Why does Oracle use three names for one process?
Oracle calls the same exercise an audit, a license review or a business assessment depending on tone, but all three measure your deployment against your entitlements and can end in a bill. The label is about temperature, not substance. A friendly business assessment from your account team and a formal letter from GLAS, formerly LMS, both feed the same commercial machine.
The reason the names matter is that they change how a buyer reacts. A formal audit puts a company on guard and often routes the matter to procurement and legal. A business assessment sounds like a service, so it tends to be handled by a database lead who wants to be helpful and shares data freely. Oracle understands this difference, and the softer framing reliably produces looser data handling. Audits are a sales channel, and analysts estimate that 20 to 30 percent of Oracle's on premises license revenue flows from them, so a soft review is rarely just housekeeping.
What is a soft audit or business assessment?
A soft audit is any measurement exercise that avoids the word audit, and it is best understood as data gathering with a commercial purpose. It usually arrives as an email from your account manager offering to help you understand your position, optimise your estate, or prepare for a renewal. There may be a spreadsheet to fill in or a script to run, framed as routine.
The output of a soft review is the same kind of evidence a formal audit produces. Once Oracle holds data showing usage that exceeds entitlements, the conversation can harden quickly, and the figure that follows arrives inflated at list price like any audit finding. The fact that you volunteered the data does not make the finding smaller; if anything it makes it harder to walk back.
Is an Oracle license review less serious than an audit?
No, a soft license review deserves the same discipline as a formal audit, because the data you share carries the same weight. The difference is procedural, not substantive. A formal audit cites the audit clause in the Oracle Master Agreement and usually gives a 30 to 45 day response window, while a business assessment may arrive as a casual request with no clause cited at all.
The casual framing is the risk, not a relief. Information handed over informally still becomes the basis for a finding, and a finding still arrives inflated at list price. The classic contents are the same in both cases: processor core shortfalls against the core factor table, options and management packs flagged as in use, cluster wide virtualization claims, and Named User Plus undercounts. Treating a review as low stakes is exactly the mistake the soft framing is designed to produce.
What are your rights in an Oracle license review?
Your rights come from your contract, and they apply whatever Oracle calls the exercise. You can agree scope before you start, you can decide what data to provide, and you can take time to verify a finding rather than accept it. None of these rights disappear because the request was friendly.
Running Oracle's collection scripts is a decision, not an obligation, and the scripts can overcount across VMware and other virtualization layers, reading a whole cluster as licensable. The policy documents Oracle leans on, such as the partitioning policy that does not recognise VMware as hard partitioning, are weaker than the signed agreement, and contract language beats policy. Knowing which of your rights are written into your specific agreement is contract dependent, so the agreement itself is the first thing to read, not the script.
What records should you have ready?
The records that decide a review are your entitlements and your deployment, and having them in order before any request arrives turns a scramble into a routine reply. Pull your ordering documents, your Oracle Master Agreement and any amendments, your support renewals, and a current map of where Oracle software runs and who accesses it.
With those in hand you can measure your own position first and compare it to whatever Oracle produces, which is the only way to know whether a finding is right. A buyer who can show a clean, contract based count of their estate negotiates from evidence; a buyer who returned raw script output negotiates from Oracle's number. The timeline of an Oracle audit shows why this preparation pays off.
How should you respond to a soft review request?
Respond to a soft review exactly as you would to an audit: acknowledge, agree scope in writing, and control the data. Do not rush to run whatever was attached to the email, and do not let a single database administrator return raw output on a friendly basis. Route the request to one owner, just as you would a formal letter.
Confirm what is in scope, gather your entitlements, and measure your own position before sharing anything. A line by line review of the eventual finding typically cuts it by 60 to 80 percent, and that work starts the moment the first email arrives, not when a formal letter shows up. The earlier the discipline starts, the more room you have to negotiate from strength.
A worked example
An anonymized retailer received a friendly business assessment request, ran the attached scripts, and returned the raw output. Figures are indicative.
| Approach | What Oracle saw | Result |
|---|---|---|
| Raw script output returned | Cluster wide usage | Inflated finding |
| Scope agreed, data reviewed first | Hosts in scope only | Cut 60 to 80 percent |
The two rows describe the same estate. The only variable was discipline at the first contact, which is the whole point: the soft label changes behaviour, and behaviour changes the bill.
Why does the soft framing work so well?
The soft framing works because it changes who handles the request and how carefully they handle it. A letter that says audit goes to procurement and legal, where caution is the default. An email that offers a free assessment goes to a technical lead who measures their job by being helpful and responsive, and who has no reason to suspect a routine favour will become a seven figure conversation.
It also works because it lowers the perceived stakes at exactly the moment the stakes are highest. The data gathered in a friendly assessment is the same data that anchors a finding, but it is gathered with none of the safeguards a buyer would apply to an audit. By the time the tone changes, the evidence is already in Oracle's hands, and the negotiating position has quietly moved before the buyer realised a negotiation had started.
What does a disciplined first reply look like?
A disciplined first reply is short, polite and non committal. It thanks Oracle for the request, confirms that a single named owner will coordinate the response, and states that the company will review the request and respond on a reasonable timeline. It does not agree to run any script, does not attach any data, and does not accept any characterisation of the estate.
That reply costs nothing and buys everything. It signals that the request is being taken seriously and handled professionally, which removes any pretext for escalation, while keeping every option open. From there the company can read its contract, assemble its entitlements, measure its own position, and decide what to share, all before a single number has been conceded. The discipline of the first reply sets the tone for the entire exercise.
When should you bring in independent help?
Bring in independent buyer side help as soon as the request involves running scripts, sharing deployment data, or any number that could become a finding, and certainly before you return anything. The cost of early help is small against the size of an inflated finding, and the earlier it starts the more room there is to shape scope and data.
Independent help is most valuable precisely when the request feels least threatening, because that is when a buyer is most likely to give away the position. A review of the request, the contract and the estate before any reply turns a friendly assessment back into what it always was, a commercial measurement that the buyer is entitled to control.
The next step
This article is part of our Oracle Audit Fundamentals cluster. Read the pillar, the Oracle audit defense guide, for the full picture, and these related reads: the stages of an Oracle audit end to end, how long an Oracle audit takes. For the engagement, see our Oracle audit defense service and contact us.