際際滷

際際滷Share a Scribd company logo

Class 6 - Audit Defense (2 of 2).pdf

Redress Compliance Limited
Redress Compliance Limited

The document provides guidance on preparing for and managing an Oracle license audit. It recommends appointing a single point of contact to control information flow during the audit. It also advises reviewing any audit findings for mistakes since the analysis is done manually. The document notes Oracle will typically provide 30 days to resolve any license violations before escalating the issue. It suggests understanding Oracle's willingness to negotiate on settlement amounts and benchmarking offers based on the type and severity of non-compliance issues found.

1 of 42
Download to read offline
Class 6: Oracle License Management License Audit Defense Training
Follow us on Linkedin Follow us on YouTube www.linkedin.com/company/oraclelicenseexpert/ www.youtube.com/c/redresscompliance.com/
How to PREPARE for the audit
Best Practices BEFORE AFTER AUDIT BE READY CREATE audit response team Gain experience and quick reaction times DEFINE audit policy, process steps and allocate responsibilities Know what to expect and who to turn to. CREATE your own audit process, with timelines Be ready to control the audit and auditor PREPARE NDA templates Specific NDA for audit, co-op with legal department CENTRALISE all purchasing and licensing documentation Easy access to the information MAKE internal license review Reduce risk, cost avoidance
How to DELAY the audit
BEFORE AFTER AUDIT Delay Tactics If not ready, DELAY We are in the middle of an IT roll-out. Officially, client should have 45 days written notice. This can be interpreted as 45 days between audit notification (letter) and the initial kick-off meeting. Oracle might ask for a meeting before that time is past. There are multiple ways to delay this meeting (some indicated in previous column). NO ACTUAL RISK IN DELAYING. Advantage in not delaying: We are in control of our Oracle licenses Well need to wait for legal department feedback This is the 3rd/4th audit this quarter Before meeting, we would like our NDA to be signed Person responsible is not available due to
BEFORE you meet with Oracle
BEFORE AFTER AUDIT Best Practices Understand your rights Audit clause in the contract? Audit clause part of the License agreement Full license entitlement Licenses, customer definition, territory in Oracle ordering document Customized clauses in the contracts? Knowing usage limitations, licensing deviations negotiated. Auditor might take standards as base for audit 45 days written notice You can reply to Oracle on day 45 The audit will not unreasonably interfere with your business operations. Are busy with something else?
Best Practices BEFORE AFTER AUDIT NDA You CAN negotiate the scope Limiting geographical, products Clearly describe the scope at the start So Oracle cannot state later we found another product Product scope Get a license entitlement list from the auditor, verify against internal data and the agreed limitations Agree on audit approach Which steps? Which data? How is this collected? By whom? How much effort required from your side? Start of the audit SCOPE
Best Practices Appoint a Single Point of Contact Spokesperson towards Oracle from that point on Absolutely NO other communication Nobody else speaks to Oracle (exception urgent support calls) SPOC BEFORE AFTER AUDIT Start of the audit
Exercise Your sales rep sends you an email asking you to fill in an OSW do you need to comply? Answer: A. Yes, vendor has the right to ask. ? ? ? B. No, only contractual obligation is to comply with a formal audit notification.
Exercise Which time of year are most Oracle audits initiated? Answer: A. Feb-May. ? ? ? B. In Oracle first 6 months (FY) June-Dec. So that they can close revenue in their FY.
Exercise What should you negotiate with Oracle before the audit start? Answer: A. NDA. ? ? ? B. NDA and scope of audit.
Exercise Why do you want to delay the audit kick off? Answer: A. Review any compliance issues. ? ? ? B. Because you are going to invest more in Oracle.
Exercise Why should you have one designated SPOC during audit? Answer: A. To control the information flow, in order to make sure correct information is shared with Oracle. ? ? ? B. You can have a team who all share information to Oracle.
What does ORACLE COMPLINCE POLICY state?
