- Forbes, December 15, 2015
The money tree is shaking. There was a time when audits were merely punitive in nature, a tool to be wielded to bring a customer who may or may not be in compliance with hundreds of terms, conditions, and clauses they’ve signed up for over the course of years in some cases to heel. But that was then, and this is now. Audits are now the norm – routine – as traditional on premise software providers like Oracle attempt to bridge the revenue gap as they attempt to transition their business to the cloud. In our experience, Oracle is setting a new standard of excellence in shaking the audit money tree.
As a result, audit defense has never been more paramount than today. Show me a client that has a new Software Asset Management solution in place, and more than likely. I’ll show you a client that’s been hit hard by a recent audit that resulted in huge, unplanned expenses. They are often very closely related these days - for good reason. The first methodology to defend yourself, is to first know what the triggers are that will get you the ‘letter from LMS’ (Oracle License Management Services). Below we’ll discuss the triggers, along with what you should do when you get a letter (hint: call us first!), and how to avoid them altogether where possible.
Audit Trigger Number 1: You license Oracle through SAP
One of Oracle’s historically largest customers by virtue of reselling, is SAP. In certain circumstance, this can be, in fact, one the most inexpensive ways to license Oracle software – but clients must beware of the traps! There are specific terms in which you are to use those Oracle licenses if they come via SAP, and if you unintentionally violate those often restrictive limitations, you could be in for a nasty surprise. One example is around Oracle’s ‘Performance Management Packs’. You may have picked these up from Oracle along the way, but if you’ve not purchased specifically, the packs licensed by Oracle ‘for SAP’, you are in violation. There are many other ‘traps’ in the licensing via SAP so make sure when you add on, to follow the fine print and avoid the many traps that can cost clients millions. Better yet, have us review your existing agreements and any potential new agreement to help assure you are in the clear.
Audit Trigger Number 2: Recent Mergers, Acquisitions and Divestitures
Often our new clients were so wrapped up in untangling hundreds of technology agreements and networks during M&A activity, they simply lost site of the details around the software licensing provisions. When a company brings in thousands more employees during a merger, it stands to reason from Oracle’s perspective will be that you will now owe them for the exponential increase in potential and actual users.
Divesting a company? Better make sure that the IaaS agreements are modified for the company that is going it alone or being spun off. No software agreement allows for a separated company to ‘sublet or rent’ infrastructure services once they are on their own. Best you can hope for is a grace period, but at some point the divested company better buy their own or they are in for an audit ride of a lifetime.
While Transition Services Agreements (TSAs) are a common construct of business transactions, they almost always run afoul of Oracle’s terms and conditions unless specific carve-outs are negotiated in the originating agreement. It’s best to assess these clauses carefully before proceeding with any action to make sure you’re not later surprised to find out that a divesting entity can divest none of its licenses to a newco, and a newco can acquire none of its licenses from the divesting entity. What’s left is a divesting entity with significant excess capacity, and a newco with a significant gap in licensing, and therefore a compliance obligation.
Audit Trigger Number 3: Whistleblower
Reminds me of the old World War II adage: “Loose lips sink ships.” This can take on many forms, and more often than not can be unintentional. Of course disgruntled former (and even current) employees can blow the whistle to a supplier if they know there is a compliance issue that is unresolved. Just as often however, it can be by accident and overheard by the right (or wrong depending on your perspective) person at a lunch or trade show event: “yeah – I know that tool, we now have 4k people using that today”. Unfortunately, it doesn’t take much to get the attention Oracle in this regard.
Another interesting trend seems to be that when you get audited by one supplier, several more come in quick succession. Are you working with partners, consultants, and other 3rd parties? When one finds out you’re getting audited, it’s only a matter of time before your other providers find out and figure if you’re non-compliant in one area, you’re probably not compliant over in this other area. Supplier audit #2 on the way!
If ever you are subject to an audit by an ‘objective third party’, make sure that the data determined by the audit is limited to the supplier in question, and in no way can be shared with anyone outside the auditing company, and make sure there are strong penalties for any such action.
