If you read nothing else
Oracle audit defense is the buyer-side discipline of controlling the data, the count, and the settlement of an Oracle license review — not the act of answering Oracle's letter. Oracle's opening compliance claim is an unaudited commercial position priced at list, routinely 3–5× what you actually owe. Rebuild the count yourself, challenge the VMware and options interpretations, strip the back-support, and settle from evidence. Across 600+ engagements, defended customers settle 40–90% below Oracle's opening number.
This Oracle audit defense manual covers the full review — from the moment GLAS issues notice through to a signed settlement. It is written for the buyer: how Oracle constructs the claim, the three places the number is almost always wrong, and the levers that collapse it. Every pricing and policy figure carries a source and a date.
Key takeaways
- Oracle's opening audit claim is a sales position, not an invoice — GLAS prices every detected gap at list and applies worst-case interpretations; defended customers settle 40–90% below the opening figure, with the average claim running 3–5× the true obligation (Oracle Licensing Experts engagement data, 2026).
- VMware is the single largest audit exposure in 2026 — Oracle treats VMware as soft partitioning, so every ESXi host inside the vMotion boundary is counted; a 4-host Oracle deployment on a 32-host cluster can be claimed as 32 hosts, and that policy sits outside your signed contract (Scott & Scott LLP analysis; Oracle Partitioning Policy, 2026).
- The back-support trap costs more than the licenses — Oracle adds support arrears on the alleged shortfall, typically 3–5 years, on top of new licenses at 22% of net license value per year (Oracle Software Technical Support Policies, 8 May 2026); at an 8% annual uplift, a $1M support line becomes about $2.16M in ten years.
- Database options and management packs are the silent trigger — Diagnostics Pack, Tuning Pack, Partitioning, and Advanced Compression can activate on use without a separate purchase, and Oracle's 2026 audits explicitly target option enablement and Java SE deployment (Mondaq, 2026).
- Settlements move with your renewal, not Oracle's calendar — the strongest outcomes fold audit findings into a discounted forward deal, with audit-waiver years and back-support reduced toward zero; well-evidenced disputes routinely cut the opening claim to 22–60% of its stated value (industry audit-defense benchmarks, 2026).
Recommendations by role
An Oracle audit is fought across four desks at once. Here is what each owner must do to defend the count.
CIO / Head of Infrastructure
- Own the deployment baseline before Oracle defines it — processors, cores, options, and virtualization topology, documented and version-controlled.
- Isolate Oracle workloads onto dedicated, separately licensed hosts so the VMware soft-partitioning claim has nowhere to spread.
- Block engineers from running or returning any Oracle script output without review by the single audit owner.
SAM / ITAM Manager
- Reconcile installed programs against entitlement and flag every option — Diagnostics, Tuning, Partitioning — that may be enabled by default.
- Map the vMotion and DRS boundaries; this is where Oracle inflates processor counts the most.
- Build the evidence pack that answers Oracle's question precisely — in your format, on your timeline, nothing volunteered beyond scope.
VP Procurement / Vendor Management
- Pin the audit clause, the NDA, and the exact entities, products, and territory in scope before any data moves.
- Treat Oracle's first number as an opening bid; settle on rebuilt evidence and realistic, discounted pricing.
- Coordinate the settlement with your support or EA renewal so the audit resolves inside a deal you control.
CFO / General Counsel
- Model the worst-case exposure — new licenses plus back-support — so the settlement target is set by you, not Oracle.
- Hold Oracle to its own paper: the published partitioning policy is not a contract term and cannot be enforced as one.
- Keep findings confidential under the NDA so they cannot be recycled as a sales lever in the next negotiation.
The Oracle audit defense framework: where the claim is built and where it breaks
Each question below is one a CIO, GC, or procurement lead actually asks once the review is underway. Lead with the answer; the move follows.
How does Oracle decide who to audit in 2026?
Oracle audits on signal, not at random. An Oracle audit is a contractual compliance review GLAS opens with 45 days' written notice under your Oracle Master Agreement. In 2026, GLAS — Global Licensing and Advisory Services, the rebranded successor to License Management Services (LMS) — prioritizes estates that show clear revenue upside: Oracle running on VMware, Java SE deployments under the Employee Metric, Diagnostics and Tuning Pack enablement, and BYOL cloud migrations (Mondaq, 2026). Mergers, lapsed support, and the run-up to a ULA certification or renewal are common triggers.
The pattern matters because it tells you what Oracle already believes it will find. If your trigger is virtualization, the claim will be built on host counts; if it is Java, on employee headcount. Knowing the likely thesis lets you self-assess the exact exposure before Oracle scripts it for you.
Run your own license review on a quiet quarter, not under a 45-day clock. A self-audit surfaces the same gaps Oracle would — options left on, VMware sprawl — while you still have time to remediate without a deadline or a counterparty watching.
Why is Oracle's opening compliance claim almost always inflated?
Because it is engineered to be. Oracle's LMS/GLAS team analyzes script output and constructs a compliance position priced at list, applying every worst-case assumption at once: counting each detected option as a separate license, sizing processors with the Core Factor Table at full capacity, treating passive standby and backup nodes as production, and assuming VMware clusters run Oracle on every host. None of this is settled — it is an opening negotiation position dressed as a finding.
This is why the same audit can produce a $12M letter and a sub-$2M settlement. The reduction comes from rebuilding the count, correcting the licensing model, and stripping unjustified back-support — not from pleading. The Core Factor Table is Oracle's multiplier converting physical cores into required processor licenses, and misapplying it is one of the most common ways a claim is overstated.
Across 600+ Oracle engagements, the average opening audit claim is 3–5× what the customer actually owes once the deployment count is rebuilt and pricing is reset to realistic levels (Oracle Licensing
Audit tactics, negotiation leverage and licensing traps — decoded by former Oracle insiders. Join 2,000+ buyers. No spam, unsubscribe anytime. Independent of Oracle Corporation. Not affiliated with Oracle.Get the weekly briefing Oracle hopes you never read