Oracle is targeting the local subsidiaries of multi-national companies, potentially resulting in firms being double-billed for its offerings, according to the Campaign for Clear Licensing (CCL).
The move is perceived by the CCL and its forum users as a potential tactic by Oracle to catch out subsidiaries, since a local entity will be less prepared for an audit than its headquarters.
Since many organisations use international Oracle licences for various subsidiaries, this could also result in Oracle double-billing its customers, claimed the campaign.
A software audit reviews the software products and processes of an organisation, alongside its compliance around specifications and contractual agreements.
Martin Thompson, founder of the CCL, and the editor of online community ITAM Review, told CRN that an audit defence strategy is only as strong as a firm’s weakest subsidiary.
“This opportunistic activity by Oracle is akin to asking Dad when Mum says no. Loose lips on infrastructure revealed to Oracle reps in a subsidiary or country office can completely undermine an otherwise robust audit castle in the headquarters,” he said.
“A good software audit risk plan would include a strategy for dealing with such requests, [such as] deflecting them to headquarters, and a solid communications plan to make local teams aware of the risk.”
Thompson explained that this is not a new practice and Oracle is not the only vendor doing it.
“Oracle is looking around for revenue and for non-compliance by people not licensing their products properly. However, a modern audit is about pre-sales and a way of beginning a dialogue. If they find a shortfall they can then build a solution to resolve that shortfall,” he said.
“Lots of software publishers will use the big four [accounting firms] to do the audits on their behalf, but Oracle does them directly with a dedicated team called Oracle License Management Services (LMS) which is about 500-strong, which is an indicator by itself.”
Oracle’s LMS claims it is a “global team of licensing experts and consultants that works closely with customers and partners to help them extract the full value from their Oracle investments”.
However, the ITAM Review forum has featured insights from firms calling into question the motivations behind Oracle’s audit practices.
“All the big audit players will attempt this, so I’ve always communicated very clearly to any subsidiaries that if they are approached for an audit they need to bring it to group immediately so we can decide how to deal with it,” said ITAM Intelligence’s Kylie Fowler.
Ian Fischer from Insight agreed with Fowler’s comments, suggesting that firms need to control all audit activity centrally.
“Communicate to all businesses in all countries that, if they are approached by a vendor or third party regarding audit or licence review activity to direct all questions to your central SAM [software asset management] team who can then co-ordinate,” said Fischer.
“If you have global agreements covering global entitlement, then an audit in one country or region is of no value to the vendor. Audits need to work within the scope of any agreement.”
Ryan Bendana of Palisade Compliance commented: “If your organisation is a separate legal operating entity with its own licence agreements, Oracle can and will audit that entity regardless of whether that entity is a subsidiary of a multi-national company for a multitude of reasons (namely, sales is not driving enough business, there is a lack of communication between that entity and Oracle, etc).”
It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!