How to Prepare for an Oracle License Audit  

March 20, 2024
IT Oracle

Interested in learning more about NPI’s services?

Contact Us

If you’re an Oracle customer, expect a license audit in your future. Oracle has become much more aggressive in pursuing audits in recent years — especially for companies running Oracle’s solutions in conjunction with VMware virtualization. Java users are also facing heightened audit risk since the introduction of a new pricing model for Java SE subscriptions. The change has exposed liabilities for many organizations — creating significant financial risk up to a 2X to 10X increase in potential exposure for customers moving away from Named User Plus and Processor licensing to the new employee count-based metric.

However, if you’re holding any Oracle software license, you’re at risk of an audit.

Penalties for improper usage or licensing can be high. When helping clients proactively assess their compliance position, on average NPI discovers $79M in potential non-compliance for “standard” database, middleware, and E-Business Suite. On the flip side, you may also be dramatically overspending on unused licenses as well. Just ask the folks at NASA. It was discovered that the agency overspent by $15 million on Oracle software in fear they would fail a license audit.

Preparing for an Oracle audit is crucial. When audit notices go out, the average organization will spend 60 working days – and often significantly more – addressing specific requests and Oracle’s not particularly helpful. When under tight deadlines for compliance, it’s easy to make critical mistakes. The best approach is to conduct internal audits and work with a third party to validate compliance, and remediate where possible.

What Is the Purpose of an Oracle Audit?

Oracle’s stated purpose of its software audits is to ensure customers are properly licensed for their Oracle software products. However, the true incentive behind Oracle audits is to motivate customers to buy more licenses and upgrade or expand their Oracle environments.

What Are the Main Audit Triggers?

Several common triggers tend to catch Oracle’s attention and result in an audit.

Mergers or Acquisitions

If your company is merging with or acquiring another company, this activity will often trigger an Oracle audit. Oracle wants to make sure the new combined entity is properly licensed across the board.

Support Tickets

If you open a support ticket with Oracle related to an area you may not be properly licensed for, this exposes you to audit risk. Any support activity that shows gaps in licensing can lead Oracle to launch an audit.

Hardware Refreshes

When you refresh hardware or migrate to a new environment like cloud infrastructure, Oracle sees this as a prime opportunity to check on licensing. They want to make sure your licenses carry over properly to the new landscape.

Canceled or Reduced Support Agreements

If you attempt to save money by canceling support contracts or reducing your support level, this move can also spur Oracle to launch an audit. The vendor may see this as a precursor to reducing license counts and want to validate proper licensing.

Purchased an Oracle Cloud

When you purchase components of Oracle Cloud, the account team will often use this as an opportunity to audit your existing on-premises Oracle environments. Moving to the cloud gives Oracle a chance to assess comprehensive licensing.

The Oracle Audit Process

If Oracle contacts your organization stating they wish to perform an audit, the typical process goes as follows:

  1. Oracle sends a formal audit engagement letter. This kicks off the timeline for responding to information requests.
  2. Oracle provides detailed instructions and questionnaires to capture inventory related to hardware, virtual machines, third-party systems, etc. that interact with Oracle software.
  3. You gather and organize the requested information and submit it to Oracle within the allotted timeline. Non-response can lead to fines.
  4. Oracle reviews the deployment data and follows up with additional questions about usage, users, deployment timeframes, and other licensing factors.
  5. After gathering a comprehensive picture, Oracle prepares a compliance report detailing where they believe you are properly licensed and where gaps exist.
  6. Oracle presents the demanded remediation including fees for additional licenses, back maintenance, and reinstatement of lapsed support contracts.

How to Prepare for an Oracle License Audit

There are several key steps you need to take in preparing for an Oracle license audit.

Maintain Updated Inventory Records

Keep detailed records on all environments running Oracle software. For each environment, document the following:

  • Hardware specifications (server model, cores, sockets, processors)
  • Virtual machines hosting Oracle products
  • Third-party systems interacting with Oracle
  • Full list of users accessing Oracle software
  • Deployment dates for each Oracle component
  • Usage metrics like batch loads, concurrent sessions, query volumes

Understand Software Usage Patterns

Map the deployment of Oracle products like databases, middleware, analytics tools, etc. to internal teams, applications, and infrastructure. Identify which groups use Oracle software, for what purposes, which applications leverage Oracle, and the infrastructure supporting Oracle environments.

Categorize Usage Types

Classify usage of Oracle software into categories like:

  • Development
  • Testing
  • Reporting
  • Production
  • High availability
  • Failover
  • Disaster recovery

Different types of usage can impact license entitlements.

Retain Oracle Contract Documentation

Maintain records covering:

  • License procurement
  • Support levels
  • Order forms
  • Past audits
  • Consolidation initiatives
  • Addendums
  • Special terms and conditions

This documentation can clarify license entitlements.

Account for Discounts and Promotions

Work with procurement to identify any special discounts, promotions, or contract addendums that may affect license entitlement calculations.

Validate Named User Plus Lists

Confirm all employees submitted for the Named User Plus discount are legitimate full-time staff responsible for working hands-on with Oracle software.

When Should You Work with an NPI Oracle License Audit Specialist?

If you receive an Oracle audit notice, engaging an independent third-party expert can level the playing field.

NPI license audit specialists have extensive experience negotiating with Oracle from the customer’s perspective. They can review your licensing position and documentation to identify the most cost-effective remediation path that satisfies Oracle’s compliance demands while protecting your organization against overspending. With intricate knowledge of Oracle’s audit playbook, we can guide you toward the best possible outcome. Contact the license auditing and IT procurement experts at NPI today.