Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to manage the risks and costs of software compliance

Bruce Harpham | Feb. 25, 2016
Software compliance can be a tricky – and expensive – challenge for most IT leaders. Luckily, tech solutions let you manage software assets.

“Software audits often come in different forms. For example, I have seen software audits from vendors come across as information requests or reviews. When a company responds to these requests without specialized advice, there is a lost opportunity to control costs. I worked with one client on such a request recently where we could have negotiated a limit to scope of the audit. Unfortunately, that discussion did not take place and the audit is now applicable to the client’s operations around the world,” Machal-Fulk says

Timing makes a major difference in seeking legal advice. “Once data is released to the vendor, the user’s ability to negotiate and adjust the scope of the audit is reduced,” Machal-Fulk says. Knowing when to involve legal experts is a matter of a professional judgement. Using the organization’s spending authorization as a guideline is helpful. For example, if the organization requires executive approval on contracts over $100,000, then one can make a case to involve legal experts in those situations.

Building a software asset management program

IT managers seeking to benchmark their approach against best practices have several options. The ISO 19770-1:2012 standard (known as the “SAM Standard”) lays out a framework to manage software assets. “The ISO standard is helpful yet it can be difficult to understand,” says Rodger Correa, Director of Program Coordination for the Americas at the Business Software Alliance (BSA). “BSA has published resources to guide IT staff through the software asset management process,” he says.

For organizations with complex software arrangements, seeking a third party review may be helpful. “The Verafirm process provides a third party review and certification of an organization’s software asset management process,” Correa says. “We launched this program in Asia first and it has been very popular in India and Thailand,” he says.  The only downside to this program is the cost and duration – the certification process takes six to twelve months depending on the situation/

Selecting a technology solution to manage software assets

IT departments seeking technology solutions have a variety of options available to them. “Technology tools help but they do have important limitations,” Julie Machal-Fulk, partner at Scott and Scott LLP. “The software solution cannot design the strategy or the interaction with the software publisher,” she explains.

Factor in the following considerations when considering a software asset management platform.

  • Cloud service compatibility. The flexibility of cloud services and products frustrate traditional governance approaches, so look for a product that covers these functions. 
  • Large Software Vendor compatibility. The greatest risk and potential costs come from mismanaging software from the world’s largest software vendors. Identify the organization’s major software vendors by spend analysis (e.g. focus on top 3 highest spend vendors) and/or criticality (e.g. the finance system or order fulfillment system). 
  • Compatibility to procurement and contract management applications. Ariba and other applications are becoming a popular way to manage suppliers in the corporate world. Integrating with those packages will give the organization better oversight and control.

Sustaining effective governance over IT software is an evolving struggle. Using outside experience and resources is a proven way to reduce the risk.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.