Forensic Technology & Discovery Services

Software Asset Management and disputes advisoryFraud Investigation & Dispute Services

OverviewWithincreasinglycomplexbusinessmodels,wheresoftwaredeploymenthasbecomeevermorepervasivethroughoutbusinesslife,ithasbecomecriticalfororganizations to manage their software assets properly. This creates the challenge ofthembeinglicensedcorrectly,avoidingunnecessaryoverspend.

Many organizations find that they lack the controls needed to meet these requirements and, as a result, find themselves on the receiving end of significant costs as a consequence of noncompliance. This is further hindered as software licenses become more complex to meet the demands of different deployment models. As a consequence, they become difficult to track and quantify. Additionally, licensing rules are dynamic and differ across vendors and products.

At the same time, software vendors are becoming more reliant on license compliance audits. These have increased in frequency as vendors look to better protect their investment in intellectual property.

What is Software Asset Management?

Software Asset Management (SAM) is the combination of processes, technology and specialized knowledge through which software license risks can be managed and controlled. SAM is enabled through three key areas: people, process and technology and tools.

• People: The primary challenge of effective SAM is to create a team of dedicated people with direct responsibility for software licensing. The team should be trained and certified for key vendors based on spend and license risk. They should also be backed up by a SAM business advisor who can be called upon to assist with specific vendor knowledge and requirements. The advisor will be able to advise on changes in the market and will have a wider view on what is available to assist the SAM program. Additionally, they can provide support to an organization seeking to assess if its SAM remains up to date and relevant.

• Process: Too often, the ambitions of a SAM program fall short when the process is not comprehensive. An end-to-end process which manages software licenses, from the initial identification of need, through procurement, deployment, and ongoing management up to the point where the software is uninstalled and the license re-harvested, should be put in place. Additionally, there should be engagement with relevant stakeholders at each relevant level to facilitate buy-in to the process in order to help make it successful.

• Technology and tools: In order to facilitate the SAM process, it is important that organizations have tools which can provide the automation required to manage software licenses. The chosen tool or tools should have good coverage across the software vendor population; complete coverage might not be possible but the highest risk vendors should be prioritized. The vendor risk rating is based on the complexity of the software licensing model, the cost of ownership, and on the likelihood of a vendor audit. The SAM tool should be able to track where software is deployed, and where and how it is being used. It should also have the capability to track and manage the licenses owned through an inventory. Many of the generic tools in the market will only meet part of an organization’s requirements, so it is important for them to seek out a genuine SAM tool which has certifications from their key vendors. This means it will be able to be relied upon to provide an accurate compliance picture. This is especially important if a business has virtualized or cloud-based estate as many vendors will only allow the use of their own tools or one certified by them. The software landscape for each company is different and a “plug and play,” off-the-shelf SAM tool may not work as intended and, in some cases may require customization. It is important to realize the specific needs of the organization while implementing a SAM tool.

Technolo

gy a

nd t

ools

People

Proce

ss

SAM

Providing an effective SAM program

AneffectiveSAMprogramcandeliversignificantbenefitstoyouinadditiontohelping reduce the risk of being found noncompliant during a vendor’s software licenseaudit.Thesebenefitsareshowninthetablebelowandaredriventhroughthe related activities.

Reduced costAlignment of

software planning to strategic roadmaps

Co-ordinatedprocurement,license ownership

and pricing

Efficientsupportandmaintenance structures

Reduced riskControl of software distribution

Understanding contractual risks and licensing terms

Understanding potential issues and costs

Operational efficiency

Efficientlicense usage planning

Facilitated supervision of vendor enquiries

and audits

Better management of third parties

Activities Benefits

Challenges faced by organizations and pitfalls leading to disputes

EvenwithaSAMprogram,thereareanumberofissueswhichcanarise,and these need to be effectively managed to help avoid disputes with software vendors during a software license compliance audit.

Vague contracts

Complexities of purchase programs

Quantities

Monitoring techniques

Lack of focus and attention

• Unable to identify relevant contract terms with software publishers (e.g., indirect access to ERP software, licensing based on employee, processor or asset size)

• Incorrect or vague documentation supporting the contract

• Lack of clarity around suitable purchase programs, taking account of an organization’s future growth (e.g., perpetual, subscription-based or unlimited license agreements)

• Difficulties in identifying a suitable purchase program

• Buying too little or too many licenses• Managing the timing of when to purchase new licences• Managing old and unused versions• Missing license quantities (lost documents)

• Lack of appropriate technology to track compliance (manual reports outdated or inaccurate)

• Lack of controls to prohibit unauthorized software usage• Absence of required skill-sets

• Management’s lack of attention to address risks relating to noncompliance• Relevant business functions, e.g., legal, procurement and HR, not involved• IT assumed to be responsible for end-to-end compliance-related activities

