22 Oracle License Audit Secrets Every CIO and Procurement Leader Must Know

The Truth About Oracle Audits

Oracle's audit programme, conducted by its Global Licensing and Advisory Services (GLAS) team (formerly License Management Services, or LMS), is one of the most systematic software audit operations in the enterprise software industry. Oracle audits approximately 2,000 to 3,000 enterprise customers per year, and the average settlement value for audits involving Oracle Database is several million dollars. This is not a coincidence — it is the result of Oracle's audit methodology being carefully designed to produce maximum revenue from each engagement.

Understanding how the process works is the first step to defending your organisation effectively. Each of the 22 secrets below provides a specific insight into Oracle's approach or a specific action your team should take.

Secrets 1–7: Understanding How Oracle Selects and Times Audits

Secret 1: Oracle Audits Are Not Random

Oracle uses multiple data sources to select audit targets. These include support renewal history (lapsed support or large footprint reductions trigger interest), publicly available information such as annual reports and LinkedIn headcount data, intelligence gathered by Oracle account teams during sales conversations, signals from Oracle's telemetry products (Oracle Management Cloud, Enterprise Manager), and information from M&A announcements. Organisations that believe they are unlikely to be audited because they are "compliant" often discover the audit was triggered by a signal they were unaware of.

Secret 2: Oracle's Q4 Is Your Negotiating Window

Oracle's fiscal year ends on 31 May. Q4 runs from March through May. During Q4, Oracle's sales and GLAS teams are under intense pressure to close revenue. Audit settlements that have been stalling for months suddenly become negotiable in March. Oracle's account teams have more authority to approve discounts and flexible settlement structures in Q4 than at any other time of year. If your audit is in progress, deliberately slow the process to reach settlement discussions in March or April. If you are initiating a proactive Oracle negotiation, Q4 is the optimal window.

Secret 3: The Audit Letter Triggers Your Contractual Clock

Oracle's Master Agreement gives you 45 days to respond to an audit notification. Oracle's GLAS team routinely calls within days of the letter to schedule an introductory meeting, creating implicit pressure to engage immediately. Do not confuse urgency with obligation. Acknowledge receipt of the letter, confirm you are reviewing the request with your legal and licensing advisers, and invoke your 45-day window. Use this period to assemble your team and conduct your own internal assessment before sharing any data with Oracle.

Secret 4: Oracle Uses Its Own Scripts to Find Problems

The Oracle LMS collection scripts — now branded as GLAS collection tools — are designed to identify the broadest possible scope of Oracle software usage. They do not distinguish between production and non-production environments by default, they count all processors on virtualised hosts unless hard partitioning is in place, and they report all enabled database options regardless of whether they are in active use. Running Oracle's scripts unreviewed and submitting the raw output to Oracle's audit team almost always produces an inflated compliance gap.

Secret 5: Oracle's Scripts Have Errors

Oracle's collection scripts, despite years of refinement, contain errors that produce over-counting in specific configurations. Known issues include incorrect processor counting on certain hardware architectures, misidentification of OpenJDK as Oracle JDK, over-counting database options that were installed but later disabled, and incorrect RAC node counting where some nodes have different configurations. Every output from Oracle's scripts should be independently verified before being accepted as the compliance baseline.

Secret 6: Oracle Targets Specific Technical Configurations

Oracle's audit teams have specific technical focus areas that change by year based on where Oracle has identified the greatest unresolved compliance exposure. In recent years, the primary focus areas have been: virtualisation (VMware clusters where Oracle workloads are not hard-partitioned), Java under the new enterprise-wide metric (post-2023), database options enabled but not separately licensed (Diagnostic Pack, Tuning Pack via Enterprise Manager), and cloud licensing (OCI, Azure, AWS with Oracle BYOL deployments). Knowing Oracle's current focus areas allows you to conduct targeted pre-audit remediation.

