A voluntary software audit in 2007 by the city of Richmond, Va., turned up 340 improperly licensed copies of software, which could have resulted in civil and criminal penalties in excess of $100 million.
That's when Richmond adopted a series of best practices to ensure that the city remains compliant with its software license policy and employed LANDesk Management Suite's Software License Monitoring tool to automate the auditing process.
In its most recent audit, the city uncovered just a handful of unlicensed copies on its 3,800 PCs, along with a significant number of licenses that were going unused, says CIO Annette Flowers. The Department of Information Technology was able to reallocate unused licenses to other employees, reducing the need to purchase more software.
Simply put, software asset management ensures that organizations are using software they have purchased. But SAM also brings additional benefits, says Flowers. "It helps us to understand our software inventory and respond more quickly to updates and patches," she says. "We learn what software is on which hardware components, whether it's licensed or unlicensed, how often it's used and how current it is."
By surveying its technology landscape, Richmond trims costs in other ways, she adds. Its IT department uses power management software to shut down PCs at night when they're idle, saving the city more than $120,000 annually. Ranked in 2010 as the No. 1 Digital City in its population class by the Center for Digital Government, Richmond also recaptured another $400,000 a year by cutting the number of its mobile devices by a third and creating a shared-minute plan for all employees.
IT experts from Richmond and elsewhere share these strategies for effective software asset management.
1. Establish a baseline.
Before figuring out what software your agency's staff actually use, you need to establish guidelines about what software they should be using, says Rick Wood, IT manager of end-user services for Richmond.
"A centralized procurement policy should be the baseline from which all asset management begins," he recommends. "This must be unequivocally supported by executive management, with the technology procurement process controlled, and all final technology purchase authorizations approved by IT."
2. Lock down your systems -- carefully.
The easiest way to keep unauthorized software off desktops and notebooks is to disable end users' administrative rights so they can't install it, says Wood. But you'll want to move deliberatively to avoid disruption and confusion, warns Peter Beruk, senior director of compliance marketing for the Business Software Alliance.
"Avoid an immediate decision to lock down computers to prevent the unauthorized introduction of unlicensed software," he says. "While this is actually a good SAM practice, doing so without considering the ramifications may result in confusion -- both for the user and
3. Seek opportunities to consolidate.
When North Carolina's Department of Justice surveyed its software assets, the agency discovered its business divisions used 13 different types of case management software, says Kathy Bromead, director of the enterprise project management office in the state's Office of Technology Services.
"We consolidated those 13 systems into one," she says. "We're now able to take a big-picture view and see which agencies could benefit by having one consolidated application instead of multiple separate applications. It's amazing how many duplicate systems you end up with, but that's also a great opportunity to save money."
4. Take time to research.
Percentage of software installed in the U.S. that is unlicensed
Source: Business Software Alliance 2010 Piracy Study
If you find unlicensed software on your agency's computers, don't immediately delete it, says BSA's Beruk. Document these findings and conduct additional research, which may turn up records of a license you didn't know your organization had. If you cannot find proof of license, delete the unlicensed software, making note of what was deleted and when. "When in doubt, ask the publisher of the software or reseller of record for assistance," he says
5. Get the staff on board.
Training IT workers in what information they need to collect and how to do it is essential, says Bromead. Each year, North Carolina offers multiple training sessions for state employees prior to its annual audits.
"Setting up the initial information requirements and having your agencies input the data may be perceived as a large and time-consuming effort," she says. "But having access and visibility into application information is vital to being able to smartly and strategically manage those applications."
Surviving a Software Audit
It's what IT administrators dread most: a letter from the Business Software Alliance or the Software and Information Industry Association notifying you that they want to audit your software licenses.
An audit notification usually translates into a world of pain, even if your licenses are in perfect compliance, says Rob Scott, managing partner of Scott & Scott, a law firm specializing in technology and intellectual property.
"The cost of responding is still very high," he says. "And very frequently, the way a publisher defines 'ownership' is inconsistent with the records most audit targets are able to produce."
However, there are a few steps to minimize the burden of an audit:
- Limit the scope. Find out what product sets the auditor is interested in, as well as time periods, locations and departments affected. Don't offer more data than is actually requested.
- Zip their lips. Organizations like the BSA and SIAA often publicize when organizations pay huge fines for license violations. Get the auditors to sign a confidentiality agreement before the audit takes place.
- Assess the damages. Figure out potential financial liabilities before the publisher does. For most organizations, the goal is to avoid costly litigation and minimize the time and resources spent.
- Use SAM best practices. If you can't inventory all your IT assets and reconcile them with your purchasing records, that's a problem.
To avoid audits, seek software agreements that allow you to "true up" your licenses with your actual use at the end of each year, says Scott.