Procurement compliance. Meeting your own rules.

An Oracle deal that saves money but breaks your own procurement policy is a problem waiting to surface. The buyer that keeps the purchase compliant with internal approval thresholds and audit trails protects both the saving and the people who signed.

Procurement compliance, the discipline of keeping an Oracle purchase consistent with the organisation's own procurement policy, is frequently overlooked in the pressure to close an Oracle deal, and the oversight can create problems that surface long after the deal is signed. The organisation's procurement policy establishes the approval thresholds, the competitive requirements, the documentation standards, and the controls that govern significant purchases, and an Oracle deal that breaks these rules, however good the price, exposes the organisation and the individuals who signed it to internal and external scrutiny. The customer that keeps the purchase compliant protects the saving and the people who made the decision.

This article walks through Oracle procurement compliance. The approval thresholds and the delegation of authority. The competitive requirements in the policy. The documentation and the audit trail. The conflict and the independence requirements. The risks of non-compliance. The framework helps a procurement team keep an Oracle purchase compliant with its own rules.

The approval thresholds and the delegation of authority.

The approval thresholds and the delegation of authority determine who must approve an Oracle purchase, and an Oracle deal frequently crosses thresholds that require approvals the deal team must not skip. The organisation's policy establishes the spend thresholds that require approval at successively higher levels, the department head, the finance function, the executive committee, and the board for the largest purchases, and a significant Oracle deal frequently crosses several of these thresholds. The customer that closes the deal without the required approvals, however good the price, has made a purchase that does not have the authority behind it.

The delegation of authority should be mapped to the Oracle deal early, so the deal team understands which approvals the purchase requires and obtains them before signing. The pressure of the period end deadline can tempt the deal team to close before the approvals are in place, intending to obtain them after the fact, but the deal closed without authority is a compliance failure regardless of the intent to remedy it. The customer that maps the approvals early and obtains them before signing keeps the purchase within the delegation of authority. The approval thresholds are not an obstacle; they are the authority behind the deal.

The structural response is to map the approval thresholds to the Oracle deal early and obtain the required approvals before signing. The buyer that obtains the approvals keeps the purchase within authority. See the sourcing procurement pillar and the quarter end tactics article.

The competitive requirements in the policy.

The competitive requirements in the procurement policy frequently mandate a competitive process for significant purchases, and an Oracle deal that skips the competitive process can breach the policy even where a competitive alternative seems impractical. Many procurement policies require a competitive process, an RFP or a documented comparison of alternatives, for purchases above a threshold, and an Oracle purchase that proceeds as a sole source deal without the documented justification can breach the requirement. The customer that understands the competitive requirements can satisfy them, whether through a genuine competitive process or a documented justification for a sole source.

The competitive requirements serve the organisation's interest in obtaining value and avoiding the appearance of favouritism, and the Oracle deal should satisfy them in substance as well as form. Where a genuine competitive process is practical, it both satisfies the policy and creates the competitive tension that drives the saving. Where a sole source is justified, the justification should be documented to satisfy the policy. The customer that satisfies the competitive requirements protects the deal from the challenge that it was not properly competed. See the RFP process design article.

The structural response is to satisfy the competitive requirements, whether through a genuine competitive process or a documented sole source justification. The buyer that satisfies the requirements protects the deal. See our new license procurement service and the database licensing deal type page.

The documentation and the audit trail.

The documentation and the audit trail are the evidence that the Oracle purchase complied with the policy, and the absence of the documentation can make a compliant deal appear non-compliant. The procurement policy frequently requires the deal team to document the decision, the alternatives considered, the approvals obtained, and the rationale, and the documentation is the audit trail that defends the decision in a later review. The customer that closes the deal without the documentation, however compliant the process, cannot demonstrate the compliance when the review comes.

The audit trail should be built during the process rather than reconstructed after the fact, capturing the decision, the alternatives, the approvals, and the rationale as they happen. The documentation built during the process is contemporaneous and credible, while the documentation reconstructed after the fact is incomplete and suspect. The customer that builds the audit trail during the process can demonstrate the compliance of the decision when the review comes. The documentation is the defence of the decision. See the procurement documentation standards article.

The structural response is to build the documentation and the audit trail during the process, capturing the decision, the alternatives, the approvals, and the rationale as they happen. The buyer that builds the audit trail defends the decision. See the Oracle Negotiation Playbook white paper and the Oracle Database product page.

The conflict and the independence requirements.

The conflict and independence requirements in the procurement policy govern the relationships that can compromise the integrity of the purchase, and an Oracle deal should be examined for the conflicts the policy addresses. The policy frequently requires the deal team to disclose conflicts of interest, to maintain independence from the vendor, and to avoid relationships that could compromise the decision, and the Oracle deal should satisfy these requirements. The customer that proceeds without examining the conflict and independence requirements can create a compliance failure that undermines the integrity of the purchase.

The independence requirements also support the value of bringing in an independent advisor, because the independent advisor sits on the buyer's side without the conflicts that can compromise the decision. The independent advisor that takes no referral fees from Oracle, that has no interest in the products sold, and that is compensated only for the buyer's saving provides the independence the policy values. The customer that engages an independent advisor satisfies the independence requirements while improving the deal. The conflict and independence requirements protect the integrity of the purchase.

The structural response is to examine the conflict and independence requirements and to satisfy them, including through the engagement of an independent advisor. The buyer that satisfies the requirements protects the integrity of the purchase. See our contract review service and the how it works page.

The risks of non-compliance.

The risks of procurement non-compliance are real and frequently surface long after the deal is signed, and the customer that understands the risks gives the compliance the attention it deserves. The deal that breaks the approval thresholds, skips the competitive requirements, lacks the documentation, or ignores the conflict requirements can be challenged in an internal audit, a financial review, or an external examination, and the challenge can expose the organisation and the individuals who signed it. The risk is not merely theoretical; the non-compliant deal is a liability that can surface at the worst time.

The customer that keeps the Oracle purchase compliant protects against these risks, ensuring the deal has the authority behind it, satisfies the competitive requirements, is properly documented, and respects the conflict requirements. The compliance discipline costs little when it is built into the process and a great deal when it is skipped, and the customer that builds it into the process protects the saving and the people who made the decision. The risks of non-compliance are avoidable, and avoiding them is part of a well run Oracle purchase. See the sourcing procurement pillar for the broader framework.

The structural response is to keep the Oracle purchase compliant with the organisation's procurement policy, protecting against the risks of non-compliance. The buyer that maintains compliance protects the saving and the people. See the order document negotiation article and the ULA deal type page.

Compliant deals survive review.

The Oracle purchase that complies with the organisation's own procurement policy survives the internal and external review that an off-policy deal does not, and the compliance protects both the saving and the people who made the decision. The approval thresholds, the competitive requirements, the documentation, and the conflict requirements each protect the integrity of the purchase, and the customer that satisfies them keeps the deal defensible. The off-policy deal is a liability waiting to surface. The compliant deal survives the review and protects the value.

For the broader framework see the sourcing procurement pillar and the procurement documentation standards article.