Software Asset Management: Risk and Reward. March 2015

Similar documents
Software Asset Management (SAM) and ITIL Service Management - together driving efficiency

Software Asset Management. The challenge

The Software Experts. Software Asset Management Services & Solutions

Cracking the Code on Software License Management

IIA Super Conference

Software Asset Management High Risk, High Reward

MANAGING THE SOFTWARE PUBLISHER AUDIT PROCESS

Software Asset Management

zoomlens January 2012 Why General Counsel should care about Software Asset Management

HP OpenView AssetCenter

The Value of ITAM To IT Service Management. Presented by Daryl Frost. Copyright Burswood Information Solutions Limited 2015

THE PRESCRIPTION FOR A PAINLESS AUDIT

SOFTWARE LICENCE MANAGEMENT

SAM Standards: A Review of ISO and 2

Cost-Effective Alternatives to Software Asset Management. kpmg.com

TUNE IT UP. An Overview of Software Management THE SITUATION THE CHALLENGES THE SOLUTION THE BENEFITS

Software License Compliance Review

SOFTWARE LICENSING AWARENESS IN DYNAMIC ENVIRONMENTS

HP Asset Manager. Software version: Asset Tracking Solution

Software License Asset Management (SLAM) Part 1

Software Audits Three Ways to Cut the Cost and Pain of a Software Audit

Begin with the end in mind

Service Support Kasse Initiatives, LLC. ITIL Configuration Management - 1. version 2.0

Getting a head start in Software Asset Management

Process Control Optimisation with SAP

Session 1: Managing Software Licenses in Virtual Environments. Paul Baguley, Principal, Advisory Services KPMG

ITIL A guide to service asset and configuration management

TOP QUESTIONS ABOUT MICROSOFT AUDITS

Software asset management White paper. Improving IT service delivery through an integrated approach to software asset management.

Server Team Asset Transfer Process

Software Piracy shows the needs of Software Asset Management. Peter Beruk Sr. Director, Compliance Marketing

The Power to Take Control of Software Assets

Seven Steps to Getting a Handle on Software Licensing

How To: Choosing the Right Catalog for Software License Management

How To Get A License From A Business To A Computer (For A Business)

Reducing Cost and Risk Through Software Asset Management

WHITE PAPER. Moving up the Software License Optimization Maturity Curve to Drive Business Value

Benefits to the Quality Management System in implementing an IT Service Management Standard ISO/IEC

The Software Experts. Training Courses and Events

SoftwareAsset Management (SAM)

Software Asset Management (SAM) Best Practice

Automating Software License Management

Software License Asset Management (SLAM) Part III

Release & Deployment Management

License management service

Software Asset Management Is your company prepared for a software audit?

<Insert Picture Here> François Lorthioir mobile : Manager Eastern Europe, Middle East and Africa.

The IT Administrator s Guide to Software Asset Management

How To Manage Software License Management With An Aspera Catalog

Website (Digital) & Mobile Optimisation. 10 April G-Cloud. service definitions

ITIL and Altiris ServiceDesk. Joseph Carson, Sr. Product Manager October 21, 2009

How to Deliver Measurable Business Value with the Enterprise CMDB

Release and Deployment Management Software

Service Asset & Configuration Management PinkVERIFY

1 Why should monitoring and measuring be used when trying to improve services?

THE BUSINESS CASE FOR SOFTWARE ASSET MANAGEMENT. by Peter Alderson, SAM Practice Leader, Computacenter

The CMDB at the Center of the Universe

GOVERNANCE AND MANAGEMENT OF CITY COMPUTER SOFTWARE NEEDS IMPROVEMENT. January 7, 2011

THE MANAGED SERVICE FOR SAM

Best Practices for Confirming Software Inventories in Software Asset Management

ITIL: What is it? How does ITIL link to COBIT and ISO 17799?

