ABSTRACT
The implementation of processes and tools of Software Asset Management (SAM) has become an action agenda for Information Technology (IT) managers. Then this study aims to investigate the scenario for the implementation of SAM in large and midsize companies of Rio de Janeiro, Brazil. As methodology, a literature review was performed which founded the creation of an online questionnaire applied to 53 Chief Information Officers (CIOs). Based on the result of this research, it was possible to identify the knowledge of managers pertinent to the concept of SAM, and the fact that the majority of the investigated companies are in stages 1 and 2 of the development of the tiers of SAM proposed by the ISO / IEC 19770 standard. As contribution, it is expected to elucidate the recognition of SAM as a relevant factor to be used in the IT area, aiming at the search for solutions that increase productivity and optimize the costs and investments in companies.
Keywords: information technology; IT management; software assets management
Information Technology (IT) is intrinsic part of the business of the companies, as well as an essential support to the operation of contemporary organizations (BOWEN; CHEUNG; ROHDE, 2007, FERNANDES; ABREU, 2008). Notwithstanding the perception of the aggregate value of IT to business, the decisions and management of IT resources become even more complex with the fast and constant technological advancements, leading to flaws in the management and definition of acquisitions (MCAFEE, 2004).
This sensitive relationship between the investment in IT and its impacts on business has been promoting the adoption of processes and management tools to orientate the decisions of the IT executives. It is in this context that the aspects of IT Management (ITM) become inserted in the agenda of the executives, as a resource for managing, qualifying and guarantying that the investments in technology are effectively in agreement, and promoting positive results for the business of the company (HAES; GREMBERGEN, 2005).
In this regard, the implementation of diverse IT processes – such as configuration, distribution and management of changes – depends on whether the company has accurate knowledge of its IT assets, in special, software assets. Nevertheless, the efficacy of a company may be seriously compromised when the organization does not have knowledge of the software assets it has, where they are located, how they were configured and how they are used, because the company may be paying too much to be granted or renew software licenses, or yet, to license them improperly.
Thus, the difficulty in managing software assets in agreement with the contractual rules established by the supplier has become a challenge to IT management. On the other hand, the software suppliers are intensifying their audit activities to confirm the license numbers for their clients. Besides agreement aspects, the lack of software asset management can result in significant and unexpected costs.
There are solutions to the automation of the management of assets in the market, but just the use of this type of tool does not accomplish or guarantee the implementation of all the processes that deal with software asset management. Thus, identifying, managing, optimizing and guarantying the compliance of software assets in the companies are factors that impel the companies to implement the process of software asset management.
In this context, the objective of this research is to investigate the scenario of implementation of software asset management in large and midsize companies of Rio de Janeiro, Brazil, by observing conditioning aspects that motivate and impact its implementation.
It is expected, with this study, to elucidate the recognition of software assets and offer information about its management through bibliographic review and investigation and analysis of the scenario of the implementation of software asset management in the researched companies.
This section emphasizes concepts and relevant aspects of Software Asset Management.
Initially, resorting to accounting, asset is a term used for expressing the possessions, valuables, receivables, rights and the like, which in a determined moment constitute the patrimony of a natural or legal person and which are evaluated by their costs (FULGENCIO, 2007).
In general terms, an asset defines something valuable that the company owns and that is associated with risks and benefits. Within the scope of IT, the assets cannot be limited to informatics equipment and software installed in the environment under the responsibility of IT management. The ABNT NBR ISO/IEC 27002 standard – Code of Practice for Information Security Management – defines asset as “anything that has value to the organization” and it can be represented as information assets, software assets, physical assets, services, people and intangible assets (ABNT, 2005).
According to Fernandes and Abreu (2008), the IT assets refer to the whole IT infrastructure, and comprehend computers, servers, storage devices, applications and support software, among others. Therefore, it is observed that IT assets comprehend hardware and software.
Wang
The IT Asset Management (ITAM) implicates the collection of inventory, financial and contractual data to manage IT assets during all its lifecycle. Software Asset Management (SAM) and Hardware Asset Management (HAM) are parts of the broadest discipline of ITAM.
In this context, the software assets of a company are formed by all the software systems that support the accomplishment of their organizational objectives. The term “software asset” is constituted by the right to use some specific software, which must be documented in software contracts, license documentation and receipts (ABES, 2014).
Although it is not described in details, the definition of ITIL (Information Technology Infrastructure Library) for SAM is “all of the infrastructure and processes necessary for the effective management, control, and protection of the software assets within an organization throughout all stages of their lifecycle”, according to ABNT NBR ISO/IEC 19770 standard (ABNT, 2012).
