Oracle's License Management Services (LMS) and its successor Global Licensing & Advisory Services (GLAS) run a structured audit process. Customers who treat each step as routine paperwork end up with seven-figure findings. Customers who recognise the tactical choices LMS is making at each step — and respond with their own — end up with settlements at 30-40% of the opening claim. In our practice across 340+ engagements, the most consequential moves happen in the first 30 days. This article walks through the LMS playbook step by step.
The standard Oracle audit notice cites the audit clause in the customer's contract — usually a clause permitting Oracle to audit usage on 45 days' notice — and requests an introductory call within 30 days. The letter typically arrives from the LMS regional director and is co-signed by the customer's account executive. The presence of the account executive is intentional: it signals that the audit and the commercial conversation are linked, which they are.
The first tactical decision is whether to engage immediately or to take the 45 days. Customers who engage on day three are giving up posture. Customers who use the full 45 days to prepare an internal baseline, secure legal review of the contract, and plan their evidence strategy enter the first call with a position. The first call sets the tone for the entire engagement.
The initial information request — the "data request" — typically asks for: a complete environment inventory across all Oracle products, the contract set and amendments, the SAM tool data, and the names and roles of the people who will participate. Each of these has a defensible scope. Customers routinely provide more than is strictly required, which expands the audit footprint.
The first 30 days are the highest-leverage part of the entire engagement.
Oracle LMS asks customers to run measurement scripts on every Oracle Database instance. The scripts query DBA_FEATURE_USAGE_STATISTICS, DBA_HIGH_WATER_MARK_STATISTICS, the OPTIONS view, the DBA_REGISTRY view, and several other system views. The output is uploaded to LMS via a defined process. The scripts are the foundation of the audit and the most common point of customer concession.
The tactical question is not whether to run the scripts — refusing creates worse problems — but who runs them, how the output is reviewed before submission, and which databases are in scope. Running the scripts internally first, reviewing the output for findings, and remediating before submission is the difference between a settled and an open audit.
LMS's initial scope is often broader than the contract permits. Subsidiaries that were not party to the contract, environments under specific carve-outs, recently divested entities, and acquired-not-yet-integrated systems are routinely included in LMS's scope by default. Reading the contract carefully and contesting scope before scripts run is one of the most cost-effective interventions in an audit.
Step-by-step audit response playbook used across 100+ Oracle audit engagements.
LMS auditors are practised at conversational data collection. The early calls feel collaborative — they ask about your architecture, your business priorities, your cloud roadmap, your virtualisation environment. Customers typically answer freely because the questions sound innocuous. They are not. Every architectural detail provided is logged and used later to expand the audit scope or to support a specific commercial position.
A disciplined customer response is to answer only what is required, document the answer, and route everything through a single point of contact. Customers who route every LMS question through legal counsel for review produce dramatically better outcomes than customers who answer organically.
After 6-12 weeks of script analysis and interviews, LMS produces a draft finding letter. The letter quantifies the alleged compliance gap, lists the products affected, and proposes a remediation path — almost always a commercial transaction with Oracle. The opening number is rarely the settling number. In our experience, settlements typically land at 30-40% of the opening claim when the response is well-structured.
The reductions come from:
The opening claim is the starting point. The settlement is built from defensible counter-positions.
Oracle's preferred audit settlement is the customer purchasing new Oracle products — typically ULA expansion, OCI Universal Credits, Fusion Cloud subscriptions, or unified support. Cash settlements are rare and disfavoured by Oracle. The reason is structural: a cash settlement is recognised as one-time revenue; a product sale becomes the basis for forward-looking quota and renewal expansion.
For the customer, this dynamic is leverage. Customers willing to commit to OCI, willing to expand an existing ULA, or willing to renew a sun-setting support stream typically settle audit findings at materially lower headline values. The corollary is that customers who insist on cash settlement face the highest absolute numbers. The right answer is usually somewhere between: a small commercial commitment that the customer would have made anyway, traded against a substantial reduction in the audit claim. Engineering that trade is exactly where our software contract negotiation work earns its keep.
Our Oracle audit defence team has handled 100+ LMS engagements. 68% average claim reduction.
Weekly compliance intelligence for IT leaders.