Three steps to defend against an Oracle/SAP audit

Prepared ready for Oracle SAP audit

Oracle and SAP audits are an inevitability, but being unprepared for them is not. Our three-step guide will help you survive the stressful process of an Oracle or SAP audit.


The dreaded Oracle/SAP audit

It’s a nightmare scenario: you’ve received notice from Oracle/SAP that they’re raising an audit against you.

But don’t panic, if for no other reason than because that’s precisely the frame of mind they want. Before the tests and trials begin, use our guide to help you go into the process with a clearer mind, and a greater chance of keeping in control.

What we can’t do is help you avoid an audit – because, if Oracle/SAP are going to audit you, it’s not a matter of “if”, but “when”.

To that end, we have a survival guide for when it’s your turn.

Three steps for Oracle and SAP audit survival

Step one: Know your enemy

As discouraging as it is, to be saying this about a company who promote ‘evolving customer experiences’; you must treat Oracle (and SAP) with caution. Never give away too much information, and always be careful with what you’re telling them.

Lesson: In any point of contact with the vendors, keep in mind that anything you tell them can be interpreted in their own way.

Casually mentioning that you’ve gone through an internal restructure, or a large-scale merger, may seem matter of fact. To them, it means a chance to check your user licenses and accessed features, in the precise hopes that you haven’t updated these yet. Then they can pile on the fees and fines.

Remember, they aren’t going to make it easy for you.

It is not beneath Oracle or SAP to employ dirty tricks to deliberately catch you out. An audit will undoubtedly involve an inventory of your software, to see which billable features you’ve enabled.

Be wary, though, as some of your features may already have been enabled by default, regardless of whether you’re using them or not. This minor oversight and simple mistake to make has the potential to cost thousands, at least, in non-compliance fees.

Lesson: Even if Oracle or SAP’s own consulting teams enabled these features, it is your responsibility to make sure that you have the appropriate licenses.

Step two: Know your rights

It goes without saying that you should always read a contract before accepting the terms; as you and your vendor have already entered into one, it is vital that you know your own rights, in case they try to ‘forget’ them. The features switched on by default which we have already mentioned are only one example.

Another, for instance, is blurring the timelines. Your support contract might say that in the event of an audit, “you have X number of days to respond”. However, in previous audit letters we’ve seen, they will advise a lower number.

Lesson: Do not take Oracle/SAP at their word. Know your contract.

We’re all guilty of skimming terms and conditions, but that kind of apathy is a perfect chance to be exploited. When Oracle/SAP’s scary audit letter arrives, the initial reaction is to go along with their demands. But that panicked and unsure reaction is precisely what they want from you. That puts them in control.

Step three: Know yourself

So, take back control. Oracle/SAP will raise an audit against you if they believe that you are outside compliance. Therefore, if you ensure that you are compliant, you have less to worry about.

Self-audit, be proactive, always know your own status, what features you do and don’t need, check your licenses – know your system. If unsure, you can approach an external consultancy that specialises in licensing, to help you identify issues in this area.

It will take time and effort; but look at it this way. Oracle/SAP are less likely to audit you if you are compliant. Their money comes from noncompliant audits and their subsequent fines; if you are compliant, then they don’t stand to make anything from you. (Besides the extortionate fees they already charge for maintenance costs…)

Lesson: self-audit yourself regularly to ensure you are prepared for when the vendor comes knocking.

Plus, having taken the proactive approach, you might discover that you are out of compliance. This isn’t cause for concern, unless Oracle/SAP are about to begin their audit. Knowing that you are outside compliance means you can act accordingly; you can contact your vendor and purchase what you need – rather than being hit by an audit fee and needing to purchase updates or upgrades anyway.

Granted, these purchases may well put you right onto their radar for an audit; but you know you’ve taken the right steps and put yourself in a far better position than you would have been in, if you hadn’t checked first.

Switch to third-party support

It’s a myth that switching to third-party support will trigger an audit. It neither adds nor lowers your chance of an audit – you’re always going to be on their radar, one way or another.

So, if you’re wanting to get away from Oracle/SAP support, don’t let the threat of an audit keep you from rethinking your support setup. That fear could be keeping you from an alternative that can greatly benefit your organisation.

We can’t help you dodge an Oracle/SAP audit – if they want to audit you, they will. But we will make your support experience more agreeable, with access to fastidious service and SLAs, for at least 50% of the price.”

Mark Smith, CEO of Support Revolution

We play fair, they don’t. Auditing is a shady practice of theirs – one of several. But fortunately for you, we happen to be experts in knowing their dirty tricks. We can help you better prepare for dealing with them.