Do’s to protect your company during an Oracle audit
Cooperate with Oracle
Every Oracle agreement says that you are required to provide “reasonable assistance and access to information” during the course of an audit. Not doing this can cause legal disputes or even (worst case) the cancellation of your support maintenance and your license agreement. An audit can be delayed, but you can do that in a smart way. It’s ok to delay it so that you have time to put all your ducks in a row, but don’t just dismiss it. Because it’s an official formal procedure that all Oracle customers have agreed to comply with (you included), you should just cooperate.
Organize internally for the audit
Make sure that you have the proper resources available to support you during the audit. You can create an internal team and agree on the approach: determine the appropriate people that will be involved, create a strategy and a tactical plan (implemented by a cross functional operational team). Try to find out the exact scope of the audit, duration or any other limitations of scope that may include geography, legal entities, product categories, environments, device types, days of the week, times of the day, etc. Create a communication protocol to control the information flow or a single point of contact.
Gather the entitlement documents and review them
Gather all the Oracle documents that you have and make a list of the ones that you’re missing. Then you can ask Oracle to provide copies of all the relevant agreements on your list (e.g., order documents, OLSA, OMA, etc.). This will allow you to ensure that Oracle is not auditing products which they have no right to audit and it will also offer you a clear overview of all your purchased licenses. Plus, you will get a better view on your contractual agreements to understand the terms and conditions.
Check SAM tools, deployment and usage data
Verify all the internal data before going to the battlefield. Keep track of the software that is deployed and used, how it is used and who is using the software. Most companies think that if they are using a (Oracle Verified) SAM tool, they are safe, which is not necessarily true. You will need to have full control which, besides the tools, require you to have the processes, the right people and knowledge to understand the data collected. For example, SAM tools can create software inventory and compliance reports, but often the software allocation applied by the tool is not aligned with the metric definitions in your contracts. And how does your tool capture all the necessary virtualization details?
Most people take it lightly, thinking “How difficult can it be to count licenses?”, but there is a reason why an audit done by Oracle itself can take 3 to 6 months from start to completion. Their team spends a lot of time and resources in order to look into all the details and to validate the compliance position. Our advice is to review your licenses every year. This way, you still have opportunities to remediate, optimize and become compliant before the audit letter comes in.
Ask for help
Proactive management of license entitlements is key to avoid being landed with unexpected additional cost and you can do that by performing an internal audit. It’s all in the details: if there is no clarity on the real license entitlements or on the real deployment and licensable usage it can translate into missed information and possible risks. Of course, it is recommended to do this before the audit letter lands on your desk. Nevertheless, even if you already got the letter, you can still use the help of independent experts in licensing, as their advice can make it easy to save time and money. We can share our knowledge and assist you in every step of the process.
Review the audit report you receive from Oracle
The audit is over and there is no turning back. So, what can you do now? At the end of the audit, it’s a bit late to change the results, but you can learn from this and prepare better next time: review the audit report you receive from Oracle, check any discrepancies and ask for explanations regarding the differences. This can help you take preventive measures in the future and optimize your usage. Start performing annual internal reviews on your license usage to have a better management of your software assets.