IIA South West Event. A look at key supply chain risks and why contracting is a key step 14 January 2015

BUILDING THE NEW BUSINESS CASE FOR ITAM

Software Licence Compliance. A guide to Software Asset Management in the Enterprise

Information Technology Auditing for Non-IT Specialist

Software Compliance and Software Portfolio Optimization

How To Standardize Itil V3.3.5

und

IT Transformation. Moving Beyond Service Management to a Strategic Business Role. August kpmg.com

Control Costs with a 4-Speed SACM Transmission

ITAM (IT Asset Management)

"Service Lifecycle Management strategies for CIOs"

SAM Starter Kit: A fast track guide to. Software Asset Management

Symantec Asset Management Suite 7.5 powered by Altiris technology

Rosemary M. Amato, CISA Deloitte Accountants B.V.

Monitoring capital projects and addressing signs of trouble

GENERAL PLATFORM CRITERIA. General Platform Criterion Assessment Question

SAM Success Fee self-repayment of your project!

The ITIL v.3. Foundation Examination

Introductions. KPMG Presenters: Jay Schulman - Managing Director, Advisory - KPMG National Leader Identity and Access Management

Online Security, Traffic Data and IP Addresses. Review of the Regulatory Framework for Electronic Communications

ITIL V3 Intermediate Capability Stream:

protect your assets. control your spending

SAM projects a comprehensive approach to IT asset management

Purchasing and Managing Software Licences

SACM and CMDB Strategy and Roadmap. David Lowe ActionableITSM.com March 20, 2012

Implementing the value chain of the future

Best Practices for Implementing Software Asset Management

Leveraging data analytics and continuous auditing processes for improved audit planning, effectiveness, and efficiency. kpmg.com

Roles within ITIL V3. Contents

CA Service Management Solutions

License management. Management Summary. Facts for decison makers

White Paper November BMC Best Practice Process Flows for Asset Management and ITIL Configuration Management

Unlock the code IT Asset Management

General Platform Criterion Assessment Question

Software Smart Buying Lower cost, better insight

software license management is becoming an important issue for hosting resellers and Microsoft solution providers.

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS)

performance indicators (KPIs) are calculated based on process data, and displayed in easy-to-use management views.

Asset Management. Software Asset Management Marco Sangiorgio/ May 29, 2013

Transcription:

Software Asset Management: Risk and Reward March 2015

Agenda What Are the Risks Direct Risks Indirect Risks Future Risks How to Assess the Risks Maturity Frameworks Compliance Assessments Mitigating the Risks The ITIL 4 Ps SAM Strategies Summary 1

The Risks Direct Risks 1 3 Impact 11 2 Probability 1. Non-Compliance: Financial 2. Non-Compliance: Reputational 3. Over-licensing

The Risks: Direct Risks Non-Compliance - Financial exposure 85% Percentage of organisations that are using more software than they have paid for 63% of organisations have been audited within the last 18-24 months 37% of organisations have been audited twice within the last 18-24 months 34% $1.6m Percentage of large enterprises ($ B+) audited three times or more in the last 18-24 months The average true-up payment for a $4B revenue company $263k The average true up payment for a smaller $50M revenue company 64% Percentage of organisations that are not using automated, commercial software to manage their software licenses Key Trends in Software Pricing and Licensing Survey Software Licensing Audits: Costs and Risks to Enterprises, IDC, 2014 3

The Risks: Direct Risks Non-Compliance - Reputational Risk Tibco has filed a lawsuit with the California North District Court alleging the Merrill Lynch division of Bank of America illegally used $300m of its software for a major IT project. The case highlights a catastrophic breakdown in supplier relationships, which could lead to Bank of America being exposed to a potential risk of no longer being able to run software that uses Tibco. http://www.computerweekly.com/news/2240225480/bank-of-america-when-software-relationships-turn-sour Billingshurst engineering firm Project Options has been forced to cough up 33,000 after the BSA found it using unlicensed Autodesk software. http://www.channelweb.co.uk/crn-uk/news/2349161/sussex-engineers-settle-bsa-licensing-stoush The Business Software Alliance (BSA) has stung a safety specialist firm for almost 100,000 following a tipoff over its alleged use of unlicensed software. First Choice Facilities was forced to pay the anti-piracy body 18,000 as part of a settlement, and stump up a further 81,000 in licence costs to address the shortfall, after being found with unlicensed Adobe, Autodesk, Microsoft and Symantec products. http://www.channelweb.co.uk/crn-uk/news/2220503/tip-off-costs-bsa-victim-gbp99-000 4

