In Episode 3 of our Oracle video briefing series, we’ll take a look at Oracle audits. We know that vendor audits can be overwhelming, so in this video, we want to provide you with a few pointers on how to control your deployments and why it’s important to know your rights. From an audit’s scope, to what information is shared to your contractual rights, we will take you through what you need to know so that you can be prepared for any audit eventuality.
Oracle audits overview
Oracle has the right to audit any customer due to the audit clause contained in any Oracle agreement (e.g OMA, OLSA). This audit clause underwent some significant changes just under two years ago, and contained two key points to keep in mind. First of all, customers are now obliged to run Oracle scripts on their environment as part of the audit process. However, this change only applies to licenses that were acquired in order documents that reference agreements with new audit clause. The second change stated that the confidentiality T&Cs contained in the agreement – whether an OMA, OLSA, or any other type of contract – apply to the entire audit process.
But how does Oracle decide which customers it’s going to audit? Customers are selected in different ways – it can be random, but it could also be because a customer’s purchasing behaviors have changed. For example, the customer could not be spending as much as it has done in the past. Another trigger could come from a customer’s Oracle sales representatives asking for an audit as they have spotted elements of non-compliance, or potential areas for concern in the future. Like with many mega-vendors, sales teams have a high turnover rate, with reps changing on a yearly basis – making it harder for customers to build a relationship with them and for them to get to know a customer’s requirements and Oracle environment. Like all sales reps, they are also under pressure to meet their revenue targets – and the audit procedure can be an effective way of meeting these goals.
There are several other key points to consider when it comes to Oracle audits.
What to consider
Audit scope – For each audit, Oracle will have a certain scope of technology or products that it intends to audit, as detailed in its initial audit letter. However, at Livingstone, we’ve worked with a number of Oracle customers undergoing the audit process who have been asked to produce information that pertains to products outside of the audit scope. For Oracle, this information can be valuable during audit findings, so it is essential to establish what the audit scope is before going into providing any info or starting discussions with Oracle. For example, if your audit letter states that Oracle wants to look at just technology products, you are well within your rights to decline to answer any questions it starts asking about applications you’re deploying.
Contractual rights – Which brings me on to my second consideration: your contractual rights. The audit clause also states that any audit will not interfere with normal business operations. Again, customers can use this term to their advantage to push back on timelines and requests from Oracle. If you have other time-sensitive products or don’t currently have the right resources to undertake an audit, for example, you have the right to ask Oracle to postpone. While this doesn’t remove the audit altogether, it does provide some breathing room.
Information sharing – As discussed above, Oracle will ask all kinds of questions, and while some will pertain to the actual scope of the audit, some of the information it will be asking for needs to be considered carefully. As per the new terms of the audit clause, Oracle will ask customers to run scripts as part of the audit process. This is because, while it can collect information from products such as Database, Database Options and Middleware, Oracle cannot run scripts on a number of other products. For Oracle to audit your usage of these products, you will have to undergo a questionnaire type of audit – it’s important to keep a close eye on the information you are sharing here. Whilst it’s essential that you are complying and answering questions, make sure you are not handing over additional info that isn’t needed, as this will only give Oracle the upper-hand in the audit or further down the line with any contract renewal or exit.
What can I do?
Understand your rights - It’s extremely important to understand your rights. You can’t say no to being audited, but you can assert some control over the questions you are asked and what information you are sharing with Oracle. Depending on the scope of the audit, you are not obliged to run certain scripts or provide certain information – you can push back, providing that you understand your rights. This is the most important thing to keep in mind when it comes to Oracle audits, and can make a huge difference when it comes to the outcomes of an audit finding.
Be prepared – As audits can take place at any time, it’s crucial that you are prepared to be audited and can undertake it without fear of being non-compliant. Key here is knowing what products and licenses you have deployed and where. Document your Oracle environment to gain a clear picture of all Oracle products and servers being deployed. Then, actively manage this list, updating it when there are any changes ensuring you’re meeting the T&Cs that govern licenses. This proactive management will not only give you a clearer idea of what is in your environment – and even show you were cost-savings could be made – but it will show Oracle you are in control of your environment and deployments, making the audit process smoother.
By controlling and optimizing your Oracle investments and deployments, you can gain valuable understanding of your compliance, consumption, costs and contract.
Further reading & Oracle content...
Video series: Oracle Briefing Series.
Series of six short Oracle briefings helping you to prepare for 2022.
Article: Five ways to ready your organization for vendor audits
Or for more information, visit our dedicated Oracle page, email us on info@livingstone-group.com or complete this form and one of our contract experts will be in touch.
About the Author
Razvan Tarnovschi, Oracle Practice Lead
Razvan joined Livingstone Group in 2021 as Oracle Practice Lead and brings with him 13 years of Oracle experience. During this time, his responsibilities included negotiating high dollar value contracts with customers. Razvan has a deep understanding of the language of Oracle's complex contracts including policies and terms.