What Percentage of Revenues do SAP and Oracle Get from Audits?

Last Updated on March 21, 2021 by Shaun Snapp

Executive Summary

  • Audits are big business for both SAP and Oracle. However, they hide the percentage from customers and Wall Street.
  • In this article, we discuss the percentage of revenues obtained from these audits.


Neither SAP nor Oracle can achieve their revenue objectives using reasonable means — and this is where the software audit comes in. Oracle is taking the form of a highly extractive software audit. SAP has created a false licensing principle called indirect access, a concept that should be tried in a US court but so far has not. Both of these mechanisms are used to extract significantly more from customers than customers expected to pay.

Our References for This Article

If you want to see our references for this article and other related Brightwork articles, see this link.

Lack of Financial Bias Notice: The vast majority of content available on the Internet about Oracle is marketing fiddle-faddle published by Oracle, Oracle partners, or media entities paid by Oracle to run their marketing on the media website. Each one of these entities tries to hide its financial bias from readers. The article below is very different.

  • First, it is published by a research entity.
  • Second, no one paid for this article to be written, and it is not pretending to inform you while being rigged to sell you software or consulting services. Unlike nearly every other article you will find from Google on this topic, it has had no input from any company's marketing or sales department. 

The Percentage of Revenues for Each Vendor Audits

The percentage of revenues that each vendor extracts from customers is a closely guarded secret, and both Oracle and SAP seek to minimize the figure in the popular imagination. One reason is that they want to surprise customers with audits and want the incidence of audits unreported. For example, if we look at the SAP user group ASUG (which is controlled by SAP) and Diginomica (which is paid by SAP), we can identify the media outlets through which SAP gets its word out:

The Drastic Difference from How SAP and Oracle Present Themselves to Wall Street Versus Reality

When it comes to Wall Street, both SAP and Oracle sell themselves as dynamic companies with customers who are very interested in their new products and that they are becoming increasingly cloud (which they are not). Therefore, a significant percentage of their revenues are coerced out of customers is not something SAP or Oracle wants Wall Street to know.

This leads to the question of what it is. Here is the following quote that generally matches what we have heard about the percentage.

An interesting statistic that Oracle gets 94% margins on support. I read an article some time back that the big ones, i.e. including SAP, get ~20% of their revenue from audits and going after their customers.. wonder how much they really make selling their products. Ask anyone who has been around the IT space for a long period of time and I believe you would have a hard time finding many say something positive about the big ERP vendors.., only that they are stuck with them. – Danny Borndal

Where is the Margin for Oracle and SAP?

There is not that much margin in the sale of the items, which is mind-boggling because Oracle and SAP software is exceptionally overpriced. Oracle’s database, its best product, is so overpriced compared to every other competing database (except HANA). It is a marvel how they don’t make that much money on the actual license.

“It’s Time for Your Audit, Sir”

Oracle is the best-known user of audits in enterprise software. And while Oracle proposes legitimate reasons for audits, in reality, Oracle uses audits in the most dishonest way imaginable. Oracle uses audits to control customers and drive them to things that Oracle would like them to purchase. Oracle’s attempts to legitimize their audits are undermined because no other software vendor uses audits in such an extreme fashion as Oracle. No other vendor places triggers in their software that are deliberately designed to be exploited during an audit. Oracle resources endorsing Oracle’s audits illustrate the fundamental corruption of the person attempting to defend such manipulative and abusive practices. An obvious question becomes apparent. If virtually all other vendors that charge far more reasonable prices for their software do not need to perform such audits, why does Oracle claim the right to do so?

So how do Oracle audits work in reality?

Boobie Trapping the Installation

One strategy they use is to boobie trap the installation. We have seen a typical audit scenario that Oracle delivers software with essentially all functionality, default, enabled. The actual bill of material is not relevant. They put the onus on the customer to deactivate the functionality to tie out to the bill. However, few customers do this. Also, few Oracle consulting firms advise their customers to do this. As with the SAP consulting partners market, this is one of the many things that leads us to question who much Oracle consulting partner market looks out for their customers versus looking out for themselves (and for Oracle).

This is covered in the lawsuit against Oracle by Union Asset Management Holdings AG.

Oracle would audit on-premises customers and upon finding violations, would threaten large penalties…unless the customer purchased cloud. Typically, the violation would be organisations caught out by Oracle’s tactic of enabling add-ons by default, and thus being found “using” software they hadn’t purchased.

It is alleged that LMS and the sales teams worked in tandem to identify large accounts and that, in some cases, the sales teams would write letters that the LMS team then sent to customers. Once customers had bought the cloud, LMS would close the file – without even a follow up to review the licensing position. – ITAM

Oracle knows when to audit the customer, as they placed the trap in the installation in the first place. When the audit hits the customer, Oracle will tell the customer something along the following lines.

