MetrixData360 Logo DeepBlue
MetrixData360 Logo DeepBlue 1 e1685995458467

Category: Audit Preparation

What You Need to Know About Oracle Java License Audits

Posted on by Hailey Austin

Understanding Oracle’s Java Licensing Policies

 

If you are a business or organization using Oracle Java in your operations, it’s crucial to be aware of Oracle’s policies on Java licensing. Recently, there has been a significant uptick in Oracle sales teams approaching companies and asking for use data around Oracle Java. These requests are often an Oracle Java license audit in disguise or quickly turn into an audit when the results aren’t favorable to the sales rep.

 

What is an Oracle Java License Audit?

 

An Oracle Java license audit is a review of your organization’s use of Oracle Java to ensure that you comply with the terms and conditions of your Java license. This may include examining your organization’s Java usage, including the number of users, the types of applications being run, and the number of Java-based servers being used.

 

Why Might Oracle Conduct a Java License Audit?

 

There are several reasons why Oracle might choose to conduct a Java license audit. These could include:

 

  • Your organization has never purchased Java licenses
  • Oracle sees downloads of Java, but no purchases associated with your account
  • Ensuring that you are using Oracle Java following the terms of your license
  • Verifying that you have the appropriate number of Java licenses for the number of users and servers in your organization
  • Detecting unauthorized use of Oracle Java
  • Identifying opportunities to upsell additional Java licenses or support
  • What to Expect During an Oracle Java License Audit

 

If Oracle decides to conduct a Java license audit of your organization, you will receive a letter or email from Oracle requesting information about your Java usage. This may include a request for documentation such as inventory lists, user counts, and application lists. Alternatively, an Oracle salesperson may contact you to request the same type of audit information. Be aware that this is essentially an Oracle Java license audit in disguise.

 

Oracle may also request deployment data to review your Java infrastructure and usage. It’s important to note that even if they say it’s a simple process, the audit process can take several months to complete.

 

How to Prepare for an Oracle Java License Audit

 

To prepare for an Oracle Java license audit, it’s crucial to clearly understand your organization’s Java usage and the terms and conditions of your Oracle Java license. Here are a few steps you can take:

 

  • Review Oracle Java licensing rules to understand the terms and conditions of your usage.
  • Conduct an inventory of your Java usage, including the number of users, the types of applications being run, and the number of Java-based servers being used.
  • Make sure you have the appropriate number of Java licenses for your organization’s usage.
  • Keep documentation of your Java usage and licenses organized and readily accessible.

 

What Happens if You Are Found Non-Compliant During an Oracle Java License Audit?

 

Suppose Oracle finds that your organization needs to comply with the terms and conditions of your Java license during an audit. In that case, you may be required to purchase additional licenses or pay for any unauthorized usage. In some cases, Oracle may choose to terminate your Java license entirely.

 

To avoid these potential consequences, it’s crucial to stay up to date on your Oracle Java license’s terms and ensure that your organization complies. This may involve purchasing additional licenses as needed or making changes to your Java usage to align with the terms and conditions of your license.

 

Oracle Java license audits are common for businesses and organizations using Oracle Java. By understanding the audit process and taking steps to ensure compliance with your license, you can minimize the risk of any issues arising during an audit.

How to Tackle an Oracle Java Audit

Posted on by Hailey Austin

Mastering Oracle Java Audit – Expert Tips and Guidance

 

As the digital world continues to evolve rapidly, now more than ever, companies of all sizes need to be up to date with their Oracle Java licensing and software agreements. Contracts regarding Java can be notoriously difficult, time-consuming, and complicated – a task that many organizations are ill-equipped to manage on their own. Faced with challenges such as getting access to the right people in the company, understanding the contract terms and duties it holds, determining where discrepancies exist, or even knowing what licenses they have isn’t easy. 

 

That’s why a smart and strategic approach is required when it comes to tackling an Oracle Java audit. The nightmare of an Oracle Java audit does not have to be overwhelming. Prepare for success by making sure you have an in-depth understanding of these audits and follow the strategic steps discussed below.

