An Overview of a recent Software Asset Management (SAM) and Compliance Consultancy from Australia.
Smartpath SAM Services is an Australian based specialist Asset Management consultancy. Smartpath recently completed a SAM and License Software Compliance consultancy for a major Australian Stock Exchange (ASX) listed company, the results of which has transformed the way in which the company now views its software assets.
The perception seems to be that the larger the organisation, the more advanced that company will be in its software procurement, the management of its software assets and its compliance responsibilities. After all, it stands to reason that large companies have the financial means to adequately resource all areas of their business and that senior management is aware and on top of any potential business risks. Right? Wrong!
The reality is, at least as far as SAM is concerned, senior management and boards are not yet aware of the risks associated with poor SAM practices and the potential risks of using unlicensed software. These risks are more around the monetary costs to the company of achieving a compliant position once under-licensing has been identified, which are not provisioned in operational budgets, and which can severely impact profitability levels.
In addition, software vendors may seek damages including:
- Copyright infringement – Unlicensed reproduction of the software;
- Compensatory – For the benefits derived by the business in using the vendor’s software which the business didn’t own;
- Other damages – eg. a deliberate and flagrant course of conduct by making the infringing copies and using them for business purposes.
Collectively, it becomes not only a cost issue but potentially a significant reputational one as well.
Fortunately, whilst Smartpath’s consultancy identified that the ASX listed company was in excess of a $AUD1,500,000 (~ $US 1,200,000 ) under-licensed, no damages were sought by the vendor. Unfortunately, this should never have happened in the first place and may not have if proper and robust SAM practices were in place that had the support and visibility of senior management and the board.
On commencement of the consultancy, the company was found to have approximately 1600 computers comprising desktops, laptops and servers.
The inventory tracking tool, SMS, was found to be over 90% deployed across the IT estate. However, the tool was being used to identify hardware and the license management feature, which could have recorded owned licenses, was not being used. Instead, there were separate and multiple Excel spreadsheets being used by various parts of the business in an attempt to record software usage, which failed catastrophically because critical information was not centralised or reconciled and no one had overall responsibility for keeping the information up to date.
In addition, Smartpath established that the company had a Standard Operating Environment (SOE) which was pushed out to new personnel that the company had acquired and when refreshing hardware. However, because there was no visibility of licenses owned the SOE was pushed out progressively to new employees and refreshed computers without the correct and corresponding licenses. Smartpath established that in fact the company only had a 108 license entitlement in a specific application but yet it had been deployed to an additional 1300 devices for which no licenses were owned.
As a consequence, the company could only produce a very small amount of Proof of License (POL) documentation, which ultimately contributed to the $AUD1,500,000 under-licensing gap.
Smartpath identified the following key areas of deficiency that contributed to the significant under-licensed amount:
- Knowledge of SAM was very limited within the organisation
- IT policies and procedures were basic, not updated and not communicated throughout the organisation
- The company had been very active in acquiring businesses that were already under-licensed and had not undertaken due diligence in relation to licensing risks
- The company utilised MS SMS but only to identify hardware and software assets. No software reconciliations were undertaken with owned license documentation, which resulted in no visibility of applications that were being used but for which no licenses existed
Since the consultancy, the company has gone through an overhauling of the way in which it manages its software and hardware assets and has allocated specific SAM responsibilities throughout the company to implement and manage a SAM practice. Smartpath made a number of remedial recommendations following the consultancy and outlined a SAM blueprint in line with the requirements of the ISO 19770-0 Standard.
About Martin Thompson
Martin is also author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management.
On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
Learn more about him here and connect with him on Twitter or LinkedIn.