Oracle Compliance Policy Getting to License Compliance If Oracle Corporation identifies a license violation, it will provide written notification of the violation to the noncompliant organization and generally will allow thirty days for obtaining the appropriate licenses or otherwise correcting the violation. Oracle LMS and the commercial team will assist the customer or partner in obtaining the appropriate licenses for the desired use of the Oracle software programs. The license compliance shortfall may be corrected in one of the following ways: Through the purchase of sufficient licenses and associated support to cover the compliance shortfall. Backdated support may also be assessed for the period of unlicensed usage. If the customer removes the Oracle software, or reconfigures their hardware environment, a term license and associated support can be purchased to cover the period of unlicensed usage. 30 DAYS
Oracle Compliance Policy Oracle endeavours to resolve license compliance violations in a fair and accurate manner. If a business resolution cannot be obtained, the resolution will be escalated to the appropriate authority through Oracle's Legal department. Remedies open to Oracle include, but are not limited, to: Source: https://www.oracle.com/corporate/license-management-services/compliance.html Charging full list price for additional software licenses required to correct the license violation Charging technical support fees for the period of unlicensed use of the software Suspension of technical support service and software updates, where applicable Termination of the license agreement and associated licenses Cancellation of OPN status and sublicense rights
What you need to know about the audit report. Review the script analysis (often finding mistakes) Oracle always propose perpetual license when you can license with term Oracle always proposes worst case license model, never the most optimal. (CPU and not NUP) Never agree to the findings, unless you have done a proper review and are ready to sign a deal
Best practices negotiate audit settlements Understand what amount Oracle are willing to accept to drop changes Benchmark your settlement offer Our scale: Product missing / gaps Contractual non-compliance Policy violation (eg. VMware) Get a second opinion of the audit report Understand the severity of the audit charges Determine how severe your non-compliance is OUR ADVICE
Sales rep has 100% mandate to negotiate whatever resolution he/she thinks is appropriately. There is little management control over the process. You are dealing with 1 sales rep and often the managers dont know what is happening. 10 steps to close an Oracle License Audit: 06 Sales rep often wants to be the good guy but they have been often the person who started the audit. 08 However, its a sales and they know from colleagues at Oracle what is worst case and what is best case. 07 Sales rep meet and negotiate, they often ask for incredible amounts. They know they will never get this amount. 02 Shares report with sales rep and internal discussion on findings. 03 Oracle LMS sends out the report to the customer with sales reps on cc. 04 05 Sales rep usually after a week or two contact customer to find a resolution. 01 Oracle LMS finishes report. 10 Oracle LMS is only involved to make sure you are compliant after the audit is closed. 09 When a negotiation is done with the sales rep he/she has the right to void almost anything for whatever amount. And you can purchase anything to resolve the shortfall not only the products that you are missing.
Exercise Should you review the script analysis done by Oracle? Answer: A. No, its a waste of time. ? ? ? B. Yes, because this is done by manual work and when done manually, mistakes can happen.
Exercise How often are Oracle LMS reports incorrect? Answer: A. In almost every case. ? ? ? B. Rarely.
Exercise How are Oracle LMS reports incorrect? Answer: A. Only License findings (analysis). ? ? ? B. License findings and they assume worst case license model.
Exercise What should be your first step when reviewing the report? Answer: A. Confirm you have the report and agree to its findings. ? ? ? B. Dont agree with any findings and review licensing.
Exercise If you confirm Oracle analysis is correct (license gap), how can you minimize risk? Answer: A. Review usage (time and quantity of usage). ? ? ? B. Negotiate a good discount.
Exercise Which license model does Oracle LMS always propose settling any license gaps? Answer: A. Oracle proposes perpetual licenses when you can license by TERM. ? ? ? B. They propose CPU Licensing when you can license with NUP.
Exercise When negotiating the audit report, who at Oracle has mandate/power to settle? Answer: A. Oracle Sales. ? ? ? B. Oracle LMS.
Exercise Reviewing different compliance-issues which most difficult negotiate? Answer: A. Virtualisation. ? ? ? B. Missing products or counting CPU incorrectly.
Exercise Why is Oracle licensing with VMware scary? Answer: A. You need to license all physical hosts hundreds or thousands of physical cores when you only use single digits for Oracle. ? ? ? B. Oracle always proposes CPU licensing and perpetual licensing.
Exercise What is the best way to reduce fees due to VMware? Answer: A. SIGN A ULA. ? ? ? B. Oracle can only prove 1 year licensing. Buy 1 year term 80% license fee go down. Then license with NUP and you reduce by additional 50%.
5 COMMON COMPLIANCE ISSUES and how to deal with them
MISSING LICENSES users, named user plus, processor or anything else. What you should do: 1. Confirm that all information is correct. 2. Oracle have assumed worst case licensing, so explore other low cost license models. 3. Can you license with term licensing and reconfigure? SCENARIO 1 ORACLE WILL TO NEGOTIATE: LITTLE TO NONE
Oracle claims usage of non-licensed software. What you should do: 1. How many times you have used this software? 2. Depending on how many times you have used the software, there is room for negotiation. 3. Verify that Oracle is correct about this. 4. Confirm if you need software or not. If you dont need it, buy term usage and uninstall. SCENARIO 2 ORACLE WILL TO NEGOTIATE: SMALL This can be database options usage or that you have used a feature that is outside of what licenses you own. This can be that you have used a product a few times to hundred times. The difference in usage is very important.