Oracle Licensing Audits Explained

 

If you are in the process of acquiring an Oracle license, it’s important to understand what will be audited and what is expected of you. Oracle license audits carefully review your provisioning, deployment, usage, and configuration data to ensure compliance with licensing requirements. You should be aware that the audit covered the past 12 months, so all systems need to be licensed correctly and kept up-to-date on an ongoing basis. Any discrepancies found must also be addressed as part of the audit process.

 

Expert knowledge of Oracle licensing and OpenJDK terms and conditions is essential if you want to ensure your organization stays compliant. It’s also important to have a reliable record of each cycle of usage or application changes available throughout the auditing period. Taking the time to get informed about the processes involved helps managers successfully prepare for an effective examination by Oracle license auditors. The following three steps can further pave the way for a stress-free audit.

Step 1 – Locate Your Oracle Installations

 

The first step is to locate every Oracle installation. Even if they aren’t in active use, they might still need a license. And even if they don’t require one, you’ll need an accurate inventory of installations to track usage adequately. Oracle provides you with the ability to run certain proprietary scripts for this purpose, but using an Oracle-verified discovery and inventory tool is often the safest and most reliable option. 

 

Step 2 – Determine Your Oracle Compliance

 

Maintaining Oracle compliance can be a complex task, but understanding your obligations to the company is a crucial first step. Gathering detailed and specific data about your Oracle environment is key in order to compare it to necessary specifications and accurately determine areas of non-compliance. 

 

Although Oracle does provide scripts for this purpose, it is strongly recommended that you look into using an Oracle-verified tool instead. Relying on standard discovery tools or spreadsheets alone may not give you the comfort level needed to assume that all gaps have been covered. Using an Oracle-verified tool will help cover you in those instances where manual tracking may fail.

Step 3 – Make Use of Additional Audit Tips

In today’s complex Oracle-driven environment, organizations need to be extra diligent when it comes to licensing. An effective tool for this purpose is an Oracle license management tool. This powerful software helps you stay compliant by alerting you when features, packs, and options are activated, allowing you to determine why they were engaged in the first place. This means that should a license audit occur, you can provide evidence of why any additional licenses aren’t needed, helping you avoid unnecessary costs or penalties. 

Conclusion 

Staying on top of Oracle licensing terms and conditions, as well as having the necessary documentation available throughout auditing in Java, is essential for compliance success. The best way to achieve this is by educating yourself with expert knowledge so you are prepared for any potential audit. Once you understand the process, there are three simple steps you can take to ensure a smooth experience: maintain organized records that document Oracle installation usage patterns, identify gaps in Oracle compliance, and, finally, leverage effective Oracle licensing management tools. By taking these preliminary steps, you will set yourself up for a stress-free audit and have greater confidence that your organization’s compliance goals will be achieved.

What are Software Audits, and Why Are They On The Rise?

Posted on by Hailey Austin

Recent years have seen an uptick in software audits, with more companies being asked to provide evidence of licensing compliance. This is largely due to the fact that organizations are now using more software than ever before, with an increasing number of employees working remotely.

Watchdog groups like the Business Software Alliance (BSA) and the Federation of Software Theft (FAST) serve the sole purpose of ensuring the protection of software vendors’ intellectual property. These groups and software vendors are dedicated to discovering and auditing non-compliant organizations every single day with little to no notice. According to Gartner, the likelihood of an assessment for a medium to a large firm over the next two years is predicted to be 40%, which is expected to rise by 20% annually.

But why do software vendors act in this manner? 

Simply put, the main motivator is money. Revenue from software sales fell when the American economy saw a downturn and software expenditures were slashed. Software vendors were forced to hunt for alternative income sources when these profits started to decline. Audit fines and penalties of several hundred thousand dollars to even millions of dollars appeared as lucrative options for these vendors. According to the BSA, 25% of businesses that operate in the US are non-compliant in some way, costing software vendors an estimated $6 billion in the loss. 

 

What is a Software Audit?

A software audit is an assessment of a company’s compliance with software licensing agreements. Organizations that use pirated or unlicensed software can be subject to expensive penalties, including fines and damages. In some cases, they may even be required to forfeit their business’ computers and other equipment. 

 

How Do Organizations Fall Out of Compliance?

