At a recent webinar we were asked:
“How do I accurately report the value I add as a Software Asset Manager?”
Specifically, the attendee was interested in strategies for accurately reflecting some of the intangible aspects of SAM, such as risk mitigation and avoidance. As a former IT Asset Manager I also encountered this, and in this article I’ll share my approach.
I found it useful to treat my SAM operation as a business. What do I mean by that? Simply, I was interested in whether my SAM programme was making an annual profit or loss. As a one-person operation this was relatively easy to calculate. Take my salary costs, add in tool costs, set a target for value added (e.g. salary costs plus tool costs plus 10%), and measure progress quarterly. A blunt measure, and perhaps one that wouldn’t stand up to financial scrutiny – it wasn’t capturing ancillary costs, or time spent by stakeholders contributing to SAM goals – but still useful in giving a SAM programme a sense of purpose.
To calculate the value-added side of the equation I recorded the monetary value of everything I did, in the following categories:
Martin recently explored cost savings and cost avoidance at a high level in Whiteboard Wednesday and now I’m going to add some more flesh to the bones.
In some organisations, SAM’s primary objective will be to reduce the cost of software. There are many strategies we employ in doing this – cancelling subscriptions for unused software, optimising support and maintenance agreements, and providing trustworthy data to create accurate demand forecasts which enable software buyers to cut the right deal. It is easy to track the effectiveness and value add of our SAM programme when it comes to cost reduction. For example:
A quote is received for a renewal of 5,000 licenses at £10 per seat. Using your SAM data, you determine that only 4,000 licenses are required.
Renewal Quote: 5,000 licenses at £10 per seat = £50,000
Final Order: 4,000 licenses at £10 per seat – £40,000
Total savings: £10,000 – 20%
When reporting this you may be challenged by finance or your manager who don’t see it as a hard saving. They may argue it’s just cost avoidance. If you are solely responsible for the renewal of the contract then it is right to claim it as a cost saving – because if you hadn’t acted, and used data only SAM has, the contract would have been renewed at £50k. £10k would have been wasted if nothing had been done. Furthermore, that £10k saving goes back into the IT budget for the current year – this is a current year saving because it’s an annual contract. That £10k can be spent on something else, or returned to the company, and as such positively impacts the bottom line. It’s a hard, immediate cost saving. So, put that £10k in your “winnings” spreadsheet and move on to the next immediate cost savings target.
Cost Avoidance is anything that’s done to avoid costs being incurred in the future. For SAM, activities such as implementing a software request and approval process are an example of cost avoidance. The aim is to ensure that money isn’t spent unnecessarily through inaction or error.
Implementing software harvesting is a prime example of cost avoidance. A scenario I encountered was Help Desk ordering a new copy of MS Office and the necessary CALs for each new employee. Why? Because, prior to implementing SAM and integrating with HR systems, Help Desk were unable to determine if the new employee was increasing total headcount or replacing someone else. Furthermore, without a robust hardware reclaim process in place they were unable to prove that the software had been de-installed from the machines of ex-employees.
In the above example the cost avoided is therefore the cost of the copy of MS Office & the CAL – potentially around £350 per new employee in perpetual licenses – plus the ongoing maintenance and support costs (e.g., Software Assurance). As with hard cost savings you should report this as a “win” for Software Asset Management, but the question is, how should you do so? The best option is to gather trend information for expenditure on the affected products and show how that has reduced following implementation of the harvesting policy. This should be straightforward as you’ll be maintaining license entitlement records for those products. The benefit of using this trend information is that it provides positive proof of the change initiated by the SAM team, rather than providing a forecast. Furthermore, this is a long-term benefit of SAM because your team is continually driving the harvest and reclaim process. It’s a great example of explaining the cost of doing nothing, if that process is owned and operated by the SAM team.
If Cost Reduction is all about immediate cold hard pounds in the bank (and on the bottom line) then the value add from Risk Reduction is far less tangible. Business, after all, is about taking risks. This means that different stakeholders, and indeed company cultures, have different approaches to risk. A risk is something that might happen which may be detrimental to the business in some way. Woolly, ephemeral, might never happen. Businesses deal with risk on a commercial and economic basis every single day and may see software risk as being low priority and low impact. I recall having a conversation with a senior leader about software risk shortly after a multi-million-dollar operational risk had become reality. This wasn’t the best time to convince him of the importance of controlling access to software deployment in our datacenters.
When SAM teams think about risk, they inevitably think about the risk of a software audit. A large part of what we do is ensuring that we identify license compliance risk, report it, and treat it appropriately. But how do you assign a monetary value to this activity?
The best approach is to carry out a risk assessment. At the simplest level this calculates the impact of the risk and the likelihood of it happening. Using the license compliance audit example, we can rank vendors in terms of the likelihood of an audit. Our recent audit survey can help you with this. Then, we can use our SAM data to estimate the financial costs likely to accrue in the event of an audit. Finally, we need to factor in the additional soft costs of the software audit process – the time taken to respond to the audit that could have been used to complete other activities.
Record this information in a risk register and share it with your key senior stakeholders. This information is highly confidential so discussion of software license compliance risk must only take place with stakeholders responsible for managing risk. In IT, this is likely to be your manager & the CIO/CTO. Use the risk register to prioritise risk treatment and demonstrate the value of your treatment activity.
|Risk Name||Probability||Cost||Impact (Probability x Cost)||Mitigation Cost||Value||Rank|
In the above example there are three software risks. These are ranked by probability and the impact (probability x cost) estimated. Mitigation costs for the risk are also captured – this is the cost of the actions needed to remove the risk. This provides a simple measure of value and enables you to rank the risks in order of priority. For a more detailed approach see our article on using the financial measures NPV & IRR to estimate value.
By using this approach, it is easy to prove the value SAM has added to the business. For Product S, assuming our actions completely remove the risk, the value to the business is £350k. Of course, this is a simple example, and it can be difficult to accurately measure the impact of a risk, or the effectiveness of the steps taken to mitigate it. However, it’s certainly a good place to start and will prove to senior leaders that you’re taking a commercial approach to your SAM programme. It can become easy to obsess about risks that aren’t worth removing and this structured, quantitative approach helps you to avoid that.
When thinking about the long-term strategy for SAM in your organisation it is useful to consider how you will continue to demonstrate value. Cost reduction opportunities tend to be tactical, short-term opportunities. As you get your processes right (for example, the leavers/hires process discussed above) and build relationships with vendors the opportunities for cost reduction will dry up. By year three of a SAM programme, you need to be demonstrating its continuous strategic value to the business. It must be embedded in the Governance, Risk, and Compliance function of your organisation in order to remain relevant and funded. After all, it’s rare that senior leaders question the value of finance or legal functions. That’s where SAM needs to be.