Software Asset Management: ‘The Upstream Challenge’

action boat canoe clouds
Photo by Roman Pohorecki on

For many organizations, the initial impetus to discuss software asset management is the receipt of an audit notification communication from a software publisher.  This sets-off a predictable series of events as IT and Financial executives grapple with the impact of the pending audit. The steps are:

First Step: Immediate action to reduce audit impact

  • Executives quickly assemble to discuss options and realize there is significant exposure. During these conversations, the lack of supporting data and evidence to confirm deployment with entitlement levels emerges. The decision is quickly made to secure expert support from one of the many experts that can help reduce penalties.

Second Step: Realization that there may be others in the queue

  • As IT and financial executives come to the realization that there is little evidence to support or challenge the audit, the question quickly turns to the broader software asset estate.
  • Upon completion of audit negotiations or in parallel, organizations engage a partner to scan their environment, align consumption with entitlements and identify gaps. Quantifying potential exposure.

Third Step: Question what steps need to be taken to eliminate this exposure and prevent this from future occurrence

  • Typical focus is on defining the appropriate entitlement management, deployment controls, and process workflows by which the asset is managed. In addition, identification of a platform to dynamically ping the environment and quickly identify areas of non-compliance.
  • In essence, establish a Software Asset Management organization and operation by which software assets are efficiently and actively managed in the environment.

What would be the benefit if we reversed the process? Instead of ‘swimming upstream’ why not establish a SAM mindset in anticipation of an audit?

Be prepared with a comprehensive software asset management operation. Once established, when audit notification arrives you can comfortably ‘go with the flow’!

Software Asset Management – Audit Susceptibility

CoverSusceptibility is defined as ‘the state or fact of being likely or liable to be influenced or harmed by a particular thing’.

In the case of a software audit, Susceptibility is the likely severity, disruption and extent of financial exposure a firm may experience in the event a software publisher issues an audit notice. Negotiating the reduction or elimination of software audit findings, while valuable, is NOT Software Asset Management.

Effective SAM requires careful orchestration, monitoring and entitlement management. SAM encompasses successful alignment of policy, procedures, controls, procurement, IT and PMO processes with rapid infraction identification. Properly executed, SAM not only minimizes audit exposure, it delivers efficiency of software investment.

Like regulators such as the OCC, CFPB and others examining compliance, software publishers produce significant Third Party Risk exposure requiring proactive and dynamic management. The TPRM Forum is pleased to share the introduction of the Audit Susceptibility Index assessment designed to help SAM operations identify the actions and tactics to mature their operations and establish enhanced productivity and efficiency.

For additional information on how we can support your SAM needs, please use the CONTACT page.