Secret 7: Oracle Monitors Your Oracle Support Portal Activity

Every support request submitted through My Oracle Support (MOS) creates a record of what Oracle products you are using and how you are using them. Oracle's GLAS team has access to this data. If your support tickets reference products or options not covered by your current licences, or if ticket volumes suggest usage inconsistent with your licensed quantities, Oracle may use this data to initiate or inform an audit. Ensure that support tickets only reference products covered by your licences, and that service requests are raised only for licensed deployments.

Secrets 8–14: Managing the Audit Process

Secret 8: Never Submit Oracle's Scripts Without Independent Review

If Oracle requests that you run their collection scripts, agree in principle but insist on reviewing the output before submission. Have an independent Oracle licensing expert review the raw script output and annotate any items that appear incorrect, overcounted, or subject to legitimate dispute. Submit the reviewed output, not the raw output. Your covering letter should note any items you are disputing and the basis for the dispute.

Secret 9: Run Your Own Discovery First

Before Oracle runs any scripts in your environment, run your own discovery using your ITAM tooling or Oracle's scripts in read-only mode. Your own discovery gives you the baseline: what Oracle software is deployed, where, at what version, with which options enabled. This baseline is your negotiating foundation. Oracle cannot present a compliance gap without your baseline showing where the gap actually lies.

Secret 10: Separate Production from Non-Production

Oracle's standard licence terms require production licences for production environments. Non-production use (development, test, disaster recovery under specific rules) may qualify for reduced or free licensing depending on the product and agreement. Oracle's collection scripts do not separate production from non-production by default. Ensure your discovery output is explicitly annotated with environment type, and present this annotation as part of your compliance response. A significant proportion of Oracle's initial compliance claims are reduced when production scope is correctly identified.

Secret 11: Virtualisation Is Oracle's Most Productive Audit Area

Oracle's licensing policy for virtualised environments (VMware, Hyper-V, KVM) requires licensing all physical processors in a cluster that could run Oracle workloads, unless Oracle-approved hard partitioning (such as Oracle VM, LPAR on IBM Power, or Solaris Zones) is in place. This policy is the single largest source of Oracle audit exposure in enterprise environments. If your Oracle databases run on VMware without hard partitioning, Oracle will assert that all processors in the VMware cluster must be licensed — regardless of how many VMs are allocated to Oracle. This is technically the most defensible area for negotiation, but also the area where Oracle is most aggressive.

Secret 12: Oracle's Initial Findings Are an Opening Position

When Oracle presents preliminary audit findings, they present them at list price, for the maximum scope they can assert, with the maximum retroactive support period. This is intentional. Oracle's preliminary findings are designed to anchor the negotiation at a high number. Do not treat the preliminary findings as Oracle's final position, do not panic, and do not make any payment or commitment based on preliminary findings. The formal findings are the starting point for negotiation, not the conclusion.

Secret 13: Every Error in Oracle's Findings Is Leverage

Challenge every item in Oracle's findings that you can dispute with evidence. If Oracle has miscounted processors, documented the error. If Oracle has included development environment licences in the production count, document the environment classification. If Oracle's scripts identified features as enabled that were actually disabled at the time of measurement, document the configuration. Every error you identify reduces Oracle's claimed gap and demonstrates that their methodology is unreliable — which puts pressure on Oracle to settle at a more realistic figure rather than risk a forensic review of their entire approach.

Secret 14: Legal Review Is Not Optional

Oracle audit agreements — including the right to audit clause in the Oracle Master Agreement, the scope of what Oracle can request, and what you are obligated to provide — require qualified legal review. Do not agree to audit scope extensions, third-party auditor access, or additional discovery requests without your legal team reviewing the request against the terms of your Master Agreement. Oracle sometimes requests access beyond what the contract permits, and organisations that comply without legal review give Oracle information they were not contractually entitled to receive.

Secrets 15–22: Negotiation and Settlement Strategy

Secret 15: Never Negotiate from Oracle's Number

Oracle's audit settlement negotiation begins from Oracle's preliminary findings figure, which is deliberately set high. Organisations that counter-propose against Oracle's figure are accepting Oracle's framework for the negotiation. Instead, present your own independently calculated compliance position — the gap as you calculate it, at negotiated (not list) price — and negotiate from that baseline. This reframes the negotiation around your number, not Oracle's.

