process
- What are Oracle’s remedies in case of license non-compliance?
- What happens if a simple resolution is not found for resolving non-compliance?
- Which products will Oracle audit in 2025
- What are the Oracle license audit triggers?
- What are the major compliance issues in an Oracle audit
- What is the commercial exposure after an oracle license audit
- How to prepare for an oracle audit
What is an Oracle license audit?
An Oracle license audit is a comprehensive assessment of Oracle software programs deployments and usage in a company’s IT environment.
The activities in an Oracle license audit are:
- Conducting an inventory of the Oracle landscape: Conduct a thorough inventory of all Oracle software and hardware assets, ensuring accurate records. This is carried out by running scripts to get information about the installations and usage of Oracle software on the servers and endpoints (for some specific Oracle software).
- Analyze Usage Patterns: Pinpoint actual software usage, comparing it against your licensing agreements.
- Identify Licensing Gaps: Highlight any discrepancies between your current license entitlements and actual consumption, providing actionable insights.
- Assess Internal Controls: Evaluate the effectiveness of your internal controls for managing Oracle licenses, identifying potential vulnerabilities.
What are the types of Oracle license audits?
Oracle audits can be formal, informal, or even casual. But they are not random. Below are some descriptions of Oracle license audits & their stages.
Informal or Soft Audit
- A seemingly friendly ask by Oracle salesperson on your architecture or deployment or to advise you on your Oracle footprint.
- Most customers look up to Oracle salespersons as go-to sources for Oracle technical information forgetting that his/her only job is to get revenue from their set of accounts. The sales reps are compensated for delivering against stiff sales targets. This financial incentive makes the conversation of an Oracle sales rep highly suspect.
Formal Enquiry
- An email or letter from Oracle’s LMS team to educate you on Oracle licensing.
- You might receive a note from Oracle’s license management team stating that they would help you understand Oracle licensing. The acceptance of such an offer could lead to a detailed discussion that opens you to a more formal audit notice.
A formal notice for audit.
- When a friendly discussion to purchase more licenses fail, it is customary for Oracle to send a formal notice for an audit. This has a contractual binding.
Who can conduct Oracle license audits?
Oracle LMS
- Oracle License Management Services (LMS) is the established authority on Oracle licensing policy.
- No other department within Oracle has a pre-established authority to conduct license audits on customers.
Oracle SAM Verified Partners & Joint Partner Engagement (JPE)
- Oracle has, recently, begun to approve and engage specific partners to conduct Oracle license audits on their behalf. These partners are authorized by Oracle LMS.
- These partners are compensated by the sale of licenses if the customer is non-compliant.
What is the formal Oracle license audit process?
Oracle License Management Services is the established authority on Oracle licensing policy. Their job is to validate the compliance position of your Oracle deployments, identify license violations and correct them by purchase of licenses where necessary.
A formal Oracle LMS Audit goes through the following stages:
- A formal notice for an audit or a correspondence discussing the measurement of your deployment.
- A declaration of usage by the customer through the update of an MS Excel spreadsheet.
- Deploy tools to gather installation and usage data.
- Analysis of the gathered usage data.
- Inform you regarding the deployment & usage of audited products in your network.
- In case of non-compliance, collaborate with the sales team internally within Oracle to submit a commercial proposal that will correct the license gap through a negotiated purchase.
What are the causes of non-compliance?
Non-compliance to Oracle license policies results from a lack of insight into a customer’s software, hardware, and business application environments.
The contributing factors are:
- Growth of the business in terms of increased workforce through recruitment, acquisitions, or mergers that result in increased usage volumes
- Installation of unlicensed software
- Misinterpretation or lack of understanding of Oracle’s licensing policies, contract entitlements, and license agreements
- Changes to the IT hardware environment such as the incorporation of additional servers or processors
- Implementation of new software products or new business applications
- Businesses operating with an assortment of license metrics (both obsolete and current metrics) are at additional risk of being licensed incorrectly. New technologies may not suit older license metrics, and this can impact licensing status and potentially create a compliance risk.
What are Oracle’s remedies in case of license non-compliance?
If Oracle Corporation identifies a license violation, it will provide written notification of the violation to the noncompliant organization and generally will allow thirty days for obtaining the appropriate licenses or otherwise correcting the violation. Oracle LMS and the sales team will assist the customer or partner in obtaining the additional licenses allegedly needed.
According to Oracle, the license compliance shortfall may be corrected in one of the following ways:
- Through the purchase of sufficient licenses and associated support to cover the compliance shortfall.
- Payment of backdated support may also be assessed for the period of unlicensed usage.
- If the customer removes the Oracle software, or reconfigures their hardware environment, a term license and associated support can be purchased to cover the period of unlicensed usage.
What happens if a simple resolution is not found for resolving non-compliance?
If a business resolution cannot be obtained, the resolution will be escalated to the appropriate authority through Oracle’s Legal department.
