Skip to main content
Resources
Submit RFP

      Journey to implement SAM

      Many organisations embark on a journey to implement SAM or enhance their current practices without a clear view of what is required or the objectives they want it to achieve. This means they are missing the mark on reducing compliance and financial risk exposure, incurring unnecessary or unplanned costs, increasing vulnerability to cyber-attack, and more. To overcome this, a strong SAM operating model is essential.

      Software Asset Management (SAM) helps organisations to maintain a ‘source of truth’ for its software assets and licences across end-user-computing, infrastructure and cloud environments. This data source should help the SAM function to better manage compliance risk, unnecessary costs, and to mitigate against cyber-attack. It should ideally support strategic decision making and aligning the organisation’s software needs against its current and future needs.

      As organisations seek to achieve a mature SAM framework, they often implement asset data management software such as Flexera, Snow, ServiceNow, Aspera etc., in the hope this will be a quick fix and reduce all risks related to software management. However, while a SAM software tool is essential, organisations can fall into the trap of not having a robust and flexible operating model to support it.

      This means a company may be unclear on the right processes, technology and people to ensure an effective SAM framework. For example, who is responsible for steps such as data upkeep, identifying compliance issues, reporting issues, working to prevent risks, and keeping costs in check?

      Without a clear operating model for SAM, the business could remain exposed to risks and costs, and could be missing out on the range of other benefits that SAM will provide.

      Building the SAM operating model

      Essentail components include:

      Organisational structure 

      SAM should be part of the Information Technology Asset Management (ITAM) function, which should be separate from Information Technology Services Management (ITSM), to ensure the responsibilities are clear. We explored this in detail in ITAM vs ITSM – why they should be separate.

      Reporting line 

      The SAM team may be held accountable for significant risk factors, but it doesn’t always have the authority it needs to influence necessary change. Therefore SAM should report to a level that is able to influence cross-organisational behaviour – such as the Chief Information Officer (CIO). Our infographic SAM manager of the future shows how this could look in future.

      Governance 

      Clear objectives for SAM must be set, and then governance must be in place to ensure they are met. Governance involves aligning each objective with key performance indicators (KPIs) that are measurable. KPIs for SAM could be the degree of risk appetite that the organisation has, and how much the exposure must be reduced to meet that level.

      Roles and responsibilities 

      Accountability for every aspect of SAM must be defined. This can, interestingly, be the most emotionally negotiated part of the operating model. Therefore, it can be useful to have an objective, external party to assist with this framework. It is also important to ensure that the people with SAM responsibilities are provided with appropriate training. For example, when licensing rules change, is it clear who is responsible for maintaining this information? Do they know what to do to ensure the integrity of the SAM data? Often, when organisations outsource SAM functions or implementation of software and related tools, they will perceive it is the outsource provider’s responsibility to ensure compliance with vendor terms and conditions. While the outsource provider will help manage the process and reporting, the accountability for compliance always sits with the organisation who signs the terms and conditions with their vendors.

      Performance evaluations and improvement 

      These are key to upholding governance and ensuring SAM activities are effective in meeting the company’s goals. For example, if a remediation plan is in place to reduce a $1 million exposure to within an acceptable level of $100,000, then performance tracking should show how the company is progressing towards that level.

      Supporting factors to success

      Once a strong operating model is in place, organisations need to ensure that there is a culture of continual improvement around SAM, to ensure everyone is contributing to, and getting the best out of it. Areas of focus should include:

      • Software asset lifecycle management

        It is important for those involved in management of software to, at each stage of a software asset’s lifecycle, think about SAM requirements. For example, if someone in ITSM replaces a computer and installs some software, they will typically focus on solving the problem, rather than thinking – ‘I just added a new computer, what have I done with the old one, and am I licensed for the software that I’ve just installed?’ If they are trained to alert SAM, SAM data will be cleaner and risk is kept in check.

      • Relationships and contracts

        A key value of SAM is the ability to help with cost optimisation, particularly at the time of licence agreement renewals. The SAM function can also help to understand the company’s roadmap for IT asset requirements and can establish contracts that accurately reflect these needs. SAM can look for opportunities to optimise costs for software use, and to develop strategic relationships with key vendors, understand their technology roadmap, and how it aligns with that of the business.

      • Financial management

        A good SAM function will also proactively work with ITAM budget owners to ensure that budgets are established on time and are adequate. SAM can monitor consumption against the budget, and provide timely reports to the budget owners. It can also implement a cost chargeback model that recovers the cost of IT assets, consistent with usage of the assets.

      An agile methodology

      At KPMG, we not only help organisations to design and implement a robust SAM operating model, but through our Software Asset Management as-a-Service (SAMaaS) approach – which we explore in Taking charge of Software Asset Management – we can help with ongoing improvements.

      Our journey starts with defining the SAM objectives, governance, roles and responsibilities, and KPIs, then flows to implementation such as establishing a data baseline, and offering reporting and insights.

      More Software Asset Management insights

      Toyota Finance Australia’s Colin Mapp discusses how SAM provides confidence in risk management and cost consolidation of purchased software.
      Read more

      Paul Dobing shares his experience as a university’s IT director, on how SAM helped the CIO balance managing costs while building trust with end users.
      Read more

      Craig Wishart, CIO of KPMG Australia, discusses why having complete visibility over all software, licences, compliance and costs is essential.
      Read more

      As Chief Information Officers increasingly rely on insights from Software Asset Management (SAM) to make decisions, the SAM manager role will evolve.
      Read more

      Software use is extensive across organisations, and vendors have their eye out for compliance, so we explore how to take control and mitigate risks.
      Read more

      The functions of ITAM and ITSM get mixed up, but there are good reasons why each should have its own roles and responsibilities.
      Read more

      Prolific and unchecked software use equals more cyber risk exposure, so having strong controls in place is essential to keep this in check.
      Read more

      The most effective approach to Software Asset Management is when hard controls are supported by soft controls, to cover structure and behaviours.
      Read more
      Edwin Davis
      Edwin Davis

      Partner, Contract Assurance & Performance

      KPMG Australia