 The truth is that conformity is not simple. It involves more than just purchasing adequate licenses. Even techies typically struggle to completely comprehend software licensing laws because they are so sophisticated, and even when they do, modifications to the regulations occur so often that it is challenging to stay up to date. 

Most businesses lose their ability to comply with the rules when they lack proper record keeping and miscomprehend software usage rights. Both parameters are equally crucial to stay in compliance. The first approach is to have clear visibility into your integrated software usage. In the unfortunate case of your company being audited, this can be an added benefit because you will be able to provide records immediately and demonstrate your good faith efforts to adhere to the regulations.

Furthermore, it’s crucial to have an attorney or specialist who excels in contract negotiations. They can elaborate to you how you can lawfully utilize your software, saving you from involuntary non-compliance. Avoid attempting to resolve this on your own, as it is easy to misinterpret or fail to notice crucial facets of software use terms and conditions. For instance, there have been instances where a business has expanded internationally and had staff members using software in other countries. They believed this was acceptable since they had many licenses, but since those licenses were only intended for use in the United States, they were in violation without even recognizing it. 

 

How to Lower Your Risk of Being Audited

  1. Exhibit a Sound Understanding to the Software Auditors 

To show that you have a good grasp of your software agreements, it is crucial that you respond to any inquiries the auditors pose in an efficient and thorough manner. In order to achieve this, you’ll need a workforce in control of the project, a SAM solution in place to oversee your software inheritance, and frequent internal audit findings to get a complete picture of your software assets utilization. 

This is especially true if your business has just undergone a merger or acquisition or if it is a large corporation with numerous branches. Such circumstances will make you prone to disorganization, which in turn raises the possibility of overlooking factors important for compliance.

  1. Stay Prepared

Inform your staff on the importance of software asset management, and prepare a defense plan in case a software inspection occurs. Even if a software audit is conducted, a quick assessment with a few fines will show the software provider that you are not an easy catch. Preparing includes having your licenses in order, appointing a specific person to oversee your company’s software audit, and having an audit defense strategy in place. Knowing what to do will ensure that every software audit of your company proceeds without incident and with the least amount of damage possible.

  1. Be aware of your Software Architecture

Establish an efficient asset life cycle, along with a streamlined procedure to purchase and retire software resources to keep a close check on them. Failure to do this can lead to the acquisition of numerous unnecessary licenses, which quietly drain the company’s IT budget. Keep track of what licenses you have and how many licenses you need so that you can stay compliant. Additionally, make sure that only authorized users have access to your organization’s software. Implement user controls and set up alerts so that you can immediately spot any unauthorized access or usage. 

Often, the majority of software audits search in the company’s Active Directory (AD) to assess compliance. A company’s AD contains all devices and accounts—not just those that are currently in use—that have ever used their software resources. There will be ex-employees in your Active Directory, along with devices that have been gathering dust in the company’s store, and the auditors will claim that each of these entities needs a license.

 

Conclusion 

Monitoring your software resources will cost much less than having them audited. In addition to achieving compliance, successfully managing your software and how they are used also ensure that your software resources are used to their full potential. You may delete shelfware and restructure your agreements to ensure that every software program you have is being successfully utilized. Efficient asset administration has no drawbacks because the added administrative costs will eventually result in equal cost reductions. By making sure all of your organization’s software is properly licensed and keeping track of who is using it and when, you can help your company avoid costly penalties associated with non-compliance.

Getting Ready for a Microsoft True-Up

Posted on by Ben Tight

Your annual Microsoft true-up is approaching. You’ve used Microsoft products throughout the year and now the anniversary of your purchase is drawing near and it’s time to pay for anything that is net-new or to accommodate for any growth that your company has seen. Time to dust off your Microsoft true-up process once again. You do have one of those, right?

Your Microsoft True-Up Process

If you’re one of the many businesses with a Microsoft Enterprise Agreement, then you will need to have everything organized at least 30 to 60 days before your true-up date. But how do you go about gathering all the information you need?

How do you even begin to get ready for your Microsoft True-Up?  

At MetrixData 360, we have helped our clients get through countless Microsoft True-ups in one piece and want to share with you what to expect and how to prepare. 

