SAM and Governance – The Road to Hell? (Part 1)

Michael Gerrard, Research Vice President at Gartner has written that “IT governance addresses two major topics: demand governance (“doing the right things”) and supply-side governance (“doing things right”),” and that the “most common challenge for CIOs [is] demand governance and its associated business investment decision-making processes.”

 Software Governance with Text Apr16

In my experience working with Software Asset Management (SAM) solutions, one of the major selling points is always “Better Governance”. Merriam-Webster defines governance as, “The way that a city, company, etc., is controlled by the people who run it”, whilst in terms of IT, “governance is the set of processes that ensure the effective and efficient use of IT in enabling an organization to achieve its business goals.” Most organisations are aware that they lack the required level of governance to control and manage their assets to a degree that provides the best level of cost savings possible.

Improved governance is only one benefit of an effective SAM and license optimisation program, but importantly, it is the single, overarching requirement that leads to the resulting improvements in the cost of software licencing. These improvements also include the measurement of application usage, reduction in risk related to software vendor audits, improved reporting, optimised procurement and subsequent enhanced vendor management.

However, governance regardless of its intention always implies inherent “overhead” in terms of additional regulatory, security or operational processes to implement and support it. It creates operational disruption and potentially additional costs. As John Milton stated in Paradise Lost in 1667 “Easy is the descent into Hell, for it is paved with good intentions” – It is all too easy for an organisation to “overly-govern” in an attempt to quickly show benefits from the usually significant investment in asset management activities.

Getting to the point of effectively managing software and hardware assets where, in particular, licence compliance is no longer an issue, is a significant undertaking for any organisation requiring the input and coordination of a large number of people, differing IT systems and diverse business units.

But, and in many cases it’s a huge *BUT*, all of this effort can be wasted as “compliance” is only a point in time. This is where ongoing governance is required to ensure “continued” and “continual licence compliance” with at least an annual review of the processes and their effectiveness against the original SAM governance plan.

Implementing Governance – A Potential Overhead

In most cases, governance takes the form of new or updated policies, procedures and guidelines for the organisation. These policies, procedures and guidelines can impact all of the following areas, depending on the scope of the IT asset management project:

  • Definition of Key Performance Indicators (KPIs)
  • How end users get access to hardware and software resources
  • The organisation’s asset management lifecycle;
  • Asset procurement guidelines
  • The software maintenance and contract renewals process
  • Vendor management

This blog is not a discussion of what a governance process should look like, but when implementing “governance” the following issues must be accounted for and integrated into any process:

  • What are the implications for the business of each step of any process?
  • What is the scope of people necessary to execute the process?
  • What is the availability of those people?
  • What is the cost of those people?
  • What happens if a particular step in the process isn’t done correctly, or is not done at all? And more importantly, how does the organisation ensure that all the steps are done correctly, and in a timely manner?

The End User

Part of this process is also uncovering the current or potential overhead in the implementation of any governance process. Organisations need to understand how the individuals and teams receive their inputs and work instructions and then how those teams manage those requests. Incomplete or inaccurate requests are one of the single largest causes of delays and inefficiencies in any process. More importantly, the process by which a request is made must also be simple and straightforward . This not only limits the opportunity for error but also makes it easy to embed the process into end users’ current ways of operating.

To not consider the end user, and to not make the process as easy as possible for them to follow invites them to circumvent at every available opportunity a governance process which they consider ineffective and unwieldy, and which they do not see any benefit to following.

Further refinement of any governance process will also take account of how individuals and teams process instructions, how they ultimately take action and also how they review the outcomes of any action? Most importantly, to convince end users of the benefits of any updated or newly implemented process, the organisation must measure and report on the success and benefits of the new process to the organisation.


Stay tuned for Part 2, which will cover:

  • The Scope of SAM Governance
  • Combating Operational Disruption and Rising Costs