Audit Defence & Representation
LMS forensics, Core Factor Table challenge, virtualisation methodology defence, and settlement negotiation from Oracle licensing experts with 25+ years inside experience.
Oracle's Licence Management Services (LMS) audits are not investigations. They are optimised to build a compliance case, not to find the truth. This distinction is critical. Oracle's position, from the moment an LMS request letter arrives, is that you are likely non-compliant and that Oracle's job is to quantify your exposure — not to validate whether their interpretation of your licence terms is correct.
The LMS script itself is an automated scanning tool that runs across your Oracle environment, capturing data about processors, cores, virtual machines, named users, and database options. The script is designed to gather maximum information: it doesn't ask whether you need that data; it collects everything. The resulting output is voluminous, often 50,000+ data points, and deliberately difficult to understand without Oracle's interpretation. Oracle's LMS team then applies the Core Factor Table — a lookup table that maps processor types to licensing multipliers — using Oracle's published table, which they control and update unilaterally.
Oracle's default position on processor counting in virtual environments is that every physical core in a cluster is licensed unless you have a Hard Partitioning solution certified by Oracle. This is broadly restrictive and contradicts many organisations' actual architectural decisions. For Hyper-V and VMware environments, organisations often use resource pools, CPU caps, and other soft partitioning methods that are not Oracle-certified but are technically effective. Oracle's audit teams dismiss these as "not recognised" and count all underlying physical cores.
Database options like Diagnostics Pack, Tuning Pack, and Advanced Security are enabled by default in many Oracle Database installations. Many organisations are unaware they own these options, or they enabled them years ago for a specific use case and forgot to disable them. Oracle's audit methodology counts every deployment of an enabled option as a used feature, regardless of actual usage, and charges the full option licence cost for each server where it's detected. The scope is determined by Oracle's interpretation, not by documented intent to use.
The timeline of an Oracle audit is deliberately pressurising. Oracle sends an initial letter requesting cooperation within 30 days. This is followed by months of back-and-forth data requests, clarifications, and interpretations. Oracle's negotiators know that as the months drag on, your internal pressure to settle increases. Your CFO wants closure. Your CIO wants the audit team out of your environment. Oracle's opening position is typically 40–60% higher than they expect to settle for, giving them enormous room to "compromise" while you accept a settlement that is still 3–5 times your true compliance exposure.
The claims Oracle generates frequently contain interpretations that are disputed in the market. For example, Oracle claims Named User Plus metrics should count employees, not just database users. Oracle claims that processor metrics apply to processors in your entire data centre cluster, even if you're only using a fraction of the cluster. Oracle claims that Oracle options require a separate, additional licence for each installation, without regard for whether you own an Unlimited Licence Agreement (ULA) or an Enterprise Agreement (EA) that already covers the option.
Detailed forensic examination of Oracle's LMS output, identifying collection errors, overstated data, and misinterpreted configurations. We challenge Oracle's claims at the data level before they escalate to settlement discussions.
Independent verification of processor types and their applicable Core Factor values. If Oracle has misidentified your processor, the multiplier is wrong. We identify these errors and correct the baseline claim.
Independent assessment of your virtual machine architecture, CPU allocation, and partitioning strategy. We document your actual allocation methodology and defend your position against Oracle's default assumptions about physical core licensing.
Comprehensive audit of which Oracle Database options are actually enabled in your environment, which were enabled unintentionally, and where usage is documented vs. undocumented. We separate intentional usage from inadvertent enablement.
Creation of comprehensive response documentation addressing each of Oracle's claims, supported by evidence from your environment, third-party verification, and precedent. This document becomes your negotiating foundation.
Expert negotiation with Oracle's legal and audit teams, using forensic findings and documented defences to reduce Oracle's opening position. We negotiate from evidence, not emotion or time pressure.
We obtain copies of your LMS scan results, your Oracle CSI (Customer Support Identifier), your current Oracle licence register, and any communications from Oracle. We map your complete Oracle footprint — on-premises, virtual, cloud, and containerised — and calculate what we believe Oracle will claim.
We conduct line-by-line forensic analysis of Oracle's LMS output, identifying data collection errors, processor misidentifications, virtual machine overcounting, and option enablement that is undocumented or inadvertent. Each finding is documented with supporting evidence.
We verify your actual Oracle licence entitlements against your purchase orders, order forms, and Oracle's published CSI records. We identify licences you own but haven't deployed, options you own but haven't enabled, and entitlements that may have been missed or misunderstood.
We create a comprehensive response document addressing each of Oracle's interpretations, supported by technical evidence, architectural documentation, third-party verification, and market precedent. This becomes your negotiating position and the foundation for all settlement discussions.