Download our complimentary Microsoft True-Up guide:



Microsoft Enterprise Agreements: The Basics

Having an Enterprise Agreement (EA) comes with many delightful advantages, namely it provides tempting pricing, discounts, and added benefits for your IT infrastructure.

The agreement also provides flexibility. Instead of grinding your business’s growth to a screeching halt every time you need to buy new licenses, you simply add any changes to your technological landscape to your tab, so to speak, and your true-up is then adjusted to account for any software you’ve used over the previous year.

However, the agreement is not without its faults. For instance, EAs are one of the more complex agreements Microsoft offers. They require high up-front payments and, while it is easy to scale up, you’ll find it will be quite painful to reduce any of your subscriptions.

What Type of Products are Part of Your Microsoft True-Up?

There are four different types of products that are a part of your EA true-ups. The type of product you have determines your rights and limitations during the true-up.

Enterprise

If the sum of the products in your true-up can be classified as Enterprise, it means that the products fall under the definition for Qualified Device (in the case of Enterprise Products) or Qualified User (In the case of Enterprise Online Services).

For this reason, you need to license all of your Enterprise Products by devices or all your Enterprise Online Services by users as Microsoft defines Qualified Device or Qualified User.

The only way you can get out of licensing your enterprise products this way is by exempting them in a legally sound way. The Enterprise Agreement allows you to purchase products that are counted only at the time that the true-up order is placed, which can be worked to your advantage.

On your Customer Price Sheet (CSP), which is a list of the products that are in your EA along with your discounted prices, if you have any, the Enterprise products will be listed at the top, followed by the Enterprise Online Services.

  • Enterprise Products: More traditional products, such as Office Pro, Core CAL, Windows Desktop OS.
  • Enterprise Online Services: Online services such as Office 365 E1, E3, E5, SCE E3/5, SPE E3/5

Additional Products

This is Microsoft’s little wild card that we have seen clients struggle to compensate for.

The nature of the EA is that you can add additional licenses to your agreement quickly and easily, and you will simply have to pay for any additional licenses that you have acquired over the year at your true-up.

This kind of setup encourages a mindset where you only need to worry about your licensing count when your true-up date approaches. However, when it comes to additional products, you must pay for the maximum number of licenses you have had since the last true-up.

Such a requirement means that to have additional products means that you need to be constantly monitoring them. Even though this only applies to the Additional Products, Microsoft will often play it off as though the true-up for the Enterprise products needs to be paid according to this rule as well, where you pay for the maximum number of products you possessed throughout the year, despite the fact that there is no evidence that you need to do so outlined in your EA.

Your additional products can be found on the second half of your CSP, usually buried down at the bottom, after your Enterprise Products and your Enterprise Online Services.

  • Additional Products: Products that aren’t classified as Enterprise, such as Windows/SQL Server, Project Visio

Online Services

Online services are only slightly more difficult than the additional products to understand. According to your EA, online services provide you with the option to defer payment for your monthly fee up until the point where you’ve installed the product. If you have only been running it for three months upon the approach of the true-up, then you’ll be paying only for those three months and you’ll only see an invoice on the anniversary date if you have a reservation.

How do you know what your reservation is? You can find your reservation report on your Office 365 portal. This will tell you what kind of licenses you have reserved and how many.

  • Additional Products Online Services: Online products that do not classify as Enterprise, such as Power BI and Lock Box

Where Do I Find My Counts?

After you have established how you will be expected to license your products, now there is the hurdle of finding the numbers you need to give an accurate report on your usage. To find these numbers, you have a few methods at your disposal:

  • Your Active Directory:

    This should be the first place you check on your way to compliance. However, many organizations do not look here. Looking elsewhere will make it difficult to determine things like line or work. By just going off of the raw data that other inventory systems can provide to you, it will be very difficult to draw any sort of meaningful conclusions.

  • Your SCCM or Your SAM Tool (Use for your Qualified Device Count only):

    Whatever tool you have implemented is a great way to monitor and subsequently count what you have in your software environment. However, it is important to ensure that these are accurate numbers that your tools are reporting, as faulty numbers will undermine your whole SAM process, and it will fail to provide you with a true reflection of your data.

