Oracle Software Audit Attorneys Answer Your Frequently Asked Questions

Oracle is the second largest software company based on revenue and market capitalization. This success is fueled, in large part, by software sales and licensing fees.

Oracle takes its intellectual property rights associated with software licensing very seriously. Oracle licensees should carefully review their Oracle licensing terms—and have a thorough understanding of their Oracle license obligations—before Oracle License Management Services (LMS) contacts them about a license compliance review or software audit.

You may not be aware of all the license agreements you have with Oracle because, over the last few years, Oracle acquired companies such as PeopleSoft, JD Edwards, NetSuite, Siebel, Sun and many others. It can be quite challenging just to figure out the applicable license agreements and the scope of the audit.

An audit from Oracle can be also be challenging in other ways. Having your Oracle license management processes in place prior to an audit can minimize any business impacts of an audit by Oracle LMS.

Q: What authority does Oracle have to conduct an audit?

A: Oracle’s Software License and Services Agreement (SLSA) & Oracle’s License and Services Agreement (OLSA) contain clauses that allow Oracle to audit a customer’s use of Oracle products.

Q: What is an Oracle Server Worksheet?

A: An Oracle Server Worksheet (OSW) is a spreadsheet that Oracle or its auditors send at the beginning of an audit to collect information about customers’ use of Oracle products. It contains requests for names of products, descriptions of the hardware environment, and number of users.

Q: What happens if a customer refuses to cooperate with Oracle’s request for an audit?

A: Oracle will continue to escalate the matter internally. Oracle may threaten to terminate the customer’s licenses for breach of the OLSA or SLSA.

Q: Will Oracle use its own team to conduct the audit?

A: Oracle’s license management team may conduct the audit or may decide to work with an outside accounting firm to conduct the audit.

Q: What component of the audit process is the most difficult for Oracle’s customers?

A: The on-site verification meeting presents many challenges for Oracle’s customers. There are privacy and security issues that the customers need to work through. For privacy and security reasons, some customers also object to the use of Oracle’s tools to verify compliance.

Q: Is there any way to limit the scope of an Oracle audit?

A: The best way to limit the scope of an audit is to negotiate the audit provisions in the license agreement when a customer purchases Oracle products. It is difficult to limit the scope of an audit after Oracle sends and audit notification.

Q: Do Oracle customers conduct proactive audits?

A: Many Oracle customers regularly check their compliance with Oracle’s license requirements, even if Oracle does not send an audit notice. It can be reassuring to regularly assess the Oracle licensing position.

Q: Can I hire counsel to assist me with my Oracle audit?

A: Absolutely. Oracle customers often find it helpful to work with attorneys to protect the customers’ interests in the audit.

Q: What is the difference between an Oracle License Review and an Oracle Compliance Audit?

A: Essentially, there is no difference. A review may sound friendlier than an audit, but it still includes an analysis of your implementation and usage of the licensed Oracle products to verify compliance. So, there is really no difference.

Q: What happens during an Oracle Audit?

A: First, your business will receive a notification letter from Oracle LMS indicating that your business has been chosen for a license audit or license review. Usually, the letter is sent to a company’s CIO and/or CFO and sometimes specifies which legal business entities and which Oracle software programs are included in the scope of the audit.

Oracle will request that you complete an Oracle Server Worksheet (OSW) with details of your IT infrastructure and software installations. During the audit process, Oracle may request that your company:

  • Run scripts on your servers
  • Execute special commands on licensed software programs
  • Provide systems infrastructure reports
  • Create log files for Oracle to analyze
  • Assign a single point of contact to coordinate the audit for your company
Q: How much notice does Oracle give for license audit?

A: The standard license agreement from Oracle says “upon 45 days’ written notice Oracle may audit your use of the software programs.” If your company has good license management processes and policies, then it might be difficult to comply within the 45-day timeframe.

Of course, Oracle LMS (and its partners) may want to start the process audit sooner. Before responding to an Oracle licensing inquiry or submitting any data to Oracle LMS, experienced Oracle license audit attorneys should review your company’s existing Oracle license agreements and make recommendations for when and how to respond to the audit request.

Q: How often should you expect to be audited?

A: Oracle often has the legal right to audit a company not more than once every 12 months.  While some companies can go for 10 years or more without an Oracle license audit, many companies see audits every other year. 

Q: Who pays the cost for an Oracle audit?

