An Oracle audit is when Oracle invokes their contractual privilege to “audit Your use of the Programs to ensure Your use of the Programs is in compliance with the terms of the applicable order and the Master Agreement.” (Oracle TOMA, Schedule P, Section 8).
The audit is invoked when a representative of Oracle License Management Services (LMS) or Global Licensing and Advisory Services (GLAS) sends a letter to the customer’s contractual contact informing them of the audit, and providing other details of the audit process. This audit letter may or may not contain all of the pertinent information about the audit, or the customer’s rights and obligations, but it does signal the start of the formal process.
Some customers try to avoid an Oracle audit, believing that an informal review process will be less risky. Most times the opposite is true. The license agreement provides the customer with certain rights that are important to maintain in ensuring that the process is a true reflection of license compliance, instead of a sales process that tries to extract more revenue than is required.
With the understanding that audits are less about compliance, and more about Oracle revenue generation, the reason a customer would be on an audit list is if Oracle felt they were not receiving enough revenue from that customer. This could be based on size of the business compared to the Oracle usage footprint, or platform factors such as virtualization or cloud usage.Â
A formal audit only comes with an audit notice. Many times, Oracle sales personnel will offer a “license review” that is intended to be a strictly informational benefit to the customer. This informal review may even involve LMS or GLAS audit personnel in the process. Customers have reported to us that they have been assured by the sales reps that there is no obligation to purchase licenses if a deficiency is found. This, of course, is a specious assurance. If any deficiency is found, the sales reps will provide high-pressured, time-limited proposals for resolution, without giving the customer any time to independently validate the results, or attempt to remediate spurious or unintended problems.
Â
The sales reps prefer to do an informal license review as opposed to a formal audit because they typically are concluded in much less time, resulting in a faster sales close cycle. One of the main issues that a customer (typically unknowingly) encounters in an informal license review is the lack of contractual protections and due process.
Oracle triggers an audit via email & PDF to customer. Terms of the license agreement apply. For multiple agreements, the customer may request clarified terms from Oracle.
Oracle reps pose as friendly reviewers, pressure customers for compliance deals, but often neglect audit clause due-process protections.
Customers inviting Oracle for compliance validation often face shocking deficiency claims. No protection from Oracle’s unreasonable interference.
It may actually be a higher risk. The Oracle Assurance Service claims to “build confidence through transparency.” What is really happening is an LMS audit without contractual protections of the Audit clause. Some customers request this service from Oracle thinking that it will be a friendly, transparent process. It will invariably lead to a demand from Oracle for the purchase of costly licenses, or pressure to accept an Unlimited License Agreement or Oracle Cloud migration.
With hundreds of audit-defense engagements under our belt, let us help you face this time-consuming, risky, and confusing experience successfully.
The most common audit triggers we have encountered are: use of VMware virtualization technology, unlicensed use of Java, customer M&A activity, customer revenue growth, customer employee count growth, customer news reports of innovations or activities that might require Oracle technology, customer rejection of an Oracle sales proposal, not selecting the Oracle proposal in a solution RFP, etc.
The license agreement that you entered into with Oracle when purchasing software contains some standard language that outlines the customer’s rights in the audit process. Some customers may have specialized language in their agreement (either from negotiation with Oracle, or due to legal requirements in the country in which that customer resides) that could provide additional audit rights, or even extra audit obligations. Oracle auditors will typically adhere to the standard language unless the customer asserts their unique privileges.
Â
The standard rights that a customer has, as referenced in the online TOMA, include the following:
With hundreds of audit-defense engagements under our belt, let us help you face this time-consuming, risky, and confusing experience successfully.
The most critical thing is to not rush to respond to an Oracle audit notice. The audit clause in your license agreement likely gives you a 45 day notification period. While we take a very aggressive stance in defending our customers against Oracle overreach, it is important to be seen as participating in the audit.
Â
Even though we do not recommend giving in to all of the auditor’s demands for data, meetings, and other things, responding with an acknowledgement of having received the audit notice will indicate an intent to remain professional in the process.
According to the latest Gartner report, Oracle audits are now close to pre-pandemic levels, based on the number of audit-related calls Gartner is taking. Do
As part of the license agreement:
The Nondisclosure clause (section 8 of the referenced TOMA) states that “Each party may disclose Confidential Information only to those employees or agents or subcontractors who are required to protect it against unauthorized disclosure in a manner no less protective than under the Master Agreement.” The vast majority of customer legal advisors that we have worked with have been comfortable that with our own NDAs and services agreements, that House of Brick meets the definition of protected “agent or subcontractor.”Â
Concluding an audit with Oracle is sometimes not well defined, although we prefer to have a formal acknowledgment that all activities are complete. Once the auditors conclude their analysis, they turn the resolution negotiation over to the sales team for the “commercial resolution.” This means you pay them money for the audit to wrap up. Since we have rarely, if ever, seen an audit report that was 100% accurate, we recommend keeping the auditors involved to eliminate those errors and disputes before attempting any commercial resolution.
This will frustrate both the audit and sales teams at Oracle, but it is ultimately in the customer’s best interest. We never recommend compromising with Oracle on the audit fees, preferring instead to insist on settling at the exact deficiency amount, if any. Some customers we have worked with have made a business decision that a certain offer of resolution from Oracle is sufficient enough that they want to just end the process. In each case, we recommend a careful review of the audit close documentation for any “gotchas” that might get thrown in.
With hundreds of audit-defense engagements under our belt, let us help you face this time-consuming, risky, and confusing experience successfully.
Oracle has a keen interest in their customers migrating to Oracle Cloud solutions. When a customer decides to migrate to another public cloud they lose their sales opportunity. This can often lead to an audit where they can explore your license footprint and identify ways to try and push you back toward OCI.
YOUR COMPLETE GUIDE Migrating Oracle to AWS As trusted AWS Consulting Partners, we give you a real-world perspective on the critical considerations discussed in Gartner’s
House of Brick Technologies LLC © 2024