The Risks: Direct Risks Over-Spending Over-specified license types Inaccurate license quantities Maintenance of unused software Failure to negotiate bespoke terms 5

The Risks Indirect Risks Impact 11 Probability

The Risks: Indirect Risks Security Incomplete Coverage Version Control: Vulnerabilities Unauthorised Software Unauthorised Use 7

The Risks: Indirect Risks Business Continuity/ Service Delivery IT Asset Management IT Service Management Finance/ procurement systems Asset Data License Management System Inventory Asset Registry CMS/CMDB Services & CI Relationships 8

The Risks Future Risks 2 Impact 11 1 Probability 1. Tax 2. Outsourcer performance

The Risks: Future Risks Tax Transfer pricing Indirect tax Outsourcer Performance Based on vendor review experience Cannot outsource responsibility for compliance 10

Assessing the Risks Maturity Frameworks

Assessing The Risks: Maturity Frameworks ISO/IEC 19770 ISO/IEC 19770 is an international standard about software asset management (SAM) 3 Parts: IOS/IEC 19770-1: Processes IOS/IEC 19770-2: Software identification tag IOS/IEC 19770-3: Software entitlement tag First published in 2006, revised in 2012 to enables incremental stages 12

Assessing The Risks: Maturity Frameworks ISO/IEC 19770 Organisational Management Processes for SAM 4.2 Control Environment for SAM Corporate Governance Process for SAM Roles and Responsibilities for SAM Polices, Processes and Procedures for SAM Competence in SAM 4.3 Planning and Implementation Processes for SAM Planning for SAM Implementation of SAM Monitoring and Review of SAM Continual Improvement of SAM Core SAM Processes 4.4 Inventory Processes for SAM Software Asset Identification Software Asset Inventory Management Software Asset Control 4.5 Verification and Compliance Processes for SAM Software Asset Record Verification Software Licensing Compliance Software Asset Security Compliance Compliance Verification for SAM 4.6 Operations Management Processes and Interfaces for SAM Relationship and Contract Management for SAM Financial Management for SAM Service Level Management for SAM Security Management for SAM Primary Process Interfaces for SAM 4.7 Life Cycle Process Interfaces for SAM Change Management Process Software Development Process Software Deployment Process Problem Management Process Acquisition Process Software Release Management Process Incident Management Process Retirement Process 13

Assessing The Risks: Maturity Frameworks ISO/IEC 19770:2012 Tier 4 Full ISO/IEC SAM Conformance Achieving best-in-class strategic SAM Tier 3 Operational Integration Improving efficiency and effectiveness Tier 2 Practical Management Improving management controls & driving immediate benefits Tier 1 Trustworthy Data Knowing what you have so you can manage it 14

Assessing The Risks: Maturity Frameworks Microsoft SAM Optimisation Model (SOM) ISO 19770-1 Key Competency Competency Question Organisational Management SAM Throughout Organisation SAM Self Improvement Plan How has software asset management (with documented procedures, roles, responsibilities and executive sponsorship) been implemented in each infrastructure group? Does your organisation have an approved SAM self improvement plan? SAM Inventory Processes SAM Verification Processes Operations Management and Interfaces Lifecycle Process Interfaces Hardware and Software Inventory Accuracy of Inventory License Entitlement Records Periodic Self Evaluation Operations Management Records Interfaces Acquisition Process Deployment Process Retirement Process What percentage of user PCs and servers are included in a centralised software inventory/ CMDB (configuration management database); which is populated by a software tracking tool? How often do you reconcile software inventories with other sources to verify accuracy of assumed license metrics (for example user counts based on HR employee records)? What percentage of procured software licenses are recorded in a license entitlement inventory (a central repository/ tracking of all licenses owned and/or previously acquired)? How often do you reconcile software deployments (usage) to software entitlements (purchases)? Software entitlement are software licenses owned or previously acquired. How do the various Operations Management functions (contracts, financial fixed assets, service support, security, networking) use software and hardware inventories in their daily roles? What percentage of total software purchases in your organisation are made through or are controlled & tracked by centralised procurement? What percentage of total software deployed across organisation s PCs and servers (considering all operating systems) is installed through centralised sources or through a controlled distribution system? What percentage of retired hardware assets are tracked in a way to enable the software on them to be reused? 15