Secret 16: Oracle's Sales Team Is a Separate Lever

Oracle's GLAS team and Oracle's account sales team operate on different commercial incentives. GLAS wants to close the audit at the highest settlement value. The account sales team wants to maintain or grow the commercial relationship and close the current fiscal year's number. In many cases, escalating audit conversations to the sales account team — framing the audit resolution as a commercial opportunity rather than a compliance matter — produces better outcomes than negotiating purely with GLAS. Oracle's account team has authority to structure settlement as a commercial transaction (new licence purchase at a discount, for example) rather than a back-support payment.

Secret 17: Cloud Migration Is an Oracle Settlement Tool

Oracle is highly motivated to migrate on-premises workloads to Oracle Cloud Infrastructure (OCI). In many audit settlements, Oracle will accept a reduced settlement amount in exchange for a commitment to migrate a specific workload to OCI on a defined timeline. For organisations that were already planning OCI migration, this represents a double benefit: the audit claim is reduced, and the OCI commitment is structured at a discount. For organisations that were not planning OCI migration, the economics need careful analysis — an unwanted OCI commitment may cost more than the settlement reduction it provides.

Secret 18: Support-Only Settlements Are Possible

Oracle's preferred settlement structure is a new licence purchase to cover the compliance gap, plus backdated support for the unlicensed period. However, Oracle will sometimes accept support-only settlements — where the customer pays backdated support without purchasing additional perpetual licences — in exchange for a commitment to decommission the unlicensed deployment within a defined period. For organisations that have already planned or executed decommissions, this structure can substantially reduce the settlement cost.

Secret 19: Oracle's Audit Timeline Is a Tactic

Oracle creates artificial urgency throughout the audit process: "We need the scripts submitted by Friday," "The quarter closes at the end of the month," "My manager needs this resolved before our review." None of these deadlines are contractual. Oracle's contractual audit rights have specific timelines for compliance notification and response, but the internal deadlines Oracle imposes are commercial pressure tactics. Acknowledge the deadline, confirm you are working on your response, and do not allow artificial urgency to compromise your analysis or negotiation position.

Secret 20: Engage Expert Support Before the First Conversation

The first conversation with Oracle's GLAS team sets the tone for the entire audit. Organisations that engage without preparation reveal information about their environment, their level of compliance sophistication, and their appetite for resolution that Oracle's team uses to calibrate their approach. Expert support — from an independent Oracle licensing adviser who has no commercial relationship with Oracle — should be engaged before the first conversation, not after Oracle has already anchored the negotiation.

Secret 21: Document Everything in Writing

Every conversation with Oracle's audit team should be followed by a written summary of what was discussed, what was agreed, and what the next steps are. Oracle's GLAS team does not always provide written summaries of verbal conversations, and verbal agreements are not binding. Sending a written summary after each call creates a contemporaneous record that protects your position if Oracle later changes its stated position.

Secret 22: The Best Audit Defence Is Continuous Compliance Management

Every enterprise that has gone through an Oracle audit and settled has discovered the same truth: the cost of settling the audit far exceeds the cost of maintaining compliance proactively. Proactive compliance management — quarterly licence position reviews, change management controls for new Oracle deployments, annual harvesting programmes to remove unused licences, and regular ITAM discovery — eliminates the conditions that create audit exposure. Oracle still audits compliant customers, but the audit letter becomes a minor administrative event rather than a multi-million-dollar commercial crisis. The investment in proactive Oracle compliance management is the highest-return Oracle advisory activity available.

One frequently overlooked dimension of audit settlements is Oracle's 8% annual support fee escalation. When a settlement includes backdated licence fees, Oracle applies its standard 22% annual support charge on those licences — and that support base then escalates at 8% per year compounding going forward. A £500,000 licence settlement today can translate to £700,000 or more in support obligations over five years. Proactive compliance management stops this compounding liability before it starts.