  • HR Systems and Email Accounts (Use for your Qualified User Count only):

    While it may not be as defendable in a software audit as the count in your Active Directory, the numbers pulled from either your HR systems or simply your email accounts may be enough for your true-up.

  • Guesstimation:

    We have often seen with our customers, when they do not have access to the data, they are forced to simply make a rough guess. If you have 1,000 employees and you know each employee has a desktop, that means you need 1,000 licenses and the job is done, right? Obviously, at MetrixData 360, we do not advocate for such a method.

What Will Happen During a Microsoft True-Up?

There are a few things that you can expect from Microsoft leading up to your True-up.

90 Days Before: You can expect to hear from your reseller or your Microsoft Account Team concerning your upcoming true-up. They’ll ask for an update as to how many software licenses you’ve added to your software architecture.

60 Days Before: Microsoft has given you the assignment and now they’re going to check back in with you, asking what you’ve discovered concerning your licensing changes.

30 Days Before: Microsoft’s team will get back to you with a true-up order which reflects changes to your EA. If you complete your true-up past this date, Microsoft will not allow you to do subscription reductions. They will simply bill you automatically based on what your bill was the year before. If you owe them more, Microsoft will never say no to more money, but any reductions will be out of the question at this point.

Immediately Before: You’ll get another call from your account rep to check in on your True-Up process

15 Days After Your True-Up: Your reseller or account rep will review your True-up order and place it with Microsoft.

Consider Your Options: The Cloud Solution Provider (CSP) Program

Microsoft has been extremely aggressive in recent years with pushing both its Cloud Platform (Azure) and its many cloud offerings, including its Cloud Solution Provider (CSP) Program onto its customer-base.

In fact, there’s a good chance that the recent removal of the EA discounts and the increase of its minimum seating has been Microsoft’s attempts to make their Cloud-based solutions more appealing to their customers.

So, what is CSP? Compared to the EA, which is more concerned with standardizing the licenses throughout a company with one large upfront payment, a CSP is the pay-as-you-go, monthly fee model that we’ve seen become the industry standard with Cloud platforms.

Thinking of Reducing Your Subscription?

It’s easy to scale up with Microsoft, they love it; but as you’ll quickly discover, the real challenge comes when you want to reduce your subscriptions or even keep them the same. However, if you look at your EA, you’ll find that there is actually a section that allows for a reduction in subscriptions.

If you have an enterprise-wide purchase, when they say “reduce,” what Microsoft means is that you are allowed to scale your online service subscriptions back to the original number that you started with. So, if I purchased a subscription of a hundred users, regardless of my purchases throughout the year, the lowest number I could ever reduce that subscription to is a hundred users, the original number I purchased.

If the subscription was not a part of an enterprise-wide purchase, you’re free to reduce but only if the initial order minimum requirements are maintained.

With Additional Products that are available as Subscription Licenses, you are allowed to reduce the license count to zero. By utilizing this clause, MetrixData 360 saved one of our past clients $800,000 by reducing two of their Additional Product subscriptions that they weren’t using down to zero!

How to Get Ready for Your Microsoft True-Up

You never want to be left scrambling for things at the last minute, being prepared when it comes to your software is a great rule to live by, whether you are getting ready for an audit, a contract negotiation, or your EA renewal.

So here are some tips that can help you get ready for your EA renewal long before your anniversary date.

  • Don’t guess your count. Guessing will either leave your numbers too high, which will be a waste of money, or too low, which will leave you exposed to auditing penalties. You need accuracy to get useful results.
  • Have a clear Asset Life Cycle for licenses and devices that are a part of your EA, including processes around both the deployment and retiring of old assets.
  • Have all the proper and updated documentation in place for everything (devices, servers, and users) that is applied to your EA. Monitor your EA products once a quarter or at least every six months.
  • Make sure you have a full understanding of your enrollment terms (especially regarding the new license changes).
  • Unexpected SQL server consumption fluctuation often proves to be especially troublesome when creating your True-Up Declaration, so make sure that you have a strategy in place to effectively capture this data.
  • Utilize perpetual licenses whenever possible.
  • Have your True-up Declaration or your Zero True-up ready at least 60 days before your anniversary. Don’t put it off until the last minute, now is definitely not the time to procrastinate.
  • Make sure that your Active Directory is cleaned up with a clear count for your users and devices.
  • Repurpose your licenses when you aren’t using them. It beats buying yet another license.
  • Know the language of your contracts.