Assessing The Risks: Maturity Frameworks Microsoft SAM Optimisation Model (SOM) BASIC Basic SAM Ad Hoc Little control over what IT assets are being used and where. Lacks policies, procedures, resourced and tools. STANDARDISED Standardised SAM SAM processes exist as well as tool/data repository. Information may not be complete and accurate and typically not used for decision making. RATIONALISED Rationalised SAM Active Management Vision, policies, procedures and tools are used to manage IT S/W asset lifecycle. Reliable information used to manage the assets to business targets. DYNAMIC Dynamic SAM Optimised Near real-time alignment with changing business needs. SAM is a strategic asset to overall business objectives. 16

Assessing The Risks: Maturity Frameworks Other FSSC-1: FAST Standard for Software Compliance ITIL: Information Technology Infrastructure Library 17

Assessing The Risks: Maturity Frameworks Assess current maturity Agree desired state Plan improvement Look for quick wins Implement Conformance verification Act Check Plan Do Repeat.. 18

Assessing the Risks Compliance Assessments

Assessing The Risks: Compliance Assessments Prioritise 80/20 Business Software Alliance (BSA) Vendor Audit Teams Adobe Autodesk DELL (Quest) EMC HP IBM Micro Focus (Attachmate & Novell) Microsoft Oracle Pitney Bowes SAP Symantec VMWare BSA Membership: ACCA Software Adobe Altrium ANSYS, Inc. Apple Autodata Limited Autodesk Bentley Systems CA Technologies CG Tech Ltd CNC Software Mastercam Corel DELL IBM Intel Intuit Microsoft Minitab NetCad Ulusal CAD Oracle Parallels PTC Salesforce.com Siemens PLM Software, Inc. Symantec Tekla The Mathworks 20

Mitigating the Risks The ITIL 4 Ps

Mitigating Risks: The ITIL 4 Ps People IT Procurement Finance Legal Process Senior sponsorship ISO 19770 Conformance verification 4 Ps Product Inventory License management Information libraries Partners SAM experience Licensing knowledge Vendor knowledge 22

Mitigating the Risks SAM Strategies

Mitigating Risks: SAM Strategies In-house Outsourced Service Service Provider Reactionary 24

Summary

Summary: Software Asset Management Consider adding to Internal Audit Probability is relatively high: 63% Impact is potentially significant Establish risks Assess maturity Assess a sample of compliance Impact 11 Investigate strategy Process not project Progress not perfection Probability 26

KPMG Strengths Tools and vendor technology knowledge We have firsthand experience of dozens of software tools which can automate elements of the software asset management process. Our team includes staff who have previously implemented and worked with tools on a day-to-day basis. The KPMG network Approximately 450 licensing practitioners across the globe working on various vendor technologies. We are able to draw on our firms deep industry experience to provide Audit, Tax & Advisory services. This enables us to build cross-functional teams to address the specific needs of all our clients. Independence and confidentiality We are independent of both software publishers and resellers and do not re-sell software licences or software asset management tools. In circumstances where it is beneficial for our clients we do however work in partnership with publishers, resellers and tools vendors. 27

Thank you Contact Presentation by Arpit Agarwal Manager Software & IT Asset Management Mobile: +44 (0) 7824377737 Mailto: arpit.agarwal@kpmg.co.uk KPMG SAM Dinner If Software Asset Management/ software licensing is of particular interest to yourself or a colleague, please note we hold SAM client events on a regular basis; please contact me at arpit.agarwal@kpmg.co.uk for more information.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2015 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information