You are compliant with all your products, but Oracle claims contractually you are not. It can be errors such as customer definition, territory or other limited use: What you should do: 1. Verify contracts to make sure Oracle is correct. 2. How important is the contract to you? Oracle will claim you need to purchase and if you care about contracts you will need to amend and pay. 3. Some companies are not forced to pay for this, while others are (how hard they fight back). SCENARIO 3 ORACLE WILL TO NEGOTIATE: STRONG
You are compliant when you count processors and users, but you had a limited use restriction in your contract. Oracle now says I have a license gap. What you should do: 1. Verify contracts to make sure Oracle is correct. 2. How long has the compliance issue existed? 1 year? 3. If it is 1 year, then you can ask Oracle to buy a 1-year license at 80% lower price. SCENARIO 4 ORACLE WILL TO NEGOTIATE: STRONG
We have used DB packs on SE DB, Oracle now claims we need EE licensing What you should do: 1. Understand if the usage happened within a specific time period. 2. If its a 1 year period, purchase 1-year license (80%), then solve audit. 3. What you negotiate here is the discount and the term of the licensing. SCENARIO 5 ORACLE WILL TO NEGOTIATE: SMALL
Closing the audit Make sure you get audit close letter when you make any commercial deal if needed. Negotiate a waiver for new audit for 2- 3 years CLOSE
Exercise You have an audit. If you only check one thing on licensing, what should you check? (Tech) Answer: A. Check for deployments on VMware. ? ? ? B. Check database options licensing.
Exercise You have an audit. If you only check one thing on licensing, what should you check? (Contracts) Answer: A. Technical Support. ? ? ? B. Customer definition, territory and limited use clauses.
Follow us on Linkedin Follow us on YouTube www.linkedin.com/company/oraclelicenseexpert/ www.youtube.com/c/redresscompliance.com/
Thanks for listening VISIT US

More Related Content

Class 6 - Audit Defense (2 of 2).pdf

  • 1. Class 6: Oracle License Management License Audit Defense Training
  • 2. Follow us on Linkedin Follow us on YouTube www.linkedin.com/company/oraclelicenseexpert/ www.youtube.com/c/redresscompliance.com/
  • 3. How to PREPARE for the audit
  • 4. Best Practices BEFORE AFTER AUDIT BE READY CREATE audit response team Gain experience and quick reaction times DEFINE audit policy, process steps and allocate responsibilities Know what to expect and who to turn to. CREATE your own audit process, with timelines Be ready to control the audit and auditor PREPARE NDA templates Specific NDA for audit, co-op with legal department CENTRALISE all purchasing and licensing documentation Easy access to the information MAKE internal license review Reduce risk, cost avoidance
  • 5. How to DELAY the audit
  • 6. BEFORE AFTER AUDIT Delay Tactics If not ready, DELAY We are in the middle of an IT roll-out. Officially, client should have 45 days written notice. This can be interpreted as 45 days between audit notification (letter) and the initial kick-off meeting. Oracle might ask for a meeting before that time is past. There are multiple ways to delay this meeting (some indicated in previous column). NO ACTUAL RISK IN DELAYING. Advantage in not delaying: We are in control of our Oracle licenses Well need to wait for legal department feedback This is the 3rd/4th audit this quarter Before meeting, we would like our NDA to be signed Person responsible is not available due to
  • 7. BEFORE you meet with Oracle
  • 8. BEFORE AFTER AUDIT Best Practices Understand your rights Audit clause in the contract? Audit clause part of the License agreement Full license entitlement Licenses, customer definition, territory in Oracle ordering document Customized clauses in the contracts? Knowing usage limitations, licensing deviations negotiated. Auditor might take standards as base for audit 45 days written notice You can reply to Oracle on day 45 The audit will not unreasonably interfere with your business operations. Are busy with something else?
