Oracle Audit Intervention & Compliance Whitepaper
Among enterprise software vendors, Oracle license audits are particularly difficult, in part because Oracle makes access to their software very easy. So easy that many customers create a multi-million dollar compliance problem simply by running a report or downloading and installing readily available software, options or features. Oracle makes it very clear that compliance with (complex, vague) contracts as well as (unpublished and inconsistent) Oracle policies is 100% the responsibility of the software licensee. As a result, your company carries a substantial compliance risk that can translate into large unplanned IT expenditures very quickly.
Because of the complex and vague nature of Oracle licensing rules, it is highly likely that in any audit: whatever you do, however much you spend on software asset management, and regardless of how diligent you are, you WILL be found non-compliant when they audit. Oracle, like all software vendors, views the license audit as a source of revenue as well as a valuable tool for increasing negotiating leverage. This means that there are two types of non-compliance finding: those that are truly revenue events, and those that are arguably revenue events but can be piled up as leverage in any current negotiations.
Request Premium Content
This white paper is the second of two, and focuses on the later stages of the Oracle audit continuum:
Ensured – Actions by your company, usually an employee, indicate that you may be out of compliance and it is now only a matter of time before you face an Oracle software audit.
Underway – The Oracle audit letter has been received information about your network, applications, data, staff, and business operations are being gathered and analyzed.
Complete – Typically when the Oracle audit report is complete all companies go back to Audit Possible stage. However, depending on the audit outcome, you might find yourself in the Likely or Ensured states for next year.
In this Palisade white paper on Oracle audit intervention and compliance, we’ll focus on the following areas:
Audit Triggers & Steps
Software audits are not (usually) random, they are most often triggered by business events and innocent or not-so-innocent behaviors. These events and behaviors move your company towards a much higher category of audit risk. Some of these events and behaviors are within your control while many are not.
Audit Ensured De-escalation Strategies
We’ll uncover 6 strategies that could de-escalate a potential audit including: asking for help, business reversal, technology evolution, changed buying approach, sales turns you in, and disgruntled employees.
Audit Underway Strategies
Once your company reaches the Audit Underway stage, there are few ways to de-escalate the situation because the audit is going to happen. The audit underway strategies will include:
- how to negotiate an audit
- understanding the implications of sharing data
- how to increase your leverage
- improve contracting
- building for the future.