Why self assessment is the best audit defence
Every other element of audit defence is reactive: it manages an audit Oracle has already started. A self assessment is the one proactive move, and it is the most powerful, because it changes the customer's position before Oracle ever sends a letter. A gap discovered internally is a planning problem, fixable through a negotiated purchase or a configuration change at ordinary commercial terms. The same gap discovered in an audit is a leverage problem, priced at list with backdated support attached, as the financial exposure guide sets out.
The difference in cost between these two is enormous, and it is entirely a function of who finds the gap first. Self assessment is, in effect, the act of finding your own gaps so Oracle cannot find them for you at a premium. It also transforms the psychology of an audit: a customer who already knows its position responds to a notification with a settled number, not a scramble, which is exactly the calm the audit defence pillar is built around.
For organisations that have never done one, the first self assessment is often revealing in both directions. It surfaces genuine gaps that can be closed cheaply, and it also surfaces over compliance, places where the organisation holds more entitlement than it uses and could rationalise spend. Both findings are valuable, and both are only available to a customer who looks before Oracle does.
Building an effective licence position
The central artefact of a self assessment is the effective licence position, or ELP: a reconciled view of entitlement against deployment. On one side is everything the organisation is entitled to use, drawn from its contracts, ordering documents, and amendments. On the other is everything it actually has installed and uses, drawn from its own deployment data. The ELP is the difference between the two, expressed in the units each contract actually uses, processors, named users, employees, or application users.
An effective licence position is simply knowing your own answer before Oracle proposes theirs. Everything in audit defence is easier once you hold that number.
Building the ELP correctly requires applying each contract's metric and definitions precisely, the same discipline used to challenge an audit finding. A processor count must apply the core factor table; a named user count must respect minimums; an application user metric must be read against its definition. Getting these right is what makes the ELP credible, both as an internal planning tool and, later, as the position from which the customer challenges Oracle's measurement during the LMS audit process.
What are the steps of a self assessment?
A self assessment follows a clear sequence. First, assemble the entitlements: gather every contract, ordering document, and amendment, and map which agreement governs which deployment. Second, collect deployment data using the organisation's own tools, capturing what is installed, where, and how it is used, including database options and management packs that are easy to enable inadvertently. Third, apply the contract metrics to the deployment data to produce the position. Fourth, identify the gaps and the over compliance. Fifth, quantify each gap as a remediation cost and a risk.
| Step | Input | Output |
|---|---|---|
| 1. Assemble entitlements | Contracts, ordering docs, amendments | Entitlement baseline by agreement |
| 2. Collect deployment data | Own discovery tools and records | Installed and used inventory |
| 3. Apply metrics | Contract definitions and core factor | Usage counted in contract units |
| 4. Reconcile | Entitlement vs usage | Effective licence position |
| 5. Quantify gaps | The ELP shortfalls and surpluses | Prioritised remediation plan |
Throughout, the data stays internal. A self assessment uses the customer's own information and, ideally, independent advisers; it never involves Oracle's scripts or staff, and Oracle has no visibility into it. This is the inverse of an audit, and it is precisely the privacy that makes the exercise safe and valuable, a principle aligned with the data minimisation guide.
What to do with the gaps you find
A gap found internally can be closed in ways an audit gap cannot. The cheapest is often remediation: removing an inadvertently enabled option, decommissioning unused deployments, or reconfiguring an environment so it falls within entitlement. Where genuine additional usage is needed, the gap can be closed through a planned purchase negotiated at ordinary commercial terms, without the list pricing and back support that an audit attaches. Where the assessment reveals over compliance, the organisation can rationalise, reducing support on shelfware or reshaping the estate at renewal.
The common thread is choice. Finding the gap early gives the organisation the freedom to choose the cheapest remediation and the right timing, rather than being presented with a finding and a bill. This is why the cost of a self assessment is trivial against the savings it produces, and why the audit defence service treats it as the foundation of readiness rather than a reaction to a letter.
How often to reassess
A self assessment is not a one time project; deployments change, contracts accumulate, and options get enabled, so a position that was clean a year ago may not be today. A sensible cadence is an annual full assessment, with lighter interim checks triggered by significant events, a major deployment, a virtualisation change, a merger or divestiture, or an approaching renewal. The goal is that the organisation always knows its position closely enough that an audit notification holds no surprises.
This continuous readiness is what separates organisations that treat audits as routine from those that treat them as crises. The licence compliance guide develops this into a maturity model, and the practical effect is simple: a customer that reassesses regularly is never measured by Oracle on ground it has not already mapped itself.
The buyer side view
Self assessment is the cheapest and most powerful audit defence there is, because it changes who finds the gap first. The customer who builds an effective licence position, reconciles entitlement against deployment in the contract's own units, and reassesses on a regular cadence enters every audit already knowing its number and has the freedom to fix gaps cheaply on its own terms. The customer who waits to be measured by Oracle discovers its gaps at list price with back support attached.
Find your own gaps before Oracle does, and keep finding them. Read the financial exposure guide to understand what a gap costs once Oracle finds it, the LMS audit process guide to see how the ELP defends you in a live audit, and the audit defence pillar for the complete approach.
Oracle licence self assessment: frequently asked questions
What is an Oracle effective licence position?
An effective licence position, or ELP, is a reconciled view of what an organisation is entitled to use under its Oracle contracts versus what it actually has deployed and used. It is the central artefact of a self assessment and the foundation of any credible audit defence, because it lets the customer know its position before Oracle measures it.
Can a self assessment trigger an Oracle audit?
No. A self assessment is an internal exercise that Oracle has no visibility into and no involvement in. It uses the customer's own data and, ideally, independent advisers, not Oracle's scripts or staff. It reduces audit risk by letting the customer remediate gaps privately before any audit, rather than discovering them under Oracle's measurement.
Should you remediate gaps found in a self assessment?
Usually yes, but on your terms. A gap found internally can be fixed through a planned, negotiated purchase, a redeployment, or a configuration change, all far cheaper than the same gap surfaced in an audit with list pricing and back support attached. The point of finding gaps early is the freedom to fix them cheaply.