If you have received a letter from Oracle informing you that you are up for an audit, don’t be surprised. Audits and reviews are a common thing for people that use Oracle solutions and nearly everyone gets them sooner or later. In fact, as a general rule of thumb, you should be expecting an audit by Oracle at least once every 3-4 years.
Oracle can have any kind of reason to want to audit your infrastructure, and they will most likely never tell you why they are doing it. Therefore, you need to cover all your bases and make sure you have everything in order because the audit will cover every last detail of your system. If you have received a notice, these are some of the best things you can do moving forward.
Verify and Confirm
The first thing you need to check when you receive an audit notice is who sent it. A real audit notice will be sent by the License Management Service (LMS) department.
Even if it is sent by a different department within Oracle, it is most likely a scam. The only letters you need to take seriously are going to be sent by LMS directly, or are going to be sent by someone who has been appointed and authorized by the LMS directly. When you have confirmed that the letter is from an authentic source, only then should you respond and let them know you have received the audit request.
Review
The next step is to look at what the report says and start scanning your own operations. The report will never say what the exact problem is but it might have some hints about what Oracle wants to audit.
At this point, you want to start reviewing your own operations to find any weak spots. The team at https://redresscompliance.com/oracle-audit-services/ suggests that those who don’t have the expertise to review their system well enough should hire an external audit service. The main advantage here is the auditors’ experience. Since they have worked on so many cases, it will be far more efficient to have them try and spot a problem rather than doing it internally since you will have grown immune to the system.
Process
In most cases, the Oracle audit request will give you some time before the process moves along further. Typically, this is at least a 45-day window. During this time you need to prepare. Keep in mind that these audits can result in some costly repair work if it is that you are found guilty of some kind of misconduct. If there is a problem that you are aware of, it is a good idea to think of how you can defend yourself. Moreover, the consequences of an audit are not homogenous. In some cases, companies get out without a scratch; in other cases, they have to pay millions. So it is all up to how you handle the case.
How much this audit ends up costing you depends on the kind of problem, the scale of the problem, and the damage that Oracle has had to bear. There is no hard and fast rule to determine the cost of the problem. This is why having an expert on board can really help you out because they know the technicalities of the contract and they know how the issue should be handled. It will cost you less to pay technical experts than it would to brave it on your own and have to pay the full remuneration.