Audit Trigger Number 4: Size of Your Company in Relation to Payment
It seems Oracle will assess your size in terms of revenue, employees, information centricity (usually by region and industry) and estimate your appetite for consumption of Oracle products and services. Along with other factors such as their inside knowledge about your operating environment, global reach and place in the market, Oracle will make a determination (perceived or otherwise) about what you should be paying them, and if you are not paying them what they believe to be an acceptable amount, you may be in for a big audit surprise. We believe that if Oracle sees you paying considerably less in support relative to your peers, you should expect an audit.
Audit Trigger Number 5: Trolling for Published Metrics
Oracle has based many of its licensing estimates on news reporting outlets (financial and general), and will follow up on press releases, earnings announcements, and even general news stories. Any published items that talk about number of employees, financial results, or revenue announcements garner keen interest with the analysts at Oracle. For example, your company may announce $100M in revenue for a particular reporting period. If that is a higher revenue threshold than you are licensed for – you may be receiving an audit notice soon. Self-reporting? That of course is a trigger for a ‘true up’ and to not be penalized, you have to buy the incremental licenses before the trigger… Confused yet?
What to do if you get the letter.
Not surprisingly, we recommend the first thing you do is to call us. Even if we don’t engage to help you directly, a simple phone call can often save at a minimum, migraine headaches.
The second action item on your list would be to nail down from Oracle the ‘completion criteria’. You need to establish a ‘maximum date’ the audit will conclude. If you’ve ever received a letter form Oracle LMS, you may note that there is a timeline for engagement – but not for resolution. You may find yourself in a 14+ month audit with no wrongdoing found. But if you’ve not established a basis for closing the audit, it’s an open ended nightmare.
Oracle will drag an audit out in our opinion, just waiting to find something. We believe that they know their set up is so convoluted and misunderstood by most of their customers, that it’s only a matter of time before they find a compliance issue…so their mission is to just keep looking.
Certainly, you should heed the advice contained in these 5 Audit Trigger areas to lessen the risk of attracting attention from Oracle LMS, but clients that are professionally represented through the process of threatened and actual Oracle audits, and professionally manage their communications with Oracle LMS generally find that the audit actions take less time, are more limited in scope, and result in far less alleged compliancy fees. In addition, working with experts in this area can significantly reduce the stress, time and labor involved with facilitating such a demand, and results on average in a 33% reduction in these unplanned costs.
NET(net) developed a program for clients concerned about Oracle (and other supplier) audits called Audit Defense Armor (ADA). Clients interested in our ADA program can click here.
NET(net) has also written extensively on Oracle audit preparation. Clients concerned about how to prepare for an Oracle audit can download our Premium Content Whitepaper entitled, “Top 10 Ways to Defend Yourself from and Oracle Audit”, which is also found in this month’s newsletter.
NET(net) is a global disruptive industry force for good and has the experience you want, the expertise you need, and delivers the performance you demand to help you save money and improve value. NET(net) is the world’s only fully technology-enabled consultancy exclusively specializing in full service optimization of the technology supply chain, bringing clients and suppliers together to create winning markets and winning relationships.
We help clients:
Find Value in their professional supply chain through strategic sourcing efforts designed to align client need to supplier capabilities while leveraging our objective, evidenced based processes to deliver optimized supplier proposals.
Get Value in a custom marketplace created through bespoke supplier negotiation assistance, leveraging our federated market intelligence, resulting in strengthened contractual agreements and improved commercial arrangements.
Keep Value in their organization through proactive industry best strategic supplier performance management of the agreement, the investment and the relationship, resulting in more sustainable business partnerships designed to deliver long term sustainable business value.
With clients around the world in nearly all industries and geographies, and with the experience of tens of thousands of field engagements, we have helped our clients capture hundreds of billions of dollars of incremental value. Contact your NET(net) representative, email us at firstname.lastname@example.org, visit us online at www.netnetweb.com, or call us at +1-866-2-NET-net today to see if we can help you capture more value.
NET(net)’s Website/Blogs/Articles and other content is subject to NET(net)’s legal terms offered for general information purposes only, and while NET(net) may offer views and opinions regarding the subject matter, such views and opinions are not intended to malign or disparage any other company or other individual or group.