Users, IT professionals, IT executives, suppliers, IT support, infrastructure and safety services are software asset management clients (FERNANDES; ABREU, 2008). Thus, the organizations need a strong process of software asset management. The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) defined the ISO/IEC 19770 standard as the one that establishes a base line for an integrated set of the processes of SAM, aligned with the management of services of ITIL library.
The ISO/IEC 19770 standard is composed by five main parts, being the first one, the ISO/IEC 19770-1 standard, the object of this study, because it is a structure of processes aimed at proving that SAM offers the adequate support to the management of IT assets to fulfill corporate requirements. Therefore, the main benefits of SAM must include: risk management; control of costs; competitive advantage.
The ISO/IEC 19770-1 standard (ABNT, 2012) defines four tiers that allow the implementation, assessment and recognition of the SAM requirements in stages. The scope details treated in each tier are described as follows:
Tier 1 – Reliable Database – it comprehends the first or preliminary stage, where the inventories are the basic source for an efficient process of software asset management. In this tier, the focus is to identify what is available, to know how to manage and supply the basis to demonstrate the compliance of the software ownership right. This is the Basic stage in the process of SAM.
Tier 2 – Pragmatic Management – it is the initial stage for Software Asset Management, per se. It starts by the recognition of the lack of asset data, extension risk, improvement opportunities and economy. Through the reliable database, constituted in Tier 1, quick wins are obtained, it means, immediate benefits with basic software asset management. In this tier, the establishment of rules, policies, responsibilities and definition of the competencies of SAM are comprehended.
Tier 3 – Operational Integration – it is based on the foundation of the two previous tiers, inserting integration processes with contract management, financial aspects through a security system for asset agreement, covering the acquiring, utilization and downloading phases of the software. In this phase, the result is the improvement of the efficiency and effectiveness of the process of software asset management. This is the Rationalized stage in the process of SAM.
Reaching Tier 4 stage – Complete Agreement – means achieving the ideal strategic stage, allowing the process of software asset management to support the strategic business objectives, bringing reduction of costs, operational cycle optimization, production increase and competitive innovation. It defines the concept of mechanisms that, once in operation, will allow the company to stay in compliance in a continuous and constant way, by reviewing the results of the implementation of the initial tiers. It is the Optimized stage in the process of SAM.
The standard still defines the objectives for each one of the activities or process areas, informing to which tier such objective is applied, the satisfaction requirements and possible results, aiming at certifying the maturity level of SAM, which can be attested when all the requirements of a tier are achieved, or yet, when all the objectives of a tier are achieved. It also recommends the continuous monitoring of these requirements and objectives to guarantee the maintenance of a maturity level that has already been reached.
The main required competences for the operation of software asset management were highlighted by Fernandes and Abreu (2008): Software contract management; Regulations of Property Ownership and Copyright; Audit techniques in software asset management; Knowledge of tools for software asset management.
The roles and responsibilities of SAM, according to the ISO/IEC 19770-1:2012 standard, are centered on the profiles owner/administrator (SAM owner) and SAM local administrator (local SAM owner). It is for the owner/ administrator to develop the SAM plan of an organization, by defining its objectives and guarantying the necessary resources to deliver the planned results. It is for the local administrators to manage SAM per se, it means, to document software assets and implement the SAM policies and procedures, including the management of suppliers and assessment of licensing necessities.
Next, the adopted methodological procedures for the accomplishment of the research, which had the following stages to achieve their objectives, were presented:
1st Stage – The accomplishment of a cycle of bibliographic researches and literature review was the starting point for the determination of the adequate theoretical framework to understand the state of the art of this research, through bibliographic records. This phase was fundamental to determine the problem situation and the relevance of the research, confirming the choice of the theme.
2nd Stage – Identification, based on the literature, of the relevant aspects of the process of software asset management, which may be objects of verification in the practices of IT managers that aim at the objective of the research.
3rd Stage – Development of a quantitative questionnaire from the aspects identified in the 2nd stage and from other elements and sources that could contribute to reaching the objectives, validating them through a previous application with three IT managers and scholars.
4th Stage – Mapping of the perceptions of the implementation of software asset management, through the application of a questionnaire, developed in the previous stage, to the IT managers in companies of Rio de Janeiro, which was distributed and answered online.
5th Stage – Analyses of the results and conclusion of the study in light of the objective of the research, emphasized in perspectives of future works.
