What records does OpenText copy in a COBOL audit
An audit is also a data collection exercise, and what leaves the building shapes the finding. Knowing what records OpenText copies in a COBOL audit, and on what authority, lets a buyer control the flow rather than hand over an open ended dataset that a finding can then be built against in the worst possible light.
OpenText gives seven days notice before an audit and, under its agreements, the right to copy relevant records. Visual COBOL and Enterprise Server reached the estate through the Micro Focus acquisition that closed on January 31, 2023, and are governed by the Additional License Authorizations. The records a COBOL audit reaches for are the ones that establish how the software is deployed and how much capacity it uses, but the word relevant is doing a great deal of work in that sentence, and the difference between a controlled, relevant disclosure and an open ended one is often the difference between a defensible finding and an inflated one.
The right to copy and its limits
The right to copy is a contractual right, not an unlimited one. It extends to records relevant to verifying the licensed use of the product, which for COBOL means deployment and capacity information rather than the entire contents of a data centre. A buyer who treats the right as unlimited, and exports whole system images, unfiltered configuration dumps, and logs spanning every environment, gives the audit a larger surface than it is entitled to and a larger one than the workload justifies. Controlling the channel through which records flow, the single controlled channel that the Respond phase establishes, is what keeps the disclosure relevant and bounded.
What a COBOL audit typically reaches for
The records a COBOL audit commonly seeks fall into a few categories, and each has a defensible scope.
- Deployment inventory. Where Visual COBOL and Enterprise Server are installed, which feeds the development against runtime distinction in runtime versus development license counting for COBOL.
- Capacity data. Core counts, host specifications, and where relevant MIPS or workload figures, the metrics examined in what is an Enterprise Server core license metric.
- Seat and user records. Developer assignments relevant to the seat counting in Visual COBOL development seat counting traps.
- Environment designations. Which deployments are production against test, tying to COBOL non production and test environment scope.
- Entitlement records. The buyer's own contracts and order documents, which the buyer should reconcile first.
The right to copy is bounded by relevance. A finding built on an open ended export will count everything the data shows; a finding built on a relevant, controlled disclosure can only reach what the workload justifies. The scope of the copy sets the ceiling on the finding.
Why the data flow decides the finding
A finding can only assert what the records support. If a buyer exports raw capacity data for every host without distinguishing which run COBOL, the finding will count them all, and the burden falls on the buyer to subtract afterward. If instead the disclosure is reconstructed first, so that only relevant, accurately labelled records reach the channel, the finding starts from a defensible base. This is why the firm reconstructs the position before any vendor measurement script runs, the discipline set out in reconciling COBOL entitlements before an audit. Controlling what is copied is not obstruction; it is ensuring the data describes the workload accurately rather than overstating it.
The four Rs applied to disclosure
The defense treats disclosure as part of the method. Respond inside the seven day notice window by taking over first contact and establishing a single controlled channel through which all records pass, so nothing reaches the vendor unmanaged. Reconstruct the relevant dataset by labelling every record with its environment and its workload before it is shared, so capacity is attached to the COBOL that uses it. Rebut any finding that rests on records outside the relevant scope or on data the buyer can show was misclassified. Resolve on terms that define what future audits may copy, narrowing the open ended right to a workable scope. The same controlled posture underlies the broader process in how OpenText measures COBOL usage in an audit.
In a recent engagement
In a recent COBOL engagement, an initial disclosure had included raw capacity exports for an entire server estate, only a portion of which ran Enterprise Server. The finding counted the full estate. The defense reconstructed the dataset, labelling each host by workload and environment, and showed that most of the counted capacity carried no COBOL at all. Set against the corrected, relevant records, the finding fell to the capacity the workload actually occupied. The reduction was characteristic of the firm's record across more than 200 defended audits, contributing to the 68 percent average reduction and the more than $90M in claims mitigated against vendor positions.
Controlling the copy before the finding forms
The practical lesson is that the time to control what is copied is before the records leave, not after the finding arrives. Because the noncompliance remedy is priced at then current list, with back maintenance and audit cost recovery stacked on top, every irrelevant record that inflates the count multiplies a charge the buyer then has to argue back down. A relevant, controlled, accurately labelled disclosure keeps the finding anchored to the workload from the start. To have the records flow in a COBOL audit controlled and the disclosure kept relevant, open a case.
Keeping the buyer's own records ready first
Before any vendor record is copied, the buyer's own entitlement records should be assembled and understood, because they set the baseline every disclosure is measured against. Order documents, contracts, and the Additional License Authorizations define what the buyer is entitled to, and a disclosure made without that baseline in hand invites a finding to define the position unilaterally. The firm reconstructs the entitlement first, so that when records are shared they are shared against a known position rather than into a vacuum. A buyer who knows the baseline can keep the disclosure relevant and can recognise immediately when a finding reaches beyond it; a buyer who does not is left reacting to whatever the finding asserts, with the scanned data already in the vendor's hands and the burden of subtraction already shifted onto the buyer.
Is an open ended export about to set your COBOL finding?
We establish a single controlled channel for records, reconstruct a relevant and accurately labelled dataset, and keep the disclosure bounded to what the workload justifies. To get a defense team on the file, open a case or download the guide to reading the Micro Focus ALAs.
Get The Number Down →Related field notes
These notes from the COBOL and Enterprise Server mainframe audit defense cluster cover disclosure, scope, and the measurement that follows. Each links back to the complete OpenText audit defense playbook for 2026.
- how OpenText measures COBOL usage in an audit
- reconciling COBOL entitlements before an audit
- runtime versus development license counting for COBOL
- COBOL non production and test environment scope
- Visual COBOL development seat counting traps
If an OpenText or Micro Focus audit notice has arrived, the first seven days matter more than any week that follows them. OpenText Audit Defense is an independent, buyer side practice founded in 2020 by former vendor compliance leadership. We have defended more than 200 audits, reduced the average finding by 68 percent, and mitigated more than $90M in claims against vendor positions. We do not resell OpenText software and we are not affiliated with OpenText Corporation. To open a case, use the contact form on this site.