Software audits are no longer a question of "if," but "when." Nearly two-thirds of Gartner's clients reported at least one software audit in 2011, and Oracle is among the top five vendors in audits conducted. Being prepared for an Oracle audit is increasingly essential to an organization's success.
While many cite capturing more legitimate revenue as the reason for audits on the rise, that is inaccurate. Revenue may be the end result, but it's not the reason for software audits. The reason is simple: Software publishers are protecting their intellectual property. Software vendors are the companies people love to hate, but the fact is that they are protecting their turf.
There are three primary reasons for an Oracle audit:
- Someone at Oracle suspects your enterprise is out of compliance for various reasons: recent mergers or acquisitions, restructuring or geographic growth, lack of recent and significant purchase activity, etc.
- Someone internal accidentally exposed you -- inquiries about a complex licensing issue, discontinuance of a licensing agreement, etc.
- Someone internal asked Oracle for a license review (it happens!).
So the real question is, What can you expect during the Oracle auditing process and how do you best manage it?
Different kinds of Oracle audits
The first thing to understand is whether Oracle has asked for a formal audit. Sometimes companies believe they are being audited, but there is nothing formal. This can be due to a miscommunication or misconception. For example, from time to time an Oracle account manager may suggest that you might have some licensing gaps and Oracle would like to help. They may even use the word "audit." This is not a formal audit.
An official audit letter from Oracle's License Management Services department is the only legal notice. Even a letter from any other Oracle department is likely not an audit notice, but an inquiry into your enterprise's assets for a variety of reasons. In the majority of cases, Oracle will uncover license compliance shortfalls. They are typically unbudgeted, unanticipated, and often in the hundreds of thousands -- or even millions -- of dollars, depending on the size of your overall Oracle estate.
Negotiate audit terms and respond
The first thing to do after the formal audit letter arrives is validate Oracle's right to audit the specified items. This is spelled out in the Terms & Conditions (T&Cs) of your Software Licensing Agreements (SLAs). There should be rules and limits to the process, and a schedule and scope of audits, all of which were negotiated by your legal/IT team in your original T&Cs. Before responding, try to determine if there is any wiggle room, a defined scope for audit and cost. Oracle will expect this.
After a rapid, formal response assuring Oracle that you are ready and willing to cooperate -- subject to scope and process negotiations -- there are several key steps to take before the Oracle audit begins:
- Form your response team, including legal, IT and the C-suite.
- Collect and review all Oracle SLAs, invoices and sales receipts, manuals and certificates of authenticity, and other renewal or procurement documents for proof of ownership. Oracle will want to review these items.
- Perform a self-audit that parallels Oracle's license compliance assessment. Try to measure how often each Oracle product is used -- average and maximum -- to determine if proper licenses have been purchased based on the amount of access. Know where you stand before going any further.
- Analyze your self-audit results, including how any enterprise modifications might have impacted your Oracle license management. Do your SLAs still conform to current business practices? Although potential violation areas are numerous, pay special attention to the following:
- Inadvertently taking software from development to production without additional licensing;
- E-Business (eBiz) application user counts: Double and multiple counting of the same user during audits are a typical oversight;
- Software upgrades;
- Merger and acquisition changes;
- Virtualization; and
- Mobile workforces
- Get expert help. If you do not have someone on staff with comprehensive, historical knowledge of Oracle's tendencies, preferences and ongoing licensing changes, hire an outside expert. An Oracle expert can help you save money and optimize your license management by negotiating the best T&Cs for you in the first place and by helping you navigate the intricacies of the Oracle auditing process after the demand letter arrives.
Be ready to pay
It would be unusual after a self-audit if you found that your organization was 100% compliant in terms of either under- or overlicensing. Be ready to cooperate and negotiate with Oracle. Licensing issues are not usually black and white, and situations vary from company to company in terms of how Oracle interprets compliance. In our experience, Oracle will work with customers to remedy honest mistakes and ensure better compliance moving forward. “Gotcha” back fees can be often be negotiated or eliminated in many cases.
Most of the time, non-compliance is due to lack of a good software asset management (SAM) program that is on top of changes in Oracle's software licensing rules, coupled with keeping aware of how the Oracle software is being deployed within the enterprise. It's important to remember that you are responsible for keeping track of the constant changes that Oracle makes to their licensing rules. Oracle does not issue licensing change notifications or send you a newsletter with important updates. Miro Consulting, for example, provides this service for their clients. We can tell you from experience that even with our Oracle licensing dedication and tens of thousands of hours of Oracle licensing experience, it's not easy keeping up with all the licensing changes from quarter to quarter.
The best way to avoid noncompliance fees arising from an Oracle audit is proactive software license management practices, including a good SAM program, regular self-audits and the use of experts to keep up with continuous changes to Oracle's licensing rules -- or any software vendor for that matter. Proactive management of software assets can reduce costs by avoiding both over- and underlicensing. Average savings are usually about 18% the first year, with increases year over year for an average cost savings of 30% from the total sum of the software licensing and maintenance fees over the years.
Scott D. Rosenberg is CEO and founder of Miro Consulting, whichoversees more than $1.5 billion in Oracle and Microsoft transactions. Miro is a software asset management consulting firm focused on Oracle and Microsoft licensing management.