The formal remedies open to Oracle include, but are not limited, to:
- Charging full list price for additional software licenses required to correct the license violation
- Charging technical support fees for the period of unlicensed use of the software
- Suspension of technical support service and software updates, where applicable
- Termination of the license agreement and associated licenses
- In case of non-compliance by an Oracle partner, cancellation of OPN status and sublicense rights.
Which customers does Oracle audit?
As discussed earlier, Oracle license audits are not random. The customers are targeted to get in more revenue. Some reasons for a potential license audit are:
- The customer has not spent any money on fresh Oracle licenses for 2 – 3 years.
- There was a change in sales territory allocation within Oracle and the customer is assigned to a new sales rep.
- The customer’s business is growing and the IT team is investing in non-Oracle technologies & applications.
- The customer has been audited by another publisher.
- There has been a merger or acquisition in the recent past.
- The customer is using E-Business Suite.
- The customer has purchased new hardware in the datacenter.
- The customer is using VMware, Nutanix, or other virtualization technologies or appliances.
- The customer decides to certify, rather than renew, a ULA.
- The customer has put in a question in a support request about a product that is not purchased.
Oracle ULA and License Audits
- While, according to Oracle, the Oracle ULA is sold as an easy to manage and all-you-can-eat license agreement, it is actually one of the costliest Oracle license procurement contracts.
- We have seen Oracle license audits at the end of the ULA term to be amongst the costliest purchases for the customer.
- We have seen that Oracle uses the ‘dangling-sword’ policy of the Oracle license audit to force customers to renew Oracle ULAs.
Oracle Java and License Audits
This is the newest bugbear of customers globally.
From January 2019, Oracle changed the licensing policy around Java. And, again in January 2023, Oracle java license changed with the new licensing metric for Java. From a predominantly ‘free’ Java for most use cases, Oracle Java has been migrated to a largely commercial licensing model. This has given rise to potential license non-compliance risks and brought in a new revenue stream for Oracle.
Customers who do not get themselves prepared with visibility of Java deployments and a proper understanding of its licensing are being forced by Oracle to pay huge subscription fees for Java.
What is the commercial exposure after an Oracle license audit?
- We have not found even one Oracle customer who has been audited by Oracle to have a fully compliant license deployment.
- Amongst the customers we have encountered, the license revenue ask by Oracle after completing an audit has ranged from $500,000 to $120million.
- The size of the Oracle deployment has not been the basis of the quantum of non-compliance. We have had customers running just a couple of Oracle database instances having an alleged non-compliance exposure of US$3m.
- We have worked on more than 260 Oracle audit customers since 2016.
What are the main products / agreements / customers that face an Oracle license audit?
- Oracle Database
- WebLogic Server , SOA Suite
- Java
- Oracle ULA
- E-Business Suite
- Form & Reports
- Siebel
How can we help in Oracle license audits?
- We are firm believers in license compliance, but…
- But, equally, we are firm believers that a license audit should be investigated in detail.
- And, the findings of the Oracle license audit should not accepted without a complete understanding of your contractual rights & obligations.
- And, most importantly, we have also realized that Oracle, like many other publishers, makes a large number of mistakes when they report audit findings to customers.
We take the following approach to Oracle audit defense:
- Deployment Assessment
- We conduct an audit of your deployed Oracle estate. The data gathering is comprehensive and gives information on the installation and usage of Oracle products and specific features.
- In case there is a report from Oracle, we compare our audit findings with those provided by Oracle for accuracy
- Contracts Analysis
- We study your contracts – the OMAs, OLSAs, ODs, email or letter correspondence to understand customer rights and obligations.
- Our experts will analyze the audit reports & contracts to understand the exact compliance gap if any. Our experts understand the potential loopholes or mistakes in Oracle conducted audits.
- Defense Strategy
- We will recommend the correct approach and strategy to counter Oracle’s claims that may be incorrect.
- We will recommend the lowest possible bill of materials that you might need to purchase from Oracle to correct the non-compliance gaps.
Are tools useful for Oracle discovery?
- The tools available for Oracle license audit discovery are: Flexera, Flexera/Snow, ServiceNow SAMPRO, USU Aspera etc.
- Unfortunately, what we have seen, none of these tools alone can give you the correct answer to a question on Oracle license compliance. In fact we have seen each one of them give wrong advise when it comes to the finer aspects of Oracle licensing.
- In fact, this is the reason why Oracle does not accept the analysis of these tools. Some of the verified tools are accepted for data collection, but not for data analysis.
Oracle license audits are a very complex mixture of raw data discovery, software contract terms and conditions, software consumption situations, third party sublicensing agreements and rights/obligations connected to multi-Oracle product procurement. As of today, no tool can provide insights into all these aspects.
Can Oracle partners help in license audits?
On this point, we have an unequivocal answer. The answer is NO.
All Oracle partners are dependent on Oracle for revenue. This may be through license reselling or through implementation contracts. Oracle partners have no incentives in decreasing the commercial exposure of a customer – they would rather work with Oracle to get this revenue and additional consulting/support services revenue.