In the past I’ve blogged about the “stealth audit” from Oracle. This is where a client is being audited but doesn’t even know it. They give Oracle all their technical information, perhaps run some scripts, and all of a sudden they are hit with a huge unexpected bill from Oracle.
Oracle has become so good at the stealth audit that even savvy software customers don’t know they are being audited. Recently a very good Palisade Compliance client called me because she received a letter from Oracle and couldn’t figure out what it meant. I asked her to read it to me. She read “You have been selected to participate in a license review.” I stopped her right there and told her that her company was being audited. She actually protested and I had to convince her. She read it to me again and I explained the entire process and she finally relented.
The troubling thing for me is that she is an expert in her field but still didn’t know an audit was afoot. How many people reply to this letter with their guards down and without conducting the prep work needed to properly manage the Oracle audit? How many people let Oracle in, open up their IT departments, and unnecessarily expose their company to multi-million dollar audit findings? When you read that language it really does sound like a good thing. Sort of like getting that letter from the Publisher’s Clearing House where you reply and spend lots more on unnecessary magazine subscriptions. Only this time they are multi-million dollar support subscriptions!
I don’t know why Oracle just doesn’t call an audit an audit. Perhaps they don’t want to scare their customers. Maybe it’s an effort to be a “kinder and gentler” Oracle? Whatever the reason, this sideways messaging around the audit creates plenty of consternation within their audit targets and a large customer satisfaction problem. My guess is that it also drive a lot of revenue Oracle’s way.
The first thing customers need to be aware of when they hear things like:
- “you’ve been selected to participate in a license review”
- “license health check”
- “mid term ULA review”
These terms literally mean that they are about to be audited. Red flags should go up with sirens blaring. The second thing customers need to be aware of is that there is a process and a best practices for handling such audits. Just like you would get an account to help you with an IRS audit, you should have an Oracle compliance expert handle your Oracle audit.