softwareOne_logo_forPrint_no_tagline_(1).jpg

Thought-Leadership Blog

FacebookIconTwitterIconlinkedinIcon

Oracle Compliance – Know Your Audit Risk Profile

Thought-Leadership by Brian Lowinger
on April 12, 2016

oracle-compliance-know-your-audit-risk-profile.png

Like most large software publishers, Oracle routinely audits its customers to ensure compliance and to generate incremental revenue. While Oracle auditors may characterize the customer under audit as having been randomly selected, the reality is that most audits come about either as a submission directly from Oracle sales or as a generated target from Oracle’s audit department itself. Oracle audits are infamously long, resource-intensive, and, all too often, are financially costly for customers.

The question any Oracle customer should ask is: “Am I at risk for an Oracle audit?”

When were you last audited by Oracle?

Given their tens of thousands of global customers, Oracle does not have the bandwidth to audit each customer every year. While the standard audit clause in Oracle’s license agreements allows for frequent audits, Oracle will likely not audit the same company within 3 years of a past audit. All things being constant, a customer who’s last audit was 5 or more years ago is at a greater risk, and we believe customers that have never previously been audited are at greater risk still.

Has your company made any acquisitions?

One of the most common activities that trigger Oracle audits are acquisitions. Oracle often assumes that when one company acquires another, the parent company’s software needs increase because of additional headcount, operational size, etc. When an acquisition occurs and the acquiring company does not swiftly buy more Oracle software on their own, Oracle may smell an opportunity for an audit. Likewise, if your company has recently grown through acquisitions, you may be at greater risk of an audit.

Are you still licensed by legacy metrics?

Oracle has licensed their software by many different metrics over the years., and some customers remain licensed by those retired metrics. In some cases, an old metric may be outdated when compared to current hardware standards. Examples of this are the Named User Multi Server and Named User Single Server metrics, which had minimum license requirements tied to the number of MHz of a server.  While the metric may have served the customer’s purposes 15 years ago, state-of-the-art hardware may be creating a compliance violation by inflating the minimum number of licenses required. 

Many Oracle customers are licensed by a concurrent metric. While there are advantages to remaining on concurrent licenses, Oracle knows all too well that adherence to concurrency as it has historically been defined by Oracle is difficult. 

Some old metrics did not include the allowance for automatic batching that customers enjoy today through the Named User Plus metric. For customers using these old metrics, they must license the front-end user population for any third party database that batches to Oracle. Oracle knows this presents a compliance pitfall for customers as well.

For these reasons, customers that remain licensed with legacy metrics may be at greater risk of audit.

Do you use E-Business Suite or other Oracle applications?

Many of Oracle’s applications run on Oracle middleware and database programs. If Oracle believes that you do not have enough licensing of the technology stack to support your application use, they may be incented to audit. If your applications-spend far outpaces your spend on technology programs, that could raise a red flag to Oracle.

Have you given Oracle the cold shoulder?

Generally, your Oracle salesperson would rather do business with you directly than submit you for an audit. Many customers who won’t pick up the phone for Oracle, therefore, have subsequently received the dreaded audit letter shortly thereafter. Right or wrong, going dark on persistent Oracle salespeople may increase the likelihood of an audit.

Know your risk profile…and be ready.

Our message to customers is not that they avoid any of the above behaviors that could potentially incite Oracle to audit. Rather, our advice is to be aware of what Oracle views to be a promising audit target and to be ready by ensuring compliance with Oracle’s licensing policies BEFORE any formal audit takes place.

If you feel you’re at risk for an Oracle audit and would like to discuss with a SoftwareONE expert, click the banner below and a Software Asset Management specialist will reach out to you shortly.

oracle-call-to-action

Related blog posts:

Topics: Core Infrastructure

pyracloud-demo-request

Subscribe to Email Updates

Subscribe by RSS
SHARE THIS PAGE
     

ON TWITTER