  • 9. Best Practices BEFORE AFTER AUDIT NDA You CAN negotiate the scope Limiting geographical, products Clearly describe the scope at the start So Oracle cannot state later we found another product Product scope Get a license entitlement list from the auditor, verify against internal data and the agreed limitations Agree on audit approach Which steps? Which data? How is this collected? By whom? How much effort required from your side? Start of the audit SCOPE
  • 10. Best Practices Appoint a Single Point of Contact Spokesperson towards Oracle from that point on Absolutely NO other communication Nobody else speaks to Oracle (exception urgent support calls) SPOC BEFORE AFTER AUDIT Start of the audit
  • 11. Exercise Your sales rep sends you an email asking you to fill in an OSW do you need to comply? Answer: A. Yes, vendor has the right to ask. ? ? ? B. No, only contractual obligation is to comply with a formal audit notification.
  • 12. Exercise Which time of year are most Oracle audits initiated? Answer: A. Feb-May. ? ? ? B. In Oracle first 6 months (FY) June-Dec. So that they can close revenue in their FY.
  • 13. Exercise What should you negotiate with Oracle before the audit start? Answer: A. NDA. ? ? ? B. NDA and scope of audit.
  • 14. Exercise Why do you want to delay the audit kick off? Answer: A. Review any compliance issues. ? ? ? B. Because you are going to invest more in Oracle.
  • 15. Exercise Why should you have one designated SPOC during audit? Answer: A. To control the information flow, in order to make sure correct information is shared with Oracle. ? ? ? B. You can have a team who all share information to Oracle.
  • 16. What does ORACLE COMPLINCE POLICY state?
  • 17. Oracle Compliance Policy Getting to License Compliance If Oracle Corporation identifies a license violation, it will provide written notification of the violation to the noncompliant organization and generally will allow thirty days for obtaining the appropriate licenses or otherwise correcting the violation. Oracle LMS and the commercial team will assist the customer or partner in obtaining the appropriate licenses for the desired use of the Oracle software programs. The license compliance shortfall may be corrected in one of the following ways: Through the purchase of sufficient licenses and associated support to cover the compliance shortfall. Backdated support may also be assessed for the period of unlicensed usage. If the customer removes the Oracle software, or reconfigures their hardware environment, a term license and associated support can be purchased to cover the period of unlicensed usage. 30 DAYS
  • 18. Oracle Compliance Policy Oracle endeavours to resolve license compliance violations in a fair and accurate manner. If a business resolution cannot be obtained, the resolution will be escalated to the appropriate authority through Oracle's Legal department. Remedies open to Oracle include, but are not limited, to: Source: https://www.oracle.com/corporate/license-management-services/compliance.html Charging full list price for additional software licenses required to correct the license violation Charging technical support fees for the period of unlicensed use of the software Suspension of technical support service and software updates, where applicable Termination of the license agreement and associated licenses Cancellation of OPN status and sublicense rights
  • 19. What you need to know about the audit report. Review the script analysis (often finding mistakes) Oracle always propose perpetual license when you can license with term Oracle always proposes worst case license model, never the most optimal. (CPU and not NUP) Never agree to the findings, unless you have done a proper review and are ready to sign a deal
  • 20. Best practices negotiate audit settlements Understand what amount Oracle are willing to accept to drop changes Benchmark your settlement offer Our scale: Product missing / gaps Contractual non-compliance Policy violation (eg. VMware) Get a second opinion of the audit report Understand the severity of the audit charges Determine how severe your non-compliance is OUR ADVICE
  • 21. Sales rep has 100% mandate to negotiate whatever resolution he/she thinks is appropriately. There is little management control over the process. You are dealing with 1 sales rep and often the managers dont know what is happening. 10 steps to close an Oracle License Audit: 06 Sales rep often wants to be the good guy but they have been often the person who started the audit. 08 However, its a sales and they know from colleagues at Oracle what is worst case and what is best case. 07 Sales rep meet and negotiate, they often ask for incredible amounts. They know they will never get this amount. 02 Shares report with sales rep and internal discussion on findings. 03 Oracle LMS sends out the report to the customer with sales reps on cc. 04 05 Sales rep usually after a week or two contact customer to find a resolution. 01 Oracle LMS finishes report. 10 Oracle LMS is only involved to make sure you are compliant after the audit is closed. 09 When a negotiation is done with the sales rep he/she has the right to void almost anything for whatever amount. And you can purchase anything to resolve the shortfall not only the products that you are missing.
  • 22. Exercise Should you review the script analysis done by Oracle? Answer: A. No, its a waste of time. ? ? ? B. Yes, because this is done by manual work and when done manually, mistakes can happen.
  • 23. Exercise How often are Oracle LMS reports incorrect? Answer: A. In almost every case. ? ? ? B. Rarely.
