This is the second in a series of three blogs which covers the topic of third party risk. Last time we looked at performing contract compliance inspections of the third parties that you engage with. But what about your organisations compliance with its contractual obligations to third parties? In this blog we explore the area of Software Asset Management (SAM) in more detail, the benefits of good SAM and considerations when building an internal SAM capability.
We are aware through our relationships with major software vendors that their level of audit activity is on the increase, both in terms of new compliance programmes being set up by software vendors who did not traditionally perform this type of activity, as well as those software vendors with more mature compliance programmes using innovative means and technologies to identify non-compliance These compliance programmes frequently result in millions of pounds worth of fines for customer organisations as a result of weak governance, poor management and limited monitoring of software assets.
For example, a national financial services provider was recently handed a multi-million pound fine as a result of failing to ensure it properly reconciled its software deployments with purchased licence entitlements.
In response, we have seen a notable increase in businesses developing SAM capabilities in order to increase efficiencies across the business and reduce the IT bill. For example, Gartner suggests that active management of software assets can deliver savings of around 30% of the value of the software across the lifespan of the software (typically three years).
Furthermore, active SAM can result in the added benefit of reducing exposure to large fines as a result of vendor audits. This is particularly important as significant settlements are common; however by taking a pro-active approach to SAM organisations can derive greater value from their software investments.
The first step towards effective SAM is to obtain a complete view of all software deployed or installed and perform a comparison against actual use by individual users. Following this analysis, deployment and usage statistics can then be mapped to license agreements to identify compliance with license agreements.
However the key value in good SAM is not just to identify current non-compliance, but to develop strong internal controls and processes to effectively manage software on a continuous basis, leading to strong governance and a reduction in risk across the software library.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