Getting Ahead of Your Microsoft Enterprise Agreement True-Up

Having a strong sense of your licensing position will give you the ability to ensure that your EA contract renewal goes as smoothly as possible.

At MetrixData360, we have helped hundreds of our clients successfully navigate a Microsoft true-up so that what they pay actually reflects their usage. If you’d like to learn more about how MetrixData 360 can represent your interests in your next EA renewal, connect with our team today.

Microsoft, Oracle, IBM, and Adobe Software Audits at a Glance

Posted on by Ben Tight

The Top Four Software Vendors Sending Out Software Audits

It is likely that your software budget is shrinking yet your software vendors are looking for you to spend more money with them every year. When software companies can’t get the revenue they expect from you, they will often turn to software audits as a way to make up the difference. Software audits are many things: stressful, frustrating, leave you thinking that living in a cave, herding goats might have been an easier career path. But for the software publishers’ audits are quite profitable, and they have come to exploit this as a way to make their annual revenue growth targets.

Gartner has said that there is a 60% or greater chance that enterprises will be audited by at least one software publisher in any given year. The best way for you to handle the rising tide of software audit requests is by knowing your software environment and performing routine health checks to uncover areas of exposure. We cover the top areas where a company is exposed to in a software audit in our article Software Audit Preparation: What You Need to Know.

The Biggest Companies Performing Software Audits Are:

  • Microsoft
  • IBM
  • Oracle
  • Adobe

At MetrixData360, we have extensive experience working with all of these vendors, and we know how to handle an audit from each. In this post we’ll discuss some of the things you need to know about each of the software vendors and how to handle them during a software audit.

Microsoft Audit

Microsoft often claims that their audits are simple, short, and painless. In our eight years of defending companies during their software audits, we’ve yet to see a Microsoft audit that has matched this description.

Instead, we have seen audits that take almost 18 months to finalize as customers try to dig through rising mountains of data that are required as part of a Microsoft Audit (or SAM Engagement). Here are just a few tips for dealing with a Microsoft software audit:

    • SAM Audit or Review?

From our experience, Microsoft can either offer you SAM reviews or audits. SAM reviews are technically optional but refusing will likely result in getting audited. For a full breakdown of the difference between a Software Audit and a SAM review, visit our post Software Asset Management (SAM) Review vs Audit: What’s the Difference?

    • Respond to Your Vendor

We are often asked if you need to respond to an audit or a SAM letter. The short answer is yes, it is highly advisable that you respond to both. Not responding to a software audit, can find you in breach of your contract and leave you facing potential legal ramifications and hefty fines up to $100,000 USD. Although you could technically refuse a SAM Engagement, you could also find yourself running the risk of being in breach of your contract.

It has been our experience that refusing a SAM review will often result in Microsoft responding by sending you a full audit that you can’t refuse. Therefore, it would be more beneficial for you and your company to negotiate with Microsoft to perform a self-assessment as opposed to having a Microsoft partner perform the audit. A SAM engagement will be nearly identical to an audit after the data collection stage has begun and you will struggle to see the difference between the two processes until the negotiation stage has been reached.

    • Software Reviews vs Software Audits

The real difference between a SAM review and an audit can be seen when examining the penalties of each and how they are resolved. In a SAM review, you will be allowed to purchase your missing licenses at your contracted prices or at your historically discounted rate. In an audit, on the other hand, Microsoft has the right to charge any shortfalls at List Price in addition to a 5% penalty, although this may vary depending on your contract.

    • Paying For An Audit

Another difference between a SAM review and full audit appears when asking who will pay for the whole process. Microsoft will pay for the cost of the SAM engagement themselves whereas in an audit if you are found to be greater than 5% out of compliance you will be responsible for paying for the audit yourself in addition to any penalties you are incurred during the audit.

