Closing The Gap On Software Compliance Issues Pt. II

Ernst & Young’s software asset management survey reveals that most vendors and customers are actively addressing the issue of license compliance, but also identifies some gaps on both sides. Faced with increasingly complex IT estates and software contracts, companies are not always keeping track of all their software deployment.

Ernst & Young’s software asset management survey reveals that most vendors and customers are actively addressing the issue of license compliance, but also identifies some gaps on both sides.

Faced with increasingly complex IT estates and software contracts, companies are not always keeping track of all their software deployment. This could mean they’re less prepared for vendor reviews and may reduce opportunities to save money by transferring available licenses to new users.

Meanwhile a majority of vendors feel that IT compliance is not always high enough on their customers’ agendas, with insufficient use of monitoring tools.

With numbers of customer audits on the rise, the responses show that many vendors may need a more globally consistent approach, with clearer revenue and coverage targets. Audits could also affect the harmony of the client/customer relationship, with users expressing some dissatisfaction over the quality of the work and the time taken.

The survey results confirm that software audits are increasingly becoming a way of life for both customers and vendors. Faced with the challenge of doing more audits, vendors need to establish formal programs which are conducted efficiently and in a transparent manner which does not damage the relationship. End users need to get a grip on their software estate so as to minimize the time and resources dedicated to audits and any subsequent penalties for non-compliance.

Ernst & Young interviewed eight major software vendors and ten customers. The user clients included both private and public sector organizations from a variety of sectors, and had on average over 10,000 PCs and 800 servers.

This is part two of a two-part series. Part one can be found here.

Cloud computing not yet on the compliance radar

Despite a greater focus on managing software assets, there are some worrying gaps in customers’ approach. Six out of ten admit that they don’t monitor software usage and usage patterns, which could undermine their efforts. Perhaps more worryingly, only 12% have responsibility for monitoring the usage of cloud-based products, suggesting that many businesses have not yet woken up to the implications of this growing trend.

Although most vendors claim to have a formal approach to compliance/audit reviews, less than half say this is globally consistent and only a minority carry out a quality assessment on the audit. It’s therefore no real surprise that most also choose to bring in external help for such reviews.

Amongst many of the vendors we spoke to, the compliance function doesn’t always have a clear set of goals. Only half have a revenue target for their work and none had any objective to cover a certain proportion of clients. With such a lack of focus, it may be hard to measure the cost-effectiveness of their work.

Software suppliers also have differing expectations of their return on investment in IT compliance. Some were looking for — and achieving — returns in the region of 15 to 20 times, while others only sought to get back five times what they invested.

It appears that neither vendors nor users are getting the most out of their software asset management efforts. The customers taking part in the survey feel they lack a robust business case, which can undermine the process.

While vendors are clearly entitled to carry out reviews and negotiate settlements for unpaid usage, they also want to preserve a good working relationship with their customers to ensure a long term revenue stream. Only one of the vendors we spoke to believes that the audit review process has created a negative experience for customers, or had a detrimental effect on the overall relationship.

However, customers appear to have a different view of the audit/review process. Levels of satisfaction over quality of the work and the value derived were low in many cases, and a number of user companies also expressed dissatisfaction over the time taken to carry out audits, and the lack of focus on improving the overall compliance process. One customer said that: “an audit: …feels like revenue generation, not customer service.”

Interestingly, respondents’ perception of the length of audits also differed. Whereas most vendors felt these took less than 180 days, a majority of customers felt these reviews actually lasted longer — a further sign that such activity needs to be handled sensitively.

Customers may also be underestimating the time required to support a vendor audit, which, according to the survey, is around 200 hours. Ernst & Young’s experience is that this figure could be closer to 500 hours in some cases, which is a significant investment.

Effective software asset management is about far more than just audits

An audit gives vendors the confidence that they’re receiving appropriate revenue for their licences, that their valuable intellectual property is appropriately protected, and that their customer is properly managing its software assets.

Customers may wish to carry out their own annual audit, either internally or through an independent third party firm. By producing strong evidence of a well-managed IT estate, users may avoid vendor audits and reduce the risk of non-compliance. Such a proactive approach can also help management budget for future software costs and save money by discarding redundant packages and renegotiating contracts.

However, effective software asset management is about far more than just audits. Vendors and customers should be committed to good governance, with consistent procedures for monitoring usage along with open reporting, to meet the highest standards of risk management.

Both parties require well-trained staff that understand the complex issues arising from multiple contracts, particularly involving SaaS and cloud computing.

More