Audits can be a huge headache if you aren’t prepared for the work ahead. Understanding the audit process and where to start can take some of the pressure off. Here is an overview of the Oracle Audit process and a few tips to help you prepare for your next Oracle audit.
Why does Oracle conduct audits?
An Oracle audit compares a customer’s Oracle software license rights to the usage of that company’s Oracle products to assess license compliance. A company’s software license rights are specified contractually and it is common for any software company to conduct an audit of those rights to protect the value of their intellectual property.
How does the Oracle audit process work?
The Oracle Audit process begins with a Notification Letter from Oracle License Management Services (“LMS”) and is generally addressed to the company’s C-level executive. This letter should reference the Oracle Audit Clause generally found in Section O of the Oracle License and Services Agreement (“OLSA”). It should also define the product scope of the audit, as well as, the specific Oracle License Consultant who will manage the engagement.
Next, Oracle will ask the customer to complete an Oracle Server Worksheet (“OSW”). The OSW is an Oracle template that is completed by the customer as a declaration of: • What Oracle products are being deployed • Specifications and configurations of the servers they are deployed on
The Data Collection phase follows the OSW process and includes a discovery and measurement process. • The discovery process includes a tool that will scan the IT environment in order to locate all servers on which Oracle is installed. This is to verify that all servers have been listed on the OSW. • The measurement process includes a tool that will verify the versions and features in use for all Oracle products in scope, as well as, the server specifications and configurations of the servers they are deployed on.
Once Data Collection has been completed, the assigned Oracle License Consultant will reconcile the customer’s software license inventory against the usage, according to the Data Collection, and provide a Final Report displaying any overages or shortfalls.
The Oracle Audit Clause generally states that a customer will have 30 days to resolve any shortfalls. The resolution is not handled by Oracle LMS and instead is handed over to Oracle Sales. Oracle Sales teams are incentivized, by large sales commissions, to resolve the audit in the most personally profitable way possible. Outcomes demanded often include the purchase of Oracle software and large retroactive penalties. Oracle Sales will often also try to force a purchase of Oracle Cloud products as part of the resolution due to increased commission incentives on Oracle Cloud Products.
Finally, an Audit Close Letter will be issued. The Audit Close Letter will not be issued by Oracle LMS until the customer has come to a resolution agreement with Oracle Sales.
How can you prepare for your Oracle audit?
Most Oracle License and Service Agreements grant a 45 day period for customers to prepare and respond to the Audit Notification Letter. Prior to an Oracle audit:
Customers should make sure they have the proper resources available to support an audit.
Customers should be able to answer: Which licenses do we own and how can they be used?
The customer’s procurement team should be readily available to verify which Oracle software licenses their company owns and the license’s restrictions, directly stated in the Order Document and OLSA if any.
An IT manager or systems administrator should also be available to provide an overview of which Oracle products are being deployed and the IT infrastructure they are being deployed on.
Customers should have an overview of all of their license entitlements including the quantity owned, the type of license metric, and any restrictions to those licenses.
Customers should assemble all of their Order Documents and their corresponding OLSA. At a minimum, a customer should have copies of their annual Oracle Support Contract renewals. This will provide the quantities, metrics, and generally will state if there is a restriction on the licenses. The Oracle Support Contract will not provide the specifics of the restrictions. The restrictions can only be found in the Order Document and OLSA. The Oracle Support Contracts can easily be requested from Oracle Support.
Things to know throughout the Oracle audit process.
Ensure that you completely understand your Order Documents and OLSA in detail. Customers shouldn’t freely open their doors to Oracle without understanding their rights.
Customers should review and understand their Oracle Order Documents and OLSA completely or seek professional advice. They should also have copies of their Order Documents and OLSA, but it is understandable that a few of these documents may have been misplaced for various reasons.
Every Order Document references a governing OLSA. Once a customer has received an Oracle Audit Notification Letter referencing the Oracle Audit Clause of a specific OLSA, a customer should request copies of the signed OLSA and the specific Order Documents that are related to that OLSA. Requesting the Order Documents will allow a customer to ensure that the product scope defined in the Audit Notification Letter is accurate to ensure that Oracle does not begin auditing products which they have no right to audit.
Review the Audit Notification carefully and in detail. Oracle auditors will attempt to extract as much information as possible about your Oracle usage, as well as your IT environment overall, including non-Oracle servers. Make sure that the Oracle products in scope of the audit are well defined according to the Order Documents and the Oracle Audit Clause contained in the OLSA.
Control communications with Oracle. Customers may have multiple employees throughout different departments that may be necessary to gather information for an Oracle audit. Oracle auditors are skilled in convincing customers to provide as much information as possible, even if the information does not pertain to the scope of the audit. Communication should be assigned to a centralized point of contact in order to restrict what is being provided to Oracle.
You are not required to run Oracle scripts. A customer does not necessarily have to use Oracle scripts if they have another methodology to gather the proper usage data needed such as Oracle Enterprise Manager or a third-party SAM tools.
Using these steps above as a guideline will help you get started in the right direction when an Oracle Audit comes your way. Although these tips are helpful, circumstances for each audit can be different and will require deeper knowledge to get through the twists and turns of the audit process successfully.
Want some help?
Here at Anglepoint, our expertise allows us to aid organizations by educating them through the entire process, giving them the guidance, peace of mind, and confidence they need. Contact us today for more information about how our Oracle experts can help you in your audit prep endeavors. Contact Usanglepoint.com/schedule