In relation to the literature review, the ISO/IEC 19770 standard brought the central term of this research – software asset management. Besides the low incidence of records found on the portal of periodicals of CAPES--
By refining the researches in the bases, the records obtained with the key words “ISO/IEC 19770”, the combination of “software asset” and “management”, “software” and “license agreement”, besides the central term itself, were considered relevant to the theme, resulting in 73 distinct records. From these 73 initial articles, the diversity of research themes about software assets was observed, making a deeper investigation to identify studies related to the management and control of such assets necessary. Then, 11 articles that really corroborated the comprehension of the research theme, and that founded the questionnaire described in the 3rd Stage, were selected.
The questionnaire was elaborated with closed questions, grouped in 2 blocks, being the first one about the profile of the company, with 8 (eight) questions. The second block with 12 (twelve) questions that aim at investigating the current scenario of the company in relation to software asset management.
Questions 9 to 20 were conceived to receive the following answers: 5 (Yes, automated), 4 (Yes), 3 (Do not know), 2 (Not yet (suggests future intention)), 1 (No).
As described in the 3rd Stage, the elaborated questionnaire was legitimated through a pre-test applied to three members of the research group who were selected to assess the clarity, the number of questions and the average answering time. The pre-test result did not indicate the necessity of alteration in the format or number of questions.
Therefore, the questionnaire could be published on the virtual forum of the group – CIORJ (Chief Information Officer of Rio de Janeiro) – in Yahoo Groups, composed by 80 IT managers from large and midsize companies based in the city of Rio de Janeiro, being each manager a representative of a company.
In this stage, the processing and analysis of the result of the research with the involved public is presented, by comparing it with the data found during the literary review.
The elaborated questionnaire applied in this research was available for answering for 20 days, between the dates 06.27.16 and 07.16.16, and was made with the support of the online research tool software Survey Monkey. The invitation to participate in the research was sent to 80 members of the CIORJ group, obtaining response from 53 of them, corresponding to a response rate of 62,25%.
The first block of answers sought to identify the profile of the companies in which the respondents act as IT managers, with descriptive and quantitative answers, related to legal nature, income, business segment, the number of employees and hardware assets, and still to the use of cloud computing and serve virtualization.
The first question of this block (
The following question, question 2 (
The mapping of the economic activity segments was object of investigation in the third question (
However, by this point it can be enlightened that the majority of the respondents work in large private companies of the 3 (three) main economic segments, thus, being a significant and expressive sample to analyze aspects of software asset management, once the companies widely use software to perform their buying and production operations, confirming the adherence of the sample to the objectives of the research.
Yet in question 4 (
Knowing the amount of computers and mobile devices was the next object of investigation in question 5 (
Still in the ambit of hardware, the use of tablets and smartphones has become more and more common in the routine of the employees in the companies, independent of the position or role that they have. Thus, it is fundamental that the IT managers (Chief Information Officers – CIOs) face the challenge to manage these devices and mobile applications. In this ambit, the main challenges found by the CIOs are related to management, information security and software asset management, being the last one, the aspect that motivated question 6 (
It is observed the use of mobile corporate devices, considering tablets and smartphones, in which 41,51% of the respondents informed that in their companies there are between 101 e 500 devices and 32,08% more than 1000. Also, 11,32% have less than 100, and 15,09% have between 501 and 1000. It is still interesting to relate the proportion of employees and mobile corporate devices, according to
Nº of devices | Employees | Mobile devices |
Less than 100 | 3,77% | 11,32% |
Between 101 and 500 | 13,21% | 41,51% |
Between 501 and 1000 | 15,09% | 15,09% |
More than 1000 | 67,92% | 32,08% |
In
Another aspect that can influence this relationship is the fact that it has become more and more common for the employees to use their personal devices for professional purposes, strategic known as BYOD (Bring Your Own Device), which may make the challenge of the IT managers to manage the devices and mobile applications even more expressive.
Following the mobile devices, there are the advances of the use of cloud computing resources, which refer to the shared and interconnected use of storage resources, computing capacity and processing, being able to be accessed over the internet from any place and any device.
This was the focus of motivation of question 7 (
Cloud computing allows the companies to incorporate innovations in the IT field without affording the costs of acquiring the software license and implementing a specific infrastructure (systems and hardware) to run the applications.
In the software cloud model, the costs are only related to the payment of a monthly fee that refers to the services and specific processing resources that are being used and that are hosted on the server of the service provider. However, the adoption of cloud computing technology by the companies cannot only be seen from the cost point of view, but from an expansive technology, which takes the financial and strategic aspects, architectural technology and Management into consideration (RIBEIRO; BIANCHINI, 2017).