A: Your company is responsible for any costs associated with complying with an audit.  The licensee’s agreement with Oracle may state that if your business violates the license agreement, to correct this, Oracle may:

  • Charge full list price for additional software licenses
  • Assess technical support fees for the time unlicensed software was used (can be up to 22% or more of license fees prorated back to when the license should have been initiated)
  • Suspend technical support services and software updates
  • Terminate the license agreement
  • Implement other remedies

Clearly, any remediation can be very costly to your business. As the licensee, it’s your company’s responsibility to ensure that your company is in compliance with the terms and conditions of all your license agreements. Your company can avoid these costs by performing a proactive license review before you are contacted by Oracle LMS.

Q: Am I required to install/deploy the scripts from Oracle LMS during an audit?

A: Technically, your license agreement does not require your company to install/deploy the scripts from Oracle LMS if you can gather the required information completely and accurately. However, many companies do not have the tools or resources that allow them to provide this data, so they use the scripts from Oracle LMS.

Q: What software is typically included in an oracle license audit?

A: Oracle has acquired software applications from BEA Systems, Siebel Systems, PeopleSoft, JD Edwards, and many others. Any software owned by Oracle can be subject to an Oracle license audit, but Oracle LMS tends to focus on programs with the largest number of end users such as:

  • Oracle database applications
  • Oracle Application Server
  • WebLogic
  • Tuxedo
  • Agile/AutoVue
  • SOA
  • Siebel
  • Other enterprise-wide software that you might not have realized is licensed by Oracle
Q: What errors should we look for in Oracle’s audit report?

A: Scott & Scott LLP has defended more than 500 audit cases in the last 10 years. Some of the most common errors include:

  • Not recognizing products purchased that can mitigate licensing gaps
  • Using the wrong license metrics instead of the metric definitions in the license agreement
  • Incorrectly calculating licenses needed for virtual environments
  • Calculation of licensing of Oracle programs in disaster recovery deployments
  • Application of minimum required licenses per processor for all server (test, development, acceptance…) environments deploying Oracle applications
  • Lack of understanding of installed components, modules, features and options
  • Incorrectly counting the number of users due to duplicate and inactive user names
Q: What can trigger Oracle license audits?

A: Some of the most common triggers for license audits for Oracle software include:

  • Old or outdated license metrics
  • Mergers and acquisitions
  • More than three years without an audit
  • Using a virtual environment (e.g., VMWare)
  • Making a support call for unlicensed features or describing infrastructure during a support call
  • Not buying an Oracle cloud solution
  • Not meeting with a sales rep to discuss new projects
  • Noncompliance found in a previous software audit

Many other seemingly capricious factors may also trigger a software license audit.

Q: Do we need to reply to the Oracle LMS notification letter we received?

A: You have 45 days in which to acknowledge receipt of an Oracle software audit/license review notification letter. You can try to negotiate more time, e.g., a 90-day notice period in your contract terms.

If you do not respond within the 45 days, Oracle LMS may persistently try to contact you. Requests from sales representatives and informal requests are voluntary and not formal audits. 

Q: Can we ask Oracle LMS to postpone the license audit?

A: You can ask Oracle to postpone the audit. Occasionally, Oracle may delay for a few months if you provide them with a justifiable business reason for postponing the audit (for example, changes to your IT business infrastructure).

Q: When we receive the Oracle License Audit notification letter, what should we do first?

A: First, gather your team to do a legal and functional review of your Oracle contracts. Determine if Oracle has the legal right to audit you.  If necessary, ask Oracle LMS to provide all agreements that give it the legal right to conduct an audit.  . It’s not sufficient to have the support renewal documents.

You will need to gather Oracle OMA, OLSA and ordering documents. Use these documents to determine the scope of the audit and negotiate a non-disclosure agreement (NDA) (if necessary) with Oracle to protect your company and commit to the parameters of any audit.

Q: If we haven’t changed our Oracle environments since the last Oracle license audit, can we assume we are still in compliance?

No. Given today’s virtual and distributed IT infrastructures, it’s nearly impossible to be aware of what features your staff may have implemented, how they are configured, and how they may impact your Oracle environments. Oracle LMS may request to audit you at any time and find licenses you did not know you had. And, when they do, they expect to find additional revenue.

Q: How can Scott & Scott LLP help manage your Oracle licenses and software audits?

When you’re audited by Oracle LMS, your company is not the only one that will be preparing an experienced team. Oracle LMS has a team of audit personnel and lawyers to negotiate and resolve disputes in their favor, which can subject your company to expensive non-compliance fees and additional licensing and service agreements.

At Scott & Scott LLP, our knowledgeable software audit attorneys have represented businesses of all sizes and successfully defended them during Oracle LMS software license audits for many years. We can help you put together an effective Audit strategy.

If your organization is contacted by Oracle LMS, reach out to us today at (214) 999-0080 or online to schedule a free 30-minute call with one of our qualified attorneys.