Home / Case Studies / Oracle LMS Audit Settlement
OracleBankingLMS Audit2024 Engagement

Audit finding cut from $11.4M to under $2.3M. Eight months. One position paper.

A European bank received an Oracle LMS audit notification at the start of the year. The opening finding ran to $11.4M and assumed worst-case licensing of database options and VMware-hosted virtualisation. We took the engagement at the point the bank was deciding whether to negotiate, settle, or escalate. The final settlement closed at $2.3M with a documented scope agreement that constrained the next audit cycle.

Legal and finance professionals reviewing documents
$9.1M
Reduction from opening finding
80%
Audit exposure removed
8 mo
From notification to settlement
3 yr
Scope agreement
The audit going in

An $11.4M opening number built on assumption.

Oracle LMS opened with a finding that combined three assertions: database options were in use across more cores than were licensed, the virtualisation platform meant every host in the cluster needed full licensing, and several non-production environments had been counted as production.

None of the three assertions were obviously true. None of them were obviously false. The bank's internal team had no LMS audit experience and no time to build the evidence pack while running the rest of their year.

  • Three contested assertions. Each one worth between $2M and $4M of the finding.
  • No internal owner with prior LMS audit experience.
  • An informal “commercial settlement” was already on the table at $7.8M as a quick close.
Oracle LMS's opening position

Settle the number. Buy the cloud credits.

The proposed path forward was a commercial settlement of $7.8M with the remaining liability convertible into OCI credits. The implicit message was that contesting the finding would only make the number larger and the relationship harder.

What we flagged

An LMS settlement that converts liability into OCI credits is a re-priced sale, not a resolution. The bank had no OCI roadmap, no committed migration, and no use case that would consume the credits inside their useful life.

The work

Eight months. Four phases.

Audit defence is a different discipline to renewal. The work was sequenced phase by phase, each one building the evidence base for the next.

1. Scope containment

We worked with the bank's legal team to narrow the audit scope to the contractual entitlement to audit. Non-production environments were excluded by reference to the contract. The cluster-wide virtualisation assertion was contested in writing on day eleven.

2. Deployment evidence

The bank's DBA team produced installation evidence per database, per environment. We built the bridge between what was installed and what was running. Of the contested database options, only two were in active use; the others were installed but never enabled.

3. Position paper

We wrote a thirty-page position paper that documented the bank's read of the contract, the evidence, and the three assertions where Oracle's finding could not be supported. The paper went into the third settlement round.

4. Settlement terms

The settlement closed at $2.3M cash, no OCI credits, no roadmap commitments, and a written scope agreement for the next audit cycle that restricted re-opening the same assertions.

Lesson

The first number in an LMS audit is rarely the right number. The settlement is determined by the bank's evidence pack and the written contract — not by the audit team's spreadsheet. Independent defence inside the first eight weeks moves the case base several million dollars.

The settlement

Cash, scope, and a quieter next cycle.

The bank settled at $2.3M cash. Oracle accepted the evidence pack on the virtualisation assertion. The non-production scope question was closed out in writing. A three-year scope agreement defined what the next LMS engagement would and would not cover.

$9.1M
Reduction
From the $11.4M opening finding to a $2.3M cash settlement.
0
OCI credits
No conversion into cloud commitments the bank had no plan to consume.
3 yr
Scope window
Written constraints on the assertions that can be re-opened in the next audit cycle.
“The temptation to settle at eight million was real. The advisor's first question was whether we knew which of the three assertions we actually disputed. Once we had that answer the rest was a much smaller conversation.”
Head of IT Procurement · European banking group · Anonymised by client request
Related resources

More on Oracle audit defence.

Service

Audit Defence

Independent representation when Oracle LMS or any vendor's audit team is at the table.
Vendor practice

Oracle Negotiation Practice

How we advise on Oracle ULAs, audits, database and middleware licensing.
White paper

Oracle ULA Exit Playbook

The certification-stage decisions that determine whether an ULA exits or compounds.
← Back to all case studies

Received an Oracle LMS audit notification?

Tell us the notification date and the in-scope products. We will respond within one business day with the lead and the most relevant precedent.

Contact Us →Audit defence