IBM Audit

IBM audits can be especially tough, since many of their license metrics require you to accurately have installed their ILMT tool in order to effectively capture your estimated license position (we have found that the majority of IBM’s customers have not done this correctly). Here are some things to consider that can help in the case of an IBM audit:

    • True Up Costs

Once your software audit has concluded, IBM will often let you settle at your discounted price with an additional fee for the maintenance that was used for the upkeep of the product when it was unlicensed.

    • Watch For Licensing Changes

IBM is also prone to make licensing changes which can apply to a wide range of their products in the wake of acquiring a new software company to their profile or releasing new versions of their software. When these events occur, be sure to look at your licenses with IBM to check for relevant updates.

    • Properly Set Up and Use ILMT

Our CEO Mike Austin says that you need to understand ILMT and how it works to effectively manage most IBM Software Audits.
According to Mike, “IBM isn’t typically auditing their Passport Advantage program, they are going after the complexity of sub-capacity and PVU based licensing. In order to pass an audit if you are licensing at sub-capacity, you need to have ILMT up and running. You will also need a have a history of reports. Installing and configuring ILMT is tricky and not many companies have done it correctly. In a lot of our work around IBM Audits, we are fixing ILMT reporting before we even start the work of defending an audit.”

    • ILMT Does Not Hold All The Answers

However, installing ILMT doesn’t mean you are 100% safe from IBM’s audits, you can still be found out of compliance.

    • Avoid Scope Creep

Our IBM Audit teams says to make sure you define the audit scope, as IBM is quite notorious for scope creep. You will want to ensure you know which products and contracts are included (and excluded) from the audit.

    • Put The Onus On IBM

You need to get an agreement with IBM (not the reseller- they can’t promise this) stating that IBM will take on the responsibilities to ensure that the product being deployed is correctly licensed. If they fail to then deploy ILMT after such a deal has been reached, then it might be possible to get a concession during an audit.

    • Defend Yourself With Data

Even if IBM doesn’t take responsibility for the licensing of deployed software, you might have a case to circumnavigate adverse findings that can come up due to ILMT’s failures, if you can collect historical system-generated reports that demonstrate the following things:

1) the processor resources that were allotted to the VMs running the PVU-licensed products have been or are capped and are not subject to any automated augmentations-based on system demands and

2) the historical usage of these products never exceeded licensed levels. However, this data has proved difficult for companies to obtain in the past.

Oracle Audit

From our observations, Oracle Audits incur the largest compliance findings typically. We’ve dealt with Oracle many times in the past, and here are some things you should know about how Oracle conducts their audit.

    • Only Pay For What You Use

According to the ITAM Review’s article Oracle Audit: Top 20 Frequently Asked Questions, for Oracle, the installation of software and the licensing of that software are two different events, with the exception of Database Enterprise Editions, so be careful when initially deploying software as it will likely be the cause of issue during an audit. For example, Oracle optional features, such as RAC, get turned on by default when installing databases, these options may only be licensable if you actually use them, not if you have them installed. This is a subtle difference, but it can have a profound impact and it is an area that is often found as being licensable by LMS. However, we have often found that it can be negotiated out with usage data.

    • Oracle Software Review vs Oracle Software Audit

Oracle has Oracle License reviews and Oracle License audits. These are the exact same thing – “review” just sounds friendlier. Both should be treated with the same level of severity.

    • Understand Your Contract

According to Scott & Scott, LLP’s article, Seven Lessons I Learned Representing Clients in Oracle Audits, take extra care to understand Oracle’s policies around usage. Since many of Oracle’s policies will not be included in the license’s documents, there tends to be a lot of confusion generated around this topic. Some areas that produce the largest findings in an Oracle Audit are VMWare and Oracle’s policy stating that all Processors in a cluster must be licensed. This policy has caught many organizations off guard and is the crux of the major lawsuit between Oracle and Mars Corporation.

    • More Gaps Cost More Money

As with Microsoft, if you are found out of compliance on a Oracle Audit you will have to cover the expense for the audit.

