Oracle License Audit Protection Strategy

Received a letter from Oracle License Management Services?

Consult our Oracle License Audit Protection Strategy for your next steps.

Received a letter from Oracle License Management Services?

Consult our Oracle License Audit Protection Strategy Guide for your next steps.

Summary

It is common for companies like Oracle to initiate an audit. The requests are often unexpected and unprepared for.

Don’t panic – Xynomix have put together an easy-to-follow guide to help your business navigate its way through the process.

From receiving the audit request letter, to implementing a plan that will see you safely through the process, Xynomix will be with you every step of the way.

We’ll identify the possible reasons for the audit request and guide you through the process and mitigate any undesirable outcomes.

Why Xynomix are the Oracle Experts

Xynomix provide enterprise-grade database services, from dedicated consultancy projects to managed services, ensuring that critical business data is always available.

We’re renowned for delivering the best database consultancy in the market with unrivalled retention and satisfaction rates. Xynomix also works closely with a host of elite global technology partners.

FAQ

Can Oracle just request an audit?

Legally, yes they can.

They own the intellectual property rights to the software that you are using, in the same way that Microsoft and IBM own the applications many companies use. Your company’s use of Oracle is facilitated via a license, similar to leasing a product. As such, they are entitled to ensure the appropriate and compliant use of their product to protect their intellectual property at any time.

Oracle audit reviews are not random; they typically occur every 3-5 years, which can coincide with a company’s system refresh. Oracle know that their customers can often let license renewals slip, change the business structure or expand their internal systems.

The Software Licensing Agreement (SLA) will clarify that Oracle have a legal right to request an audit as and when they see fit, to oversee the product’s appropriate use. The license agreement acts as a contract between your company and Oracle, setting out that audits can and will take place at Oracle’s discretion. The license will also advise you on your duty as a customer for compliance, what will be expected from you during an audit and the time frame in which you need to respond.

FAQ

Why would Oracle request an audit?

The driving force for Oracle when it comes to audits is to ensure compliance with the Service Licensing Agreement (SLA).

In our experience, when audits are carried out, they will often uncover that Oracle’s usage is not true to its license and therefore, can review the cost of the product for the needs of your organisation. Misuse of an Oracle license is a common occurrence and is often done without intention.

Business needs and structure can change over the course of time and the impact on software use is not always considered in the planning; therefore, without audits or reviews Oracle are missing out on revenue potential. It is in Oracle’s interests to look for opportunities to begin an audit.

FAQ

What can trigger an Oracle audit?

The common triggers for an audit are as follows:

Mergers, acquisitions or divestitures of legal entities – all of these changes can lead to an increase in servers or a system refresh.
Enquiries inadvertently made by members of your business team –perhaps regarding licensing details.

Previous Oracle audits – if Oracle have audited a customer in the past then they will conduct follow-up audits to ensure that the customer is still compliant. This could be as frequent as three to five years.
A license review may have been requested by a member of your team – to ensure that software is up to date and being used correctly. A “license review” is a friendly term for an audit.

So, what happens now?

We have established the reasons and triggers for your impending audit. So how do we manage the process effectively?

Is it a pre-audit or a formal audit?

Pre-audit

It is not unusual for an Oracle Audit Manager to recommend an audit to close any potential gaps in your licensing. This recommendation is known as a pre-audit. At this point, you are not about to have a full formal review.

Formal audit

Formal reviews will always begin with an official letter from the Oracle License Management Services (LMS) or Global License Advisory Service (GLAS). Only LMS or GLAS are able to tell if you are licensed correctly.

It isn’t uncommon to receive letters from other departments within Oracle, or other letters from the License Management Services department, but these will not always be to notify you of an impending audit. However, it is important to respond to any requests or enquiries and take any necessary action, as these can be a precursor to a formal audit.

If it's a formal audit, what happens next?

Once you have clarified that Oracle License Management Services intends to conduct a formal audit, you must comply. Xynomix can provide support, advice, and assistance with your engagements with Oracle. We can also provide technical support and explain the next stage of the process.

We’ve put together a six-step Oracle License Audit Protection Strategy to ensure that your audit is managed correctly.

STEP 1

Oracle have requested an audit

When your letter arrives from Oracle with the audit demand, it is strongly advisable to seek the help of a professional Oracle expert.

They will help you establish the following:

When your letter arrives from Oracle with the audit demand, it is strongly advisable to seek the help of a professional Oracle expert.
Non-compliance is often accidental or unintentional, so it’s best to have your Oracle expert identify whether you have inadvertently breached the terms of your license. Xynomix will help identify any areas of non-compliance.
If you are non-compliant, it is important to understand the likely cost and time considerations and whether any leeway is possible. It is
important to have done this step before responding.

