Over the last year, the media has reported an uptick in compliance audits by Oracle Corporation for its enterprise software customers. See articles here and here. Clients are seeking our guidance on how to deal with these audits and want to understand their legal options.
The story is a familiar one. A company’s IT manager receives a notice from Oracle that the company has been selected for an audit. Oracle seeks commencement of an audit quickly and asks for large amounts of information from the client. The information sought may go well beyond the technology actually licensed from Oracle and may involve third party vendors such as VMware or others. The company protests about the wide-ranging scope of the audit, and Oracle personnel may contend that the company is trying to hide its non-compliance with the license by refusing to cooperate. The rhetoric increases, more documents are demanded, additional forms must be filled out and then the final audit report is issued. The number that Oracle contends represents the amount of the overage may be staggering to the company, and for some companies, simply impossible to pay. Almost concurrently with the issuance of the audit report, Oracle sales representatives are reaching out and leaving messages that they have other, less costly solutions. All the company needs to do is buy more Oracle products. While the company is frantically trying to figure out its options, it receives a 30-day notice of breach letter that the license will, or may, be terminated if the company does not have a plan in place for compliance by the end of the 30-day period.
This is a scenario that is happening to an increasing number of companies. If you are a big company and think Oracle would never do this to you because you are an important customer, do not be complacent. According to reports in the media, Oracle likes to target companies that are large and have used its software widely because it knows how difficult it would be to switch enterprise software mid-stream. If you think you are too small to be targeted for an audit, do not be too sure either. According to the business press, Oracle appears to be pursuing this strategy to increase its cloud-based sales involving companies of all sizes.
So, what should IT professionals do if they receive such an audit letter from Oracle? If your company has a legal department, you should report the issue to your in-house counsel immediately. If you do not have a legal department, you should retain outside counsel to assist you with your response to the audit. Oracle salespeople and audit personnel are aggressive in their pursuit of higher margins and sales. Licensees often need professional legal help to balance the ongoing dialogue and gain leverage in the negotiation by understanding their true legal rights, rather than accepting what is being represented by Oracle’s sales and audit teams.
Our lawyers have advised clients on how to best position themselves for a favorable outcome after an Oracle audit. We have implemented legal strategies that have resolved the situation, without the necessity for lengthy and protracted litigation. We also have advised clients on how to respond to audits initiated by other software providers such as Autodesk and others. Our team is experienced in these situations and here to help, if you find yourself subject to a software audit.