From another aspect, virtualization of datacenters is one more technological resource that impacts the process of SAM, by considering the separation degree between software and hardware and introducing configurations for dynamic changes, which are unquestionably more difficult to keep track of and manage, from the compliance point of view with licenses, notwithstanding the benefits of such resource for the management of datacenter.
Question 8 (
In the last questionnaire block, questions 9 to 20 researched into the real scenario and aspects of SAM, it means, in the environment of the companies through IT managers, according to the benefits and requirements of the tiers of implementation development defined in the ISO/IEC 19770 standard.
Questions 09 to 12 investigated the basic requirements established in
In question 9 (Q9: Is there a hardware inventory?), it was observed that 77,36% of the companies perform the hardware inventory, and in 28,30% of the companies this process is also performed in an automated way with tools that perform the search and registration of hardware in a communication network. By considering the size of the companies and the quantity of installed equipment, a more expressive use of automation tool for hardware inventory was expected. On the other hand, it was interesting to observe that 9,43% of the respondents informed that this process is not yet performed, but they suggest the intention to implement it.
Question | Likert Scale | ||||
5 | 4 | 3 | 2 | 1 | |
Yes, automated | Yes | Do not know |
Not yet |
No | |
(Q9) | 28,30% | 49,06% | 13,21% | 9,43% | 0% |
(Q10) | 16,98% | 56,60% | 11,32% | 13,21% | 1,89% |
(Q11) | 26,42% | 47,17% | 13,21% | 11,32% | 1,89% |
(Q12) | 20,75% | 50,94% | 11,32% | 16,98% | 0% |
(Q13) | 26,42% | 37,74% | 11,32% | 20,75% | 3,77% |
(Q14) | 7,55% | 52,83% | 13,21% | 11,32% | 15,09% |
(Q15) | 1,89% | 37,74% | 13,21% | 39,62% | 7,55% |
(Q16) | 9,43% | 43,40% | 15,09% | 28,30% | 3,77% |
(Q17) | 3,77% | 56,60% | 15,09% | 22,64% | 1,89% |
(Q18) | 0% | 47,17% | 13,21% | 30,19% | 9,43% |
(Q19) | 1,89% | 66,04% | 11,32% | 7,55% | 13,21% |
(Q10) | 0% | 75,47% | 11,32% | 5,66% | 7,55% |
In question 9 (
Another relevant observation was the inexistence of a completely negative answer (Answer: No), fact that affirms the preliminary conditioning of this tool for the implementation of SAM, and even the relevance of this process in the ambit of IT management, suggesting what those that do not have inventory yet (Answer: Not yet) intend to do.
Questions 10 and 11 asked the managers about the performance of the inventory process of acquired and installed software, respectively. As to question 10 (
As to question 11 (
In addition, question 12 (
Additionally, even if one of the options of the answering scale highlights the automation function of software asset management (Answer: Yes, automated), it was chosen a specific question about the use of an automation tool (software) with the objective to highlight the contribution of this resource to the process of SAM, being this the focus of question 13.
In relation to question 13 (
As to the pointed divergence, there are indeed diverse hardware and software inventory solutions in the market, from free to complex and paid solutions developed by major software manufacturers, like Microsoft and IBM, with focus on the copyright of their products. In addition, the major consulting and audit companies provide inventory solutions aiming at offering assurance of conformity to audit cases, as well as providing an opportunity to reduce costs and optimizethe use of corporate software for their clients.
In general, such solutions sweep the whole network to identify the installed devices, searching for hardware and software information on different platforms, whether they be Windows, Linux, Mac, and storing them in a single Configuration Management Database (CMDB).
After the identification of the existing software assets by following the implementation stages defined in the ISO/IEC 19770-1 standard, it starts the stage in which occurs the effective software asset management, denominated –
In this context, questions 14 and 15 investigated, based on the inventory, the accomplishment of the procedures for conformity analysis, as well as the existence of policies on software assets. This comparison process consists of the analyses of software contracts and copyrights according to each licensing model from the suppliers, through hardware and software inventory.
The auditory conformity and the reduction of costs are among the main benefits of SAM, however, it is primarily necessary to confront the information about acquired and installed software according to inventory data. As results of question 14 (
It is still part of this stage to review the necessities to use software, and perform the renegotiation and license renewal processes, if it is the case. Therefore, it is important to know the internal “owners” of the licenses, it means, who the people and department that use each software asset are.
In relation to the requirements for the development of SAM, in
Questions 16 to 18 had the objective to verify the results reached with the implementation of SAM. The benefit of effective compliance in asset audits is reached in 52,83% of the companies, according to question 16 (
On the other hand, 32,07% of the companies informed that the current process of SAM does not guarantee compliance of software license, suggesting fragility in the inventory and asset analyses stages, or yet, resulting from the lack of automation tools and of procedures and rules that make the process easy and agile.
