“Curses! Foiled Again!” Doing Right for our Oracle Audit Defense Customers
Nathan Biggs (@nathanbiggs), CEO
When I was a kid I watched a lot of cartoons. This was before YouTube and social media, so that’s just what we did. One of the cartoons that I watched was the Rocky and Bullwinkle Show. They had an occasional cartoon of a dastardly villain named Snidely Whiplash that would run around with Vaudeville music playing and tie up women and men and put them on railroad tracks to be run over by oncoming trains. The (sometimes bumbling) hero was Dudley Do-Right. He always tried to do the right thing, and invariably saved the innocent people from danger. Dudley frustrated Snidely Whiplash who would then utter his famous phrase, “Curses! Foiled Again!”
Sometimes it can seem like Oracle is running around like Snidely Whiplash indiscriminately tying people up with Oracle audits and throwing them on the tracks of the oncoming train of non-compliance fees. The only thing missing is the Vaudeville background music.
So, we at House of Brick try to be a little like Dudley Do-Right (without the bumbling, of course) and do the right thing for our audit defense clients. Since we are not an Oracle partner, and do not have any duty of loyalty to them, we have built a long history of success by making certain that our clients are treated fairly during the audit process, and by ensuring they do not pay fees that they do not actually owe.
Typical Audit Triggers
For those of you out there who may be wondering what types of activities could trigger an Oracle audit, let me share with you a few of the things that we have come across in our successful audit-defense history. Below are the most prevalent audit triggers we have encountered:
- VMware Usage – Oracle loves to make claims about licensing their software in a VMware environment, which are not contractually based. If anyone at Oracle hears that you are migrating onto VMware, you are likely on the shortlist for an audit.
- Considerable Growth or M&A – It appears that Oracle pays attention to news and financial filings, and uses that information to track whether you have been experiencing growth, or perhaps have been involved in a merger or acquisition. We have frequently heard Oracle claim, “We think you should have more licenses for a company your size.” This is an indicator that an audit is coming.
- Rejection of an Oracle Sales Proposal – The Oracle sales reps who you deal with are (understandably) trying to make sales and meet their quotas. Sometimes however, you may have a rep say something like “I heard that you are on the list for an audit. If you make this purchase, I can probably make that go away.” Not surprisingly, rejecting their proposal will likely trigger an audit.
So, Should I Try to Avoid an Audit?
Some people out there are so afraid and intimidated by the prospect of an Oracle audit, that they are willing to pay outsized fees, or operationally cripple their Oracle environment merely to avoid the exercise.
I was talking to the CIO at a very large company once, and asked him when was the last time they were audited by Oracle. He declared, “We do not get audited by Oracle because they are a committed partner of ours.” I responded that it was our experience at House of Brick that companies that are not being audited are generally paying too much money every year, and so Oracle leaves them alone. He vehemently rejected that notion, and told me that they had a great working relationship with Oracle. I told him how great that was, and moved on in the conversation. For the rest of the discussion, this CIO did not say a word. At the end of the call, he came back on the line and said, “I have been thinking about this the whole time, and you are right! We are paying too much money to Oracle. Can you help us?”
Our answer was yes, of course we could help them. Once we began our assessment, we quickly identified tens of millions of dollars of unneeded expense that could be trimmed from their Oracle budget. The client was thrilled, and their right sizing of expenses was validated when they received an audit notice from Oracle.
Avoiding an audit with Oracle is not necessarily a good thing. As was the case with our client in this story, if you are not being audited there is a good chance you are paying Oracle too much money and that is why they are leaving you alone.
So, What Can You Do?
Preparation is the best thing you can do if you anticipate an audit from Oracle (and you should). Here are some suggestions for items to consider when preparing for an audit:
- Educate Your Organization—Make sure that all key people in your organization are educated on Oracle licensing, and on the process of preparing for (and defending against) an Oracle audit. Establish communication procedures and other processes to ensure that confidential information is not leaked to Oracle.
- Review Your Agreements—Do you know where your Oracle documents are located (agreements, ordering documents, amendments, etc.)? Review these files in order to better understand your contractual rights and obligations. Also become familiar with the typical claims Oracle makes that are not contractually binding.
- Perform an Internal Audit—Compile all of your license entitlement and document all of your Oracle usage, then compare the two to see if you are in compliance. This will give you some peace of mind that you are ready for an audit notice. We recommend conducting this review annually.
- Validate Your Oracle Environment—If you are running on VMware, then make sure that the VMs cannot automatically move to an unlicensed environment. Ensure proper containment mechanisms are established.
- Conduct Ongoing Compliance Monitoring—Regular monitoring of compliance, including vMotion history, Oracle database feature usage, and other key elements can identify risks before they become a problem.
House of Brick Can Help You Do Right
None of our customers want to cheat Oracle, and everyone wants to do the right thing. They just don’t want to feel like they are being bullied. House of Brick can help you do right by your company while meeting your licensing obligations. Below are some services we provide that can help:
- Audit Readiness Evaluation – We spend three days on site with you to provide the education and preparation you need. We also evaluate your readiness for responding to an audit, and provide you with recommendations for further actions.
- Internal License Assessment – This is like a full internal audit. We review and compile your license entitlement, and evaluate your usage of Oracle software. We then provide you with an assessment of your current-state compliance.
- License Optimization – Many customers have unused licenses in one area, while being deficient in another. We review architecture and license usage and make recommendations for how to get into compliance, and even reduce annual expenses.
- Audit Defense – When the audit notice comes, we provide full-spectrum defense of your position. This includes working with your legal team to evaluate strategies, validate findings, and provide draft communications at each step in the process.
- Managed License Support Service – With this option, we combine all of the above with unlimited audit defense, and add our proprietary compliance monitoring to give you the most active and expert defense of your license position.
The bottom line is that you do not have to be intimidated by an Oracle audit. Education, preparation, and validation are key during an audit and House of Brick is here to help you do right every step of the way.