  • 24. Exercise How are Oracle LMS reports incorrect? Answer: A. Only License findings (analysis). ? ? ? B. License findings and they assume worst case license model.
  • 25. Exercise What should be your first step when reviewing the report? Answer: A. Confirm you have the report and agree to its findings. ? ? ? B. Dont agree with any findings and review licensing.
  • 26. Exercise If you confirm Oracle analysis is correct (license gap), how can you minimize risk? Answer: A. Review usage (time and quantity of usage). ? ? ? B. Negotiate a good discount.
  • 27. Exercise Which license model does Oracle LMS always propose settling any license gaps? Answer: A. Oracle proposes perpetual licenses when you can license by TERM. ? ? ? B. They propose CPU Licensing when you can license with NUP.
  • 28. Exercise When negotiating the audit report, who at Oracle has mandate/power to settle? Answer: A. Oracle Sales. ? ? ? B. Oracle LMS.
  • 29. Exercise Reviewing different compliance-issues which most difficult negotiate? Answer: A. Virtualisation. ? ? ? B. Missing products or counting CPU incorrectly.
  • 30. Exercise Why is Oracle licensing with VMware scary? Answer: A. You need to license all physical hosts hundreds or thousands of physical cores when you only use single digits for Oracle. ? ? ? B. Oracle always proposes CPU licensing and perpetual licensing.
  • 31. Exercise What is the best way to reduce fees due to VMware? Answer: A. SIGN A ULA. ? ? ? B. Oracle can only prove 1 year licensing. Buy 1 year term 80% license fee go down. Then license with NUP and you reduce by additional 50%.
  • 32. 5 COMMON COMPLIANCE ISSUES and how to deal with them
  • 33. MISSING LICENSES users, named user plus, processor or anything else. What you should do: 1. Confirm that all information is correct. 2. Oracle have assumed worst case licensing, so explore other low cost license models. 3. Can you license with term licensing and reconfigure? SCENARIO 1 ORACLE WILL TO NEGOTIATE: LITTLE TO NONE
  • 34. Oracle claims usage of non-licensed software. What you should do: 1. How many times you have used this software? 2. Depending on how many times you have used the software, there is room for negotiation. 3. Verify that Oracle is correct about this. 4. Confirm if you need software or not. If you dont need it, buy term usage and uninstall. SCENARIO 2 ORACLE WILL TO NEGOTIATE: SMALL This can be database options usage or that you have used a feature that is outside of what licenses you own. This can be that you have used a product a few times to hundred times. The difference in usage is very important.
  • 35. You are compliant with all your products, but Oracle claims contractually you are not. It can be errors such as customer definition, territory or other limited use: What you should do: 1. Verify contracts to make sure Oracle is correct. 2. How important is the contract to you? Oracle will claim you need to purchase and if you care about contracts you will need to amend and pay. 3. Some companies are not forced to pay for this, while others are (how hard they fight back). SCENARIO 3 ORACLE WILL TO NEGOTIATE: STRONG
  • 36. You are compliant when you count processors and users, but you had a limited use restriction in your contract. Oracle now says I have a license gap. What you should do: 1. Verify contracts to make sure Oracle is correct. 2. How long has the compliance issue existed? 1 year? 3. If it is 1 year, then you can ask Oracle to buy a 1-year license at 80% lower price. SCENARIO 4 ORACLE WILL TO NEGOTIATE: STRONG
  • 37. We have used DB packs on SE DB, Oracle now claims we need EE licensing What you should do: 1. Understand if the usage happened within a specific time period. 2. If its a 1 year period, purchase 1-year license (80%), then solve audit. 3. What you negotiate here is the discount and the term of the licensing. SCENARIO 5 ORACLE WILL TO NEGOTIATE: SMALL
  • 38. Closing the audit Make sure you get audit close letter when you make any commercial deal if needed. Negotiate a waiver for new audit for 2- 3 years CLOSE
  • 39. Exercise You have an audit. If you only check one thing on licensing, what should you check? (Tech) Answer: A. Check for deployments on VMware. ? ? ? B. Check database options licensing.
  • 40. Exercise You have an audit. If you only check one thing on licensing, what should you check? (Contracts) Answer: A. Technical Support. ? ? ? B. Customer definition, territory and limited use clauses.
  • 41. Follow us on Linkedin Follow us on YouTube www.linkedin.com/company/oraclelicenseexpert/ www.youtube.com/c/redresscompliance.com/