Background - News & Events (Landing) 2016
All Alerts & Newsletters

10 Things Every Licensee Should Do To Prepare for – And Survive – An Oracle Licensing Audit


If your company uses Oracle products, Oracle likely has the contractual right to audit your use of the licensed software. And, in the wake of the Mars v. Oracle matter, the only publicly-filed complaint challenging Oracle for its aggressive auditing techniques, Oracle is gaining a reputation for its audit practices. Whether Oracle’s auditing strategy is geared towards increasing licensing revenue streams, or better characterized as Oracle’s attempt to gain a competitive foothold in emerging markets (such as the provision of third-party cloud services), one thing is certain: Oracle’s approach ensures that your audit is either underway or approaching quickly on the horizon.

While every situation is different, in order to effectively handle an Oracle audit, every Oracle licensee should at least consider the following ten tips, five for pre-audit preparation (which your company should consider well in advance of the audit) and five for handling the audit itself.

Before the Audit

  1. Assemble your Oracle agreements and orders. Oracle licensing agreements generally contain a master framework agreement (typically the "Oracle License and Services Agreement" or "Oracle Master Agreement") and successive ordering documents specifying the licensed software, the types and count for purchased licenses, and the price for the licenses and accompanying technical support. All too often these controlling documents are not centrally located and licensees must scramble to collect them during the audit.
  2. Assemble all Oracle communications surrounding your licensing agreements. Often Oracle engages in extensive pre-licensing communication with its customers that includes an evaluation of system architecture and, especially with regard to companies that utilize virtualization technology, an affirmative statement by Oracle that the purchased licenses will ensure the licensee’s compliance. Having these communications at your disposal (and before liaison employees depart and the communications are forgotten) can be a powerful tool if Oracle later disclaims sanctioning your environment.
  3. Determine whether there are any unlicensed Oracle products or features inadvertently activated on your network. Some Oracle products, even if not licensed, are pre-installed and activated either automatically or inadvertently and, in some instances, may actually be used by unwitting employees who are unaware that their use may be unlicensed. It is likely preferable to catch and fix these instances before an audit (or, if the software is being used, to obtain proper licenses) than to be surprised by Oracle’s audit findings.
  4. Scrutinize and evaluate how your company’s virtualized environment is configured. If you run virtualization software, e.g. VMware, Oracle may allege a precipitous licensing shortfall that may price into the tens of millions of dollars. In a nutshell, most licenses are on a “processor” metric, which is defined as all processors on which Oracle products are “installed and/or running.” Defining “installed” as “available for use,” Oracle may claim that the capacity for live migration (the process of moving a running virtual machine or application between different physical machines) means that the programs are installed (a.k.a. “available for use”) on all processors across a virtual environment. Understanding how your virtual environment is configured and, if possible, deactivating live migration, or otherwise isolating machines running Oracle programs, should be considered.
  5. Ascertain whether there have been any changes in your system architecture (addition of servers, etc.) that increase your company’s processor count. It is not unusual for a company to change its system architecture without regard to its effect on the processor count. You may wish to work with Oracle pre-audit to increase (or decrease) your number of licenses.

During the Audit

  1. Obtain counsel experienced with Oracle audits. At its inception, the Oracle audit can appear reasonable. However, you should be wary of Oracle auditors trained and experienced in convincing licensees to voluntarily provide information that Oracle is not entitled to, leveraging that information for increased scrutiny and, eventually, for the purchase of additional licenses. Retention of an experienced attorney can help ensure that the audit is appropriately circumscribed to the licensee’s contractual obligations, speed up the audit resolution process, and send a strong signal to Oracle.
  2. Carefully control communications with Oracle. During the audit process, and usually through its sales arm, Oracle may reach out to multiple employees of the licensee, often across different departments, and probe them for information regarding virtualization that may be fed to the auditors and used to increase the pressure on the company. You may wish to centralize communications with Oracle and restrict the extent to which other employees communicate with them. Routing all communications through counsel can be an effective measure of ensuring no information is inadvertently provided.
  3. Be clear and firm upfront about what information you will and will not provide as part of the audit. Among other things, Oracle may request that companies complete an Oracle Server Worksheet, run multiple scripts alleged to measure Oracle usage and otherwise request detailed information regarding the virtualized environment. You should evaluate the extent to which your license requires you to disclose the requested information. For example, disclosure of information regarding servers, virtual or otherwise, that do not run Oracle software may not be required by your agreement or even relevant to the audit. Also be on the lookout for Oracle’s reliance on publicly available policy statements as support for its informational requests. (For example, see “Oracle Partitioning Policy”and “Licensing Oracle Software in the Cloud Computing Environment.”) These extra-contractual statements may not be integrated into your agreement or otherwise binding on the licensee.
  4. Carefully review the scripts Oracle asks your company to run before agreeing to run them. Be careful that the scripts you are asked to run will not collect information that you are not contractually bound to provide and/or automatically provide the results back to Oracle. If possible, scrutinize the functionality of the scripts, and, if indeterminate, consider performing a careful test run. Above all else, you may want to have an opportunity to review the results before they are delivered to Oracle.
  5. Pay special attention to replacement license agreements and other audit close documents. Expect that Oracle will push replacement agreements, such as an Unlimited License Agreement, on the promise that all licensing issues can be simply resolved. These agreements may provide short term relief from the pressure of the audit, but may also constrict the licensee and leave them more vulnerable in future audits, or upon certain triggering events built into the replacement agreement. Experienced counsel can most easily detect licensing pitfalls and ensure that the legalese is sufficient to prevent Oracle from later revisiting audit findings.
While there is no one size fits all approach, the above are tips to consider in your individual situation. We believe an Oracle audit can be contained and controlled. Careful preparation and close attention will help ensure that your company concludes the audit uncompromised and with minimal invasiveness.

Arthur S. Beeman and Joel T. Muchmore were the lead counsel for Mars in the Mars v. Oracle matter.

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Arthur (Art) Beeman
Partner – San Francisco
Phone: +1 415.365.7280
Joel T. Muchmore
Partner – San Francisco
Phone: +1 415.365.7202