Welcome to Oracle audit season

This time each year, we see a marked spike in the number of audits requested and undertaken by Oracle and 2020 is no different. While this May is by no means a typical month for many of the enterprises and public sector organisations running Oracle, it’s clearly very much ‘business as usual’ for the vendor’s compliance department, which marches on regardless of COVID-19.

Why May matters for Oracle

This annual peak in audit activity coincides with Oracle’s financial year-end, which is 31st May. Every year we see a flurry of activity during the run up to this date, as the vendor embarks on a last-minute mission to bolster its balance sheet with additional license revenues, back maintenance charges and penalties.  Of course, there’s no reason they can’t take place at any other time of the year, but May is clearly ringed on Oracle’s calendar as the time to double-down on audits.

While there has been no let-up this year, it is worth noting that any request for a delay – because the organisation is going through rapid transformation or because they are short of resources due to absent or furloughed staff – will most probably be granted. However, in the longer-term we expect that COVID – and the ensuing economic downturn – to cause an increase in audit activity, not just from Oracle but from all vendors. This was certainly the case during previous recessions, as publishers sought to maximise revenue in a shrinking market.

Oracle’s modus operandi

Oracle has a reputation for being tougher than most when it comes to its audit strategy. This isn’t because it’s inherently more aggressive than its peers, it’s simply a reflection of its overall business model, which it built on trust and software that doesn’t require license keys.

Compared to other publishers, Oracle is relatively relaxed about software deployments, trusting its customers to buy and renew the appropriate number and types of licenses, in line with its license compliance policy. It’s more active when it comes to auditing, simply because it uses them as a mechanism to ensure organisations are using what they say they’re using and paying appropriately.

This trust model can be a major challenge for Oracle users. The vendor’s licenses and support packages are so complex and broad in range that even the most diligent of organisations are likely to have some degree of non-compliance. It’s not easy to decipher what licenses and support they have, let alone what they need.

Areas of focus

If you are facing an Oracle audit, it’s worth bearing in mind that the vendor’s approach varies considerably according to the software category.

In particular, we’ve noticed that the company’s Fusion Middleware platform has become a focal point for license audits. With this software product category, Oracle’s measurement collection tool and specialised scripts have been enhanced on a yearly basis, raising new risks, particularly around Oracle Coherence (outside of WebLogic Suite), Service Bus (SOA Suite) and WebCenter software products.

Cloud credits are also a major complication. Oracle sometimes offers these are part of the commercial negotiations following failed audits. Companies are being issued licenses for cloud-based applications that they may not want or use.

How to mitigate the risk of audit


Audits consume a considerable amount of resource and time, impacting C-level executives as well as IT and procurement teams. Yet they also happen on a regular and predictable basis, so organisations do have the opportunity to get on the front foot, developing formalised, repeatable audit plans that place them in a better position to both manage audits and handle the subsequent commercial negotiations.

For more information on Oracle’s audit regime, including an overview of recent product and license changes and a discussion around the treatment of ULAs, please listen to our recent webinar: Oracle: what you really need to know in 2020. It also provides some valuable advice on how to draw up and manage an audit plan.

CLICK HERE

ABOUT THE AUTHOR

Author: Paul Stevens-Craig, Head of Audit Practice

Paul is our Head of Audit Practice and has worked closely with many of our clients and partners delivering strategic business outcomes. He leads our highly experienced and qualified consultancy team, creating a centre of excellence.

Paul provides customers with expertise and advisory services with reference to IT Asset Management and IT/Digital Transformation initiatives. Having worked in the IT Industry for over 25 years, he has had roles in senior management and software & license consultancy for companies such as Oracle, Hitachi Consulting and PricewaterhouseCoopers (PwC).

Since leaving Oracle in 2005, Paul primarily focused on complex vendors such as Oracle, SAP and IBM, providing advisory services such as process and contract management, licensing, optimisation and risk mitigation for many UK and Global companies, across different industries within the private and public sector.