Area Issues Your need EY’s approachSoftware deployment management

• Lack of product-specific licensing

• Unavailability of efficient reporting tools

• Significant asset base

• Accurate reporting of software inventory

• Prepare a detailed software deployment report using forensic approach

• Provide a product-and publisher-specific licensing view

• Design an approach to facilitate broad coverage of software licenses

Software entitlement management

• No single view of what has been procured by the organization

• No view of software- publisher partnership licenses

• Detailed entitlement statement of license purchases

• Provide a detailed overview of software license entitlements

• Provide access to online automated dashboards for regular review

Effective software license use and automation of processes and contracts

• No central repository of organization-wide software license entitlements

• No overview of what licenses are required or those that are no longer needed

• Lack of understanding of industry leading practices

• Lack of transparency in licensing contracts

• Identification of automated tools that suit the environment

• Adoption of leading practices and standards

• Efficient utilization of contracts based on available options and industry leading practices

• Identify weaknesses in processes and recommend improvement measures in line with industry benchmarks

• Develop a maturity model that can be tracked by stakeholders in the future

• Develop policies and procedures to manage the software license procurement process

Malicious codes • Cracks bypassing normal licensing mechanisms and being hard to detect

• Software publishers levying substantial fines due to identifying cracks during license-related audits

• Knowledge of whether there is a malicious code, e.g., a crack, in the organization

• Identify presence of malicious codes, cracks, illegitimate license keys, counterfeit software and, thereby, help the organization make informed decisions

How can EY help?Fromourexperienceofconductingsoftwarelicensingprojects,wehaveseenanumberofissueswhichresultfrominadequateSAMand,asaconsequence,have developed a unique approach and methodology. The table below shows how we can help you overcome these issues:

Why EY?EY’s network of software license professionals can provide for many of your critical software licensing needs:

• Deep knowledge of software license agreements and license methodologies for a large number of major vendors

• Bespoke SAM and discovery tools utilizing forensic capabilities to understand where software is installed or as installed and now removed

• QualifiedandexperiencedSAMprofessionalswhocanadvise an appropriate and usable SAM process to suit your business

• Ability to assist you in resolving disputes arising out of a compliance audit

Our teamPaul Walker

Head (EMEIA) Forensic Technology & Discovery ServicesErnst & Young LLP+44 20 7951 6935pwalker@uk.ey.com

Amit Jaju

Executive DirectorErnst & Young India LLP+91 22 6192 0232amit.jaju@in.ey.com

Chris Massey

Assistant DirectorErnst & Young LLP+44 20 7951 0570cmassey@uk.ey.com

Christopher Winter

Assistant DirectorErnst & Young LLP+44 20 7951 6110cwinter@uk.ey.com

Delivering an effective SAM program

Our client was struggling to understand its license compliance position for a number of its key software vendors as they did not have adequate SAM processes or SAM discovery tools. As a result, they had been found noncompliant by a vendor and asked to make a significant unbudgeted purchase of licenses. Furthermore, they were unable to verify the vendor’s audit findings. Subsequently the client asked EY to assess its licensing position to understand whether this noncompliance was correct, to assess its internal SAM capability and to provide recommendations for remediation.

During the engagement, EY deployed its software license forensic team with its proprietary discovery tools. We worked with our client to identify the high risk vendors, based on spend and license complexity, to be included within the scope of work. We gathered all of the relevant licensing documentation, and installed and configured EY’s license compliance dashboard. We also carried out an assessment of the client’s SAM processes. Finally, we examined the client’s systems to identify any use of unauthorized software and downloads, e.g., cracks, torrents and keygens.

As a result of our work, the client was able to monitor, in real time, their license compliance position for their main vendors. A number of licenses were found to be under used, so could be removed in order to reduce ongoing maintenance costs. The client’s SAM processes were benchmarked against ISO19770-3 and ITIL Standards, with improvements recommended. A number of individuals were identified as having violated company policies regarding the download and installation of unauthorized software and misusing IT assets.

Our experience

EY | Assurance | Tax | Transactions | Advisory

About EYEY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities.

EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com.

About EY’s Fraud Investigation & Dispute ServicesDealing with complex issues of fraud, regulatory compliance and business disputes can detract from efforts to succeed. Better management of fraud risk and compliance exposure is a critical business priority — no matter what the industry sector is. With over 4,500 fraud investigation and dispute professionals around the world, we can assemble the right multidisciplinary and culturally aligned team to work with you and your legal advisors. We work to give you the benefit of our broad sector experience, our deep subject matter knowledge and the latest insights from our work worldwide.

© 2016 EYGM Limited All Rights Reserved. ED None SCORE No. 01720-162GBL

In line with EY’s commitment to minimize its impact on the environment, this document has been printed on paper with a high recycled content.

This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice.

ey.com/FIDS