In this blog series on how to stand up to Oracle, I’ve talked about a number of things you can do to avoid getting audited. But just suppose all that fails, and you receive an audit letter from Oracle. What’s the absolutely number one, do-not-pass-go FIRST thing you need to do? And no, it’s not muttering a few choice invectives (although that might feel kind of satisfying.)
Here it is: Find and read your contract.
Your Oracle contract is your first line of defense in preparing for an audit. It alone serves as hard evidence of a license grant. And it holds the critical information you need to understand the terms of your agreement – so that you can do your own investigation and see if you are in or out of compliance BEFORE Oracle comes calling with its own point of view.
As someone who worked at Oracle for 15 years, spending a good chunk of that time running their contracts team, I can assure you that Oracle knows your particular contract inside and out, and they’ve assessed it to identify your vulnerabilities and likely areas of noncompliance. If you don’t do the same thing, you’ll create an information imbalance, giving Oracle a huge advantage.
Unfortunately, finding your contract is often easier said than done.
Many of my clients find this difficult, particularly if the contract goes back several years and their organization has gone through the inevitable comings and goings in Legal, IT, Procurement, and Contracts. Even if they locate something, they’re not always 100% sure it’s the final, up-to-date version.
Easily fixed – just ask Oracle for it, right?
Nope, that is the absolute LAST thing you should do. First, if they’re already auditing you, that’s a big honking sign to them that you don’t really know what you have, what you should have, and where you have it. They know for sure they have the information advantage. You’ve just given them permission to win.
And if they’re NOT auditing you (yet), asking for it before they do is no better. In the world of Oracle, a request for a copy of your contract makes them assume that you don’t have licenses and you’re 100% out of compliance… yep, triggering an audit.
Fortunately, there are some clever, sneaky ways to get a copy of your contract – or the information that’s in it – that won’t raise any red flags. For example, every year, Oracle sends its customers a support renewal bill that sets forth all the details in your contract: products, pricing, metrics, and so on. While it’s not an actual contract, this support renewal bill can be used as evidence of one. And because it comes every year, it’s probably going to be easier to find than the original contract and more likely to be up to date.
Another way to get a copy of the full contract is during a purchasing opportunity. Ask Oracle to produce an amendment to the original contract, and they’ll have to send you the full contract so that you can see their proposed changes. If you’re negotiating a new purchase, they’re unlikely to be churlish enough to send you an audit letter at the same time.
Of course, getting your hands on a copy of your contract is just the first step. Next, you have to parse through it and understand what it means – and then look at your actual Oracle usage to compare reality with your contract terms. This is something we recommend doing whether you’re being audited or not, because you can always benefit from having a clear view of where you’re in and out of compliance, and where you are over or under-deployed.
This part of the process can be quite complex, arcane, and time-consuming, so it’s where you might want a knowledgeable third party to step in. We’ve done this for many other companies, and we’d be very happy to discuss how we might work with you to complete an assessment.