    • Use Your Own Tools

Our Oracle Audit Experts state that you are not required to use Oracle’s scripts to collect your data, especially if you have your own methods in place for gathering your data. LMS will try very hard to get you to use their scripts. We recommend, however, that you use your own processes first, if possible.

    • Tools Are Only As Good As The People Using Them

ITAM Review’s article Oracle Audit: Top 20 Frequently Asked Questions, states that Oracle has several approved SAM tools like Lime Software, Easyteam, BDNA, Hewlett-Packard, Flexera Software, Nova Ratio, and iQuate. However, these tools only collect raw data and won’t provide you with the interpretation of that data which will tell you what you need to license. Therefore, just because you have Oracle-approved tools, it doesn’t mean you’re completely safe in an Oracle audit.

    • Get A Paper Trail

In all audits, but especially ones with Oracle, it is highly recommended that you get a closing statement to close out the audit (indemnification is the most ideal). This is especially important with Oracle, as they are a very litigious vendor. You will be happy that you have a closing statement in case the audit ever goes to court and your company’s reputation is suddenly on the line.

Adobe Audit

Compared to the other heavy hitters, Adobe’s software audits can seem like little more than a friendly reminder. However, Adobe’s products can be quite expensive, so it’s important not to let this vendor slip from your mind. Here are some tips about Adobe licensing:

    • Friendlier, But Not Friendly

According to a study released by Gartner in 2016 and presented in their article What Does an End to Adobe Auditing and License Compliance Activity Really Mean?, Adobe has steadily moved away from auditing their customers, focusing instead on their Software as a Service platform and subscription-based licensing. That does not mean your company no longer has to deal with compliancy risks from Adobe, as Adobe still maintains the right to verify compliancy, giving their customers 30 days to provide data to ensure proper usage.

    • Buy What You Need, Not What You Want

The Gartner article also states that with a focus on SaaS and the subscription-based nature of Adobe, along with the lack of an “off-switch” for Adobe products, the main focus of Software Asset Management when it comes to Adobe should be proper sizing and monitoring usage.

    • For Adobe, It’s The Little Things That Count

According to TechRepublic’s article How to Prevent or Navigate an Audit by Adobe, Adobe monitors their customers differently from other vendors. Where Microsoft, Oracle, and IBM are interested in unlicensed software, Adobe is more interested in the protection of their intellectual property and making sure their product is used correctly. Are you correctly licensing any fonts with Adobe? These small questions can accumulate if they are not properly answered.

    • Adobe Does It Themselves

TechRepublic’s article also states that Adobe performs their own compliance verification review as opposed to hiring a third-party auditor, which can either be good or bad depending how far out of compliance you are.

    • Watch For Creative Suite License Changes

One best practice we advise our client’s to adhere to when dealing with Adobe says that you will have to pay particular attention to Creative Suite, as it is prone to change almost every year and these constant updates make it difficult to keep track of products. It will often leave programs as obsolete and the licensing for it makes it difficult to understand what is truly needed.

    • Upgrade Licenses Can Downgrade Your Compliance

Finally, according to TechRepublic’s article How to Prevent or Navigate an Audit by Adobe, Adobe also has no program in place to account for upgrades. Upgrade licenses, therefore, can sometimes stretch back several years – so, keep track of how far back these licenses go and be sure not to leave yourself over-confident (don’t forget that sometimes you can only go back three versions – so tracking that can also be very difficult).

How MetrixData360 Can Help

Software audits have been known to put a strain on any company’s software budget, so knowing about the software vendors that tend to resort to such methods will leave you with a better knowledge of what to expect. At MetrixData360, we believe that you should not have to pay the software vendors more than what you owe them, so it’s important to invest in software asset management long before you’re confronted with a software audit. By clicking the button below, you will be taken to our audit services page, where you can learn more about how we can help you survive a software audit.

Full logo White2 1 q4x81lwlsbtsww76umruhd5x0mp53yk25jqbwxg5om
Services
Software Asset Management Services
Software Audit Defense Services
Software Negotiation Services
Tools
About
Pricing
Learning Center
Contact
Contact Us

©2025 MetrixData 360. All rights reserved.

Terms and Conditions  |  Privacy  |  Accessibility  |  Cookies