STEP 2

Gather a strong audit team

Before the audit process can begin, you need to gather an excellent team together. In many organisations this typically includes: members of the legal team, the IT department and some of the highest-ranking senior executives

Amongst these professionals, it is imperative that a member of the team or consulting member of staff has extensive knowledge of Oracle licensing agreements and how Oracle operates during an audit. If there is no such person within the organisation, it is strongly advisable to call in an Oracle expert like Xynomix.

Having the help of a skilled and knowledgeable Oracle expert is extremely useful from the beginning when using Oracle licensed products. When making the initial agreement, a Xynomix Oracle expert can negotiate the best terms and conditions on your organisation’s behalf.

Although outsourcing comes at an additional cost, the presence of a professional Xynomix expert will save you money in long run by setting up the best possible arrangement with Oracle and helping to ensure a smooth audit process.

STEP 3

Get your documents in order

At the start of the review, it will be necessary for you to gather all ownership documents together, including the SLAs, renewals and purchase agreements to show that you are the rightful owners.

Oracle will always request this documentation prior to starting the actual audit process.

STEP 4

Conduct your own audit

Prior to the formal audit, it is wise to have a close look at your licensing situation with your chosen team and Xynomix expert. Ensure that you are completely up-to-date with your Oracle license agreement, including any gaps in your cover. This process should match Oracle’s audit process as closely as possible to prevent any nasty surprises.

Limit access to applications to authorised personnel only and clarify restrictions of the licensed product use in terms of number of users. The employment of a Xynomix Oracle consultant will be of great value to you at this stage of the process.

STEP 5

Evaluate the results of your self-audit

Once a self-audit has been completed, a full evaluation of the result will be required. At this stage, you must account for any business changes that could impact your Oracle SLAs.

Are your current organisational procedures compliant with these SLAs? Non-compliance and violation issues are common because business changes can affect your Oracle license. This must be prioritised in your
self-audit.

However, it is equally important that you also focus on any possible challenges or confusions.

Potential violation
areas could be:

Test servers – taking software from new development to production without extending the license.
User metrics, overcounting of the same
user during an audit is common.
Transitioning all or a portion of your international
solutions to a Cloud services or Third party hosting site.
Software or hardware updates.
Disaster recovery process.
Backup and restore processes.
Internet access.
Transfers of data to and from a system.

Unplanned use of options to packs to which licenses were never purchased.
The impacts of upgrading from SE1 to SE2.
Use of proprietary application hosting (Apps
used by your client).
Geographic expansion.
Use of server virtualisation (VM Ware).
Merger and acquisition change.
Correct novation of licenses.
Naming subsidiaries and associated companies.

A note of caution

The Oracle Technical white papers differ from the Oracle licensing terms. Be cautious about comparing your license compliance to the technical white papers. The phrases used by Oracle such as failover, standby and back-up have different meanings depending on whether they are related to the Oracle technical teams or the Oracle licensing teams.

You can use Oracle policy documents as a guide during your audit, but these are not from a technical viewpoint and advise only on licensing. For example, the term “failover”, which is an industry term, actually has the description of the standby data recovery method when talking in terms of software licensing. The licensing requirements of failover and standby data recovery methods are very different.

Having a Xynomix expert on board can ensure that you prevent any confusion regarding the white papers and Oracle terminology.

STEP 6

Devise a plan

An audit will frequently highlight noncompliance, and sometimes a second audit will pick up on something that was missed in a previous audit.

If the audit discovers non-compliance, Xynomix will work with you and Oracle to drive the best outcome for both parties. Oracle will pursue any non-compliance!

Formal audits can be difficult and lengthy without an Oracle expert on your team. There will definitely be areas where you’re under-licensed and often times where you’re over-licensed. With Xynomix on hand, we can negotiate with Oracle on your behalf over any identified issues.

Oracle does have some discretion with what it finds is compliant and noncompliant, and it can vary from business to business and audit to audit. terms of software licensing. The licensing requirements of failover and standby data recovery methods are very different.

Having a Xynomix expert on board can ensure that you prevent any confusion regarding the white papers and Oracle terminology.

Conclusion

As you have learned from our comprehensive guide, Oracle audits can come at any time, but if an audit has not been triggered before, you can expect to receive a request every 3 to 5 years. As the old saying goes “if you fail to prepare, you prepare to fail”.

From time to time Oracle will make changes to licensing rules and as a license holder, you are obliged to monitor and keep up-to-date with those changes. Unfortunately, you will not receive regular updates from Oracle about their changes. The best way to protect your organisation moving forward, is to regularly review all of your software license management policies and processes.

At Xynomix we can conduct regular selfaudits and make sure that you are kept abreast of changes to licensing rules or any other changes. Your organisation could be making savings of up to 30% in the first year. This is typically the saving reported by other companies using this proactive method.