We lead all negotiations with Oracle's audit and legal teams, presenting findings, challenging claims, and working toward a settlement that reflects your true exposure. We manage timeline pressure, document all agreements, and ensure closure is final.
You've received an LMS audit letter and need technical defence of your environment architecture, virtualisation strategy, and option enablement. We provide the technical evidence.
You need the audit settled quickly, but not at an inflated price. We reduce Oracle's opening position by 60–85%, turning a multimillion-dollar risk into a manageable settlement.
You're responsible for licence compliance but don't have expert Oracle knowledge. We verify your entitlement position, identify gaps, and defend your audit position with technical precision.
You need independent verification of Oracle's contractual interpretation and claim methodology. We provide expert evidence that can be used in negotiation or, if necessary, legal challenge.
A Fortune 500 financial services firm received a $12M audit claim from Oracle based on processor metrics in a virtualised Hyper-V environment. Oracle claimed that all physical cores in the cluster were licensed. We conducted forensic analysis of the cluster architecture, documented CPU allocation and reservation methodology, and provided independent verification from the Hyper-V architect that the customer's soft partitioning approach was technically sound. We challenged Oracle's Core Factor identification on three processor types, identifying misapplied multipliers. We documented 18 months of actual database usage showing several options were enabled but not deployed. Settlement: $800K.
Our comprehensive guide to LMS audits, from the moment you receive an audit letter through final settlement. Covers LMS script forensics, Core Factor Table methodology, virtualisation defence, option analysis, and negotiation strategy. Used by enterprise legal teams and CFOs managing Oracle audit risk.
Download White PaperBefore Oracle audits you, conduct your own review. We map your Oracle estate, identify compliance gaps, and create an Effective Licence Position (ELP) so you understand your true exposure.
Prevent future audits by restructuring your Oracle EA, ULA, or CSI. Negotiating terms that reduce audit trigger points and clarify licensing obligations before they become disputes.
Right-size your Oracle estate to reduce compliance exposure. We identify shelfware, over-licensed options, and under-deployed licences, creating a leaner, more defensible position.
Oracle typically initiates an audit during an EA renewal conversation, when an account management change occurs, or based on Oracle's strategic audit team decisions. Some triggers are contractual (your EA may require periodic audits), but most are discretionary. Oracle's audit teams also monitor for environment changes like virtualisation expansion or application server deployments that might signal unlicensed usage.
This depends on your contract. Most Enterprise Agreements (EAs) include audit rights that are broadly written. If your contract grants Oracle audit rights, refusal may be a breach. However, you can negotiate the scope, methodology, and timeline. Audit rights are also typically limited to business hours, and you can require an Oracle audit coordinator and legal oversight. You cannot refuse outright, but you can constrain the process.
The Unified Software Metering and Monitoring (USMM) module is part of Oracle's LMS toolkit. It's an agent that runs on your servers, collecting detailed data about Oracle processes, connections, users, and feature usage. USMM collects far more data than Oracle strictly needs to establish compliance; it's designed to give Oracle maximum visibility into your environment. You do have the right to limit the scope of data collection, but most organisations don't negotiate this beforehand.
Oracle's default position is that every physical core in any cluster your virtual machines run on is licensed, regardless of soft partitioning or resource allocation. The only exception is Hard Partitioning (dynamic LPAR on HP-UX, domains on Solaris, etc.), which Oracle recognises as a barrier between environments. VMware CPU reservations, Hyper-V resource pools, and cloud instance sizing are not recognised as partitioning by Oracle. This is a major point of dispute in most modern environments.
The Core Factor Table is Oracle's published lookup table that maps processor types to licensing multipliers. A processor with a Core Factor of 2.0 means each processor counts as 2 cores for licensing purposes. Oracle publishes this table but updates it unilaterally. During an audit, Oracle applies the Core Factor from the published table as of the audit date, which may differ from the table at the time of purchase. Processor identification errors are common, and we frequently identify instances where Oracle has misapplied factors.
From initial letter to settlement, expect 6–14 months. The first 2–3 months involve data gathering. The next 3–6 months involve Oracle's internal analysis and your response cycles. The final 2–4 months involve negotiation and settlement. Oracle's timeline is deliberately extended to increase settlement pressure on the customer. We manage this timeline aggressively to avoid unnecessary delays.
Yes. If you anticipate an audit or know one is coming, engaging advisors before the audit letter arrives puts you in a stronger position. We can conduct a pre-audit exposure assessment, identify risk areas, and prepare your defence before Oracle arrives. This is significantly cheaper than managing the audit under crisis conditions.
We'll assess your Oracle environment, quantify audit exposure, and outline a defence strategy. Confidential and at no cost.
Schedule ConsultationWe publish weekly insights on Oracle audit trends, licensing changes, and defence strategies. Subscribe for expert guidance delivered to your inbox.