So far in parts I and II of this SAM blog series, we’ve been setting out the case for why SAM needs continual improvement. We’ve explored the benefits of being closer to the business as well as the advantages to be had from better sweating assets and releasing funding for IT projects. In part III we turn our attention back to the management of risk and software audits.
The uncomfortable truth about software reviews is that only very rarely are they a one-time experience. Just yesterday I responded to a tweet from a SAM professional in the UK joking that since he’d just been contacted by us, should he expected his next software audit demand?
The tongue-in-cheek remark was made as, by pure chance, his last audit request had come after a similar contact. We know the much-touted figure that upwards of 65% of organizations can expect to be on the receiving end of a software audit by at least one vendor in a 12-month period.
So, it stands to reason that your first software review won’t be your last!
To have a more harmonious audit experience
Practice makes perfect, or so the saying goes. Having gone through what was inevitably a pretty painful first audit, it only makes sense to keep in mind that future audits will come and that it will pay dividends to be prepared. Being able to systematically collate and interpret all required data in support of all installed software should be the mantra of any SAM team.
Continual improvement supports the notion of lessening that pain: rather than only preparing Effective Licensing Positions (ELPs) or compliance reports when they are demanded by a vendor or industry watchdog; making this a scheduled activity will actually give the SAM team and the wider set of stakeholders a better understanding of the changing nature of license procurement and software usage across the IT estate. This has the knock-on effect of forcing the SAM team to ask whether it is taking advantage of the best licensing options, or if there is opportunity to optimize software deployments before the next audit comes along.
This will help ensure that not only is the organization prepared when the inevitable audit comes, but that it actually has the upper hand in any subsequent negotiations. Getting as close as possible to a push-button production of a compliance report through your SAM suite should act as a driver for ensuring Continuous Improvement is adopted as a primary SAM team work ethic. All of which should, as the section title suggests, lend itself to a more harmonious audit experience. It means less disruption and pain for the end user organization, and a faster, cleaner engagement for the vendor.
Just don’t ask the vendor if it was ‘good for them?’ when you come to the negotiation table armed with evidence that you could be getting a better deal!
To Mitigate Risk
Very much the flip-side to the benefit above, but still worthy of investigation in its own right. Software Asset Management is always going to encompass the management of risk – guarding against over-spend as much as compliance failures.
But in extreme cases, the risks involved in software can even include threats to the organization’s ability to function. Within the SAM community, there is the ‘famous’ case of Tibco versus Bank of America, where the software company went as far as to apply for a court injunction to immediately prevent the bank from using its software (Tibco alleged that the Bank had been using $300-million worth of its software illegally). That’s an extreme case, but if you want to scare your CEO, it’s probably not a bad one. The simple fact is that nearly every organization is now reliant on software for its day-to-day activities.
Without software, we simply cannot function. So to have that particular rug pulled from under you is just untenable. On a slightly less scaremongering note, the level and type of risk changes as vendor licensing and user consumption habits change – hence we return to the need for continual review and improvement of the SAM framework. Indirect licensing is probably a great example of this. I’d go as far as to say the majority of organizations that use real ‘enterprise applications’ now also have some level of indirect usage going on.
But are they managing it properly? I’d hazard a guess that those making efforts to monitor and manage their indirect usage for SAP and other vendors are in the minority. We're already starting to see some vendors take an increasingly aggressive stance on indirect usage in audits. So, we have two sides of the same coin. On the one hand, SAM improvements can smoothen the audit experience, while on the other they are crucial to managing evolving risks.
That’s it for this penultimate part of this blog series. Next time, we’ll round off with a look at how SAM can create competitive advantage.
If this blog has led you to ask questions about your own SAM program, why not speak to one of our licensing experts and see how you rank for Software Asset Management maturity?