Why do so many SAM programs fail to protect organizations from incurring penalties during software audits, overbuying, and high maintenance costs? Because SAM is complex and time-consuming, and most enterprises lack the resources or commitment to run a comprehensive program. The following chart shows all the moving parts involved.
Research from The ITAM Review indicates that more than 75% of companies are out of compliance at any given time. There are many reasons for this: there’s a lack of roles and responsibilities leading to unmanaged software programs and a lack of visibility. Or, there’s no clearly defined SAM structure, or any communication plan to make sure IT and procurement understand what software they own and how it is licensed.
Other situations that lead to SAM failure which I routinely observed as an auditor:
Software is purchased without the organization knowing; new purchases are not tracked
Little or no awareness of internal software purchase policy or any changes to the policy
Lack of training and user buy-in into a SAM program
No understanding of true demand
Software vendors go around IT and use their relationships with your executives for deal making, reducing IT’s leverage and input
Executives do not see the value in a SAM program.
This brings up probably the single most important thing you can do to launch a successful SAM program, which is to win executive-level support of key stakeholders in the organization. You must build a business case for your SAM program, which works to resolve some of the executives’ challenges, such as budget constraints, audit cost reductions, or long-term relationships with the vendors. A strong argument comes from demonstrating the short- and long-term return on investment (ROI) of a SAM program. The plan must convey high-level information about SAMs deliverables and trackable milestones; these data points will help you to garner stakeholder support and alignment in the business units and the C-suite.
The following graphic shows what to consider when developing your business case.
Your SAM program objectives should line up with the organization’s goals: it will improve operational efficiency, mitigate an array of risks, and save money.
Even before you draft the business case, we counsel clients to write a SAM Program Charter.
The charter will list SAM’s main stakeholders, what the program will achieve, what are the obstacles it must overcome, and how you will know if it’s successful.
The next step is to determine where your organization currently stands in terms of readiness for a SAM program, and chart the relevant people, processes, and technology. This type of assessment is outlined below.
Next, you can build out your vision for the program’s future, shown here.
Now you can take your Maturity Assessment and your Future State and identify the gaps. From this you will develop recommendations for each stage and gap, and this exercise will provide your roadmap.
A final word about SAM tools: there are many good SAM tools on the market, but they cannot do all the things you want them to do. The tool suppliers will claim to be able to save you 20% to 30% on your SAM program, but they will not tell you how difficult it is to run them effectively. We caution clients who are buying a tool to conduct an RFP that clearly articulates their needs. We’ve come up with the following diagram to help with this process.
This graphic shows all the things to consider when choosing a SAM tool: who’s going to input the entitlement information into the tool? What information is the tool able to capture and what will it look like? Is there going to be a SaaS component? What software vendors/products does the tool handle best?
You must take the time to find the right tool for your program, which will integrate with your processes and teams. Once installed, you must manage the tool and make sure that it continues to report accurate data. This last point cannot be overstated.
In response to client demand for assistance in their SAM efforts, ClearEdge has created a Compliance Services practice comprised of former professional software auditors. For more information about SAM, download the webinar on which this article is based, or visit our website to see additional SAM resources, or contact your ClearEdge representative.
- Richard Wright is the Director of SAM and Compliance Services at ClearEdge Partners.