“Look here this is what you procured yet you have transportation turned on, have you used this module?”

The customer often has no idea. Then the audit starts!

Oracle’s audits attack the entire stack. That is from apps, middleware to the database. Oracle then comes up with a number that conveniently matches/exceeds a sales rep cloud quota. Then the horse-trading starts, and they state something along with the following.

“Your cost is 500k for all this illegal use of software. We’re also going to have to charge you interest based on time of use and this is going to get ugly.”

So a deal is cut.

“Buy 500k Oracle Cloud ANYTHING, and we’ll make this problem go away.”

And then…

“Sign this non-disclosure, and everything is fine.”

The Sequence of Events of an Audit

Let us review the sequence of events.

  1. Set the Audit Land Mine: The problem, in this case, is a landmine that Oracle presets to go off when the audit is conducted.
  2. Complicit Oracle Consulting Partners: Oracle consulting partners are complicit in not informing the customer about the preset landmine. Any Oracle consulting partner that would advise their customer about the landmines in the implementation would put their partnership with Oracle on tenuous ground. This is why companies with a history of helping customers with these types of issues, like House of Brick, are not Oracle partners.
  3. The Audit: Oracle then audits the account, knowing precisely what they will find as they set the landmine.
  4. The Audit Bill’s Determination: The Oracle sales rep works backward from their quota to determine the audit charge.

The solution is then for the customer to buy more software. The customer ends up paying exorbitant compensation to Oracle. The IT department is then motivated to use the software they “purchased” to cover up for what happened.

However, when the sale of the item is reported to Wall Street, it is reported as voluntary. Oracle does not set aside a part of its quarterly analyst calls to state that “40% of our cloud sales were coerced through audits of other products.” There is a lawsuit filed against Oracle for misrepresenting audit lead cloud purchases due to authentic demand at customers, which will be covered in more detail later in the book.

How Big of a Deal are Oracle Audits?

One should consider the seriousness of an Oracle audit concerning what it means for the work effort on the customer. Oracle’s strategy is to drown the customer in paperwork to overwhelm their ability to respond to the audit. When Mars sued Oracle over their audit, Mars claimed that they were required to provide over 233,089 documents over a year period to Oracle.

Mars asserted Oracle lied about the reasons it requested information.

“Oracle demanded information to which it is not contractually entitled regarding servers that do not run Oracle software and Mars personnel who do not use Oracle software,” Mars’ complaint read. “Oracle made these demands under false pretenses under false premises that non-use of software nonetheless somehow constitutes licensable use of software for which Mars owes Oracle.”

As is usually the case, this information is only available because it came out in a lawsuit. Non-litigated audits (which is nearly all of them) stay private. However, why would so many documents be requested by Oracle?

Oracle and VMware

According to Dave Welsh of House of Brick Technologies, this case in 2015 was Oracle’s first litigation on VMware. Oracle did not like this case to be discussed because it shed light on something they would prefer to do in the shadows, which is Oracle’s pricing concerning virtual machines. Dave Welsh proposes that Oracle settled out of court so quickly with Mars because Oracle did not want its claims around Oracle on VMware tested in court. This is because they want to continue to bring these same audits with the same set of assertions against other customers, as his following quote attests.

“I’m sorry that it appears Oracle opted not to appear in court. I’m also not the least bit surprised. In my opinion, Oracle appears interested in trying to see if it can get any more money out of any of its Oracle on VMware customers. It also appears to want to do that without a court’s evaluation.”

And Arthur Beeman, who was the lead counsel for Mars, made the following statement regarding the case’s outcome.

“That filing…represented such a threat to Oracle’s practices as it related to the licensing that there was an agreement to immediately stay the matter… and then eventually there was a settlement and it was dismissed with prejudice less than two months after the filing.”

These are not uncommon experiences. AutoDeploy has experienced the audit scenario above with every one of their customers. It’s a feature of their sales process, not a bug.

The Lawsuit by the City of Sunrise Firefighter Fund

This is corroborated by the lawsuit brought by the City of Sunrise Florida Firefighter Fund that was brought up earlier in the book. The Firefighter Fund is suing Oracle for not disclosing that a portion of its cloud revenue reported as voluntary was anything but. As asserted by the Firefighter Fund, Oracle has been using audits to coerce customers into buying cloud products and not telling investors. All while Oracle has made it appear as if the cloud business has been customers coming to Oracle asking to purchase cloud offerings.

Oracle also misleads customers in its documentation of what the rules are about auditing, which is covered in the following quotation.

“Another area that causes confusion with many Oracle customers is the policy documents that Oracle publishes. Most of these documents (Partitioning Policy, Licensing Oracle Software in the Cloud Computing Environment, Licensing Data Recovery Guide, etc.) are not referenced by the agreement and are thus not binding in your contract with Oracle. The Partitioning Policy document is frequently cited by Oracle to customers running on VMware. Just remember that this document does not contain binding policy. There are some non-contractual documents, however, such as the Licensing Oracle Software in the Cloud Computing Environment (Cloud Environment) policy from Oracle, that are fundamentally different. In this particular document, Oracle is granting additional privileges beyond the contract, rather than restricting them.(emphasis added)”

SAP and Oracle must have been separated at birth!

This is because we found this exact issue with SAP when they released what was supposedly an announcement to ameliorate their customers’ concerns regarding something called indirect access. In a nearly identical pattern to that displayed by Oracle regarding audits, SAP pretended in their announcement to soften their position on indirect access, but instead, which served to claim more restrictive indirect access rules on customers. Brightwork Research & Analysis covered this topic in detail in SAP’s Recycled Indirect Access Damage Control for 2018.

How SAP Uses Indirect Access for Coerce Purchases

As a brief interlude, SAP has perhaps unsurprisingly been using indirect access to force cloud purchases, as is covered in the following quotation from the book SAP Nation 2.0.

“Other customers report “gun to the head” behavior. In a spin-off situation, SAP demanded a hefty assignment fee, but offered an alternate multiyear contract on its cloud products, which the customer did not need. In another such situation, SAP threatened to invoke its “indirect access” clause (a tactic many customers report)-again, the customer was offered a cloud subscription as an alternative.”

Oracle also declares that they may change their license agreements at any time.

“Reliance on such documents may be risky, however, as Oracle expressly points out in the Licensing Oracle Software in the Cloud Computing Environment policy that it is non-binding and subject to change at any time. However, to the extent that Oracle is knowingly publishing extra-contractual documents on which its customers rely by making large investments, an argument can be made that Oracle should be estopped or prevented from changing course down the road, especially if such a change would cause injury to Oracle customers. Whether a court would accept this argument, or find that the customer proceeded at their own risk, is an open question.”- Pamela Fulmer

Audit Software Vendors that are Also SAP Partners?

Unfortunately, for a software company to build audit software for SAP, it must be an SAP partner. This means that it has restrictions by SAP on what it can say and what it can publish. I am in constant contact with many software vendors, and the complaints about SAP interference in what they can say and what they can do are unremitting. I am surprised that SAP would allow software vendors to offer an audit product as it states clearly, for instance, in the promotional video from one of the software vendors that their product.

It ensures that you know more about your SAP system than anyone else, giving you the upper hand in any negotiation or audit.

Why would SAP want that? SAP wants the upper hand. Snow software states that they can

..save 20 to 30% savings on their SAP costs typically within weeks alone.

But again, this is money coming out of SAP’s pockets, and they have the right to decertify Snow or any other software vendor at any time. So if the audit vendor’s statements are true, how are they still certified partners of SAP. What this means is that SAP has a say as to how the software vendor’s software works. SAP can and will threaten the software vendor with the removal of their SAP Certification, which would impact that software vendor’s ability to exist.

If I compare how the SAP partnership agreement is used with other vendors, SAP will use it to neuter the vendor’s marketing so that everything the third-party vendor releases is consistent with the needs of SAP.

How the Total Costs are Hidden from SAP & Oracle Customers

A big part of the on-premises software model is that costs are hidden. It is a curiosity to participate in sales support and to see executives spend so much time focusing on the initial purchase cost when the initial purchase cost is such a small percentage of the overall TCO of an on-premises application or database.

With SAP and Oracle, costs are always hidden to the degree possible.

As with other on-premises purchases, the costs are absorbed as part of the overall IT budget. Costs don’t ever seem to decrease with SAP or Oracle. SAP and Oracle customers typically have their IT budgets overconsumed by SAP and Oracle, and this leaves areas unaddressed because SAP and Oracle don’t offer everything necessary to run a company, or at the very least, to run it well.


Both SAP and Oracle have a strategy set up around auditing or applying indirect access to their customers. Furthermore, both vendors have what amounts to fake purchases because auditing fees and indirect access fees are paid through purchasing software — often software that is unwanted and ends up unused. That is, neither SAP nor Oracle has a line item on their income statements that say “audit income” or “indirect access income.”

Both companies are pleased to have Wall Street think that every dollar paid to these companies is voluntary on the part of their customers.