In question 17 (
The focus of question 18 (
To complement the understanding of the scenario of SAM in the companies, questions 19 and 20 focused on the human resources inserted in the process. According to question 19 (
To conclude, the last question, number 20 (
In relation to the implementation of SAM in the researched companies, the observed results suggest compatibility with the study performed by KPMG (2010), which pointed that 50% of the organizations in Brazil have deficiencies in the maturity SAM, once they do not have complete and precise information about software copyright, 34% have limited control, but do not adopt procedures or tools for SAM and only 16% implemented some procedures and tools for SAM, but the derived information may not be reliable and, generally, it is not part of the decision-making process. It is pertinent to except that the comparison above considers that the study of this research is limited to the companies in the city of Rio de Janeiro, while the study by KPMG embodies the national ambit, justifying certain differentiation in the assessment of the development of SAM in the companies of the city of Rio de Janeiro, target of this research, with the national scenario, which contemplates companies of other diverse economic segments and sizes.
Next, the obtained results were integrated and interrelated, creating a relationship between the development tiers of the implementation of SAM and their objectives, defined in the ISO/IEC 19770-1 standard, with the questions in the third block of the questionnaire, according to
|
|
|
Tier 1 | Reliable data | 9, 10, 11 e 12 |
Tier 2 | Keep track of assets | 13 e 14 |
Tier 3 | Efficiency improvement | 15, 16 e 17 |
Tier 4 | Alignment with the strategic objectives | 18 |
For each question, it was then observed the distribution rate that confirms the objective accomplishment of each tier, adding up the rates of the answers “Yes, automated” and “Yes”, according to
In this table, the column “Tier” was created, in which it was observed that, in the majority of the companies, the process of SAM is in the initial stage of development – Tier 1, followed by Tier 2.
Question |
Positive distribution |
Tier |
(AnswersYESandYES, AUTOMATED) | ||
09 | 77,36% | |
10 | 73,58% |
Tier 1 |
11 | 73,59% | |
12 | 71,69% | |
13 | 64,16% |
Tier 2 |
14 | 60,38% | |
15 | 39,63% | |
16 | 52,83% |
Tier 3 |
17 | 60,37% | |
18 | 47,17% |
Tier 4 |
It was initially performed a literature review, especially regarding the ISO/IEC 19770-1 standard and academic works aiming at software asset management, which assisted in the creation, application and analysis of the proposed questionnaire with focus on IT management. Therefore, the answer about the scenario of the process of software asset management in large and midsize companies of Rio de Janeiro was founded in the knowledge verification of the aspects of SAM identified in the literature review and of the current situation of the process of SAM in the companies.
In relation to the situation of the implementation of SAM, the analysis of result allowed to conclude that in the majority of the companies the SAM process is still in the initial stage of development - Tier 1 – in which only the reliable data on software assets are guaranteed, followed by Tier 2. It is relevant to highlight that about 25% of the companies do not even recognize or are able to identify their software assets.
On the other hand, approximately 47% of the companies have already reached the stage Optimized – Tier 4 – in which the process of SAM is already able to contribute to the organizational strategic objectives, however it is essential to accentuate that the result was not achieved through verified and corroborated evidence, but actually based on the perception of the respondents.
Still, in relation to the scenario of SAM in the companies, it was possible to verify that the current stage of implementation allows approximately 50% of them the accomplishment of the conformity to software audits, the optimization of the use and acquisition of software licenses and even, in a little smaller incidence, allows to contribute to the alignment of IT investments with strategic objectives, due to the effective rationalization of control of software assets. Eventually, it was observed that as the management process develops, fewer companies fit these stages.
It is a relevant factor to consider that the implementation of a program for software asset management consumes IT budget resources, or with investment in dedicate human resources or with the acquisition of a tool for inventory automation and analysis of conformity, still varying as the processes are created and matured.
The recovery of this investment varies from a certain level of inefficiency before the implementation until the time the plain management is capable of interfering in the organizational objectives, being one of the responsibilities of IT managers to control the development level of SAM adequate to his organization, so the implementation cost is not higher than the obtained return.
As more companies incorporate the management of software assets by considering the resulting benefits – monitoring of assets, conformity, efficiency and cost reduction – as an IT strategy capable of promoting some competitive advantage for the organization, it is possible to expect an expansion tendency towards its adoption.
The objective of this research was investigating the scenario of the implementation of software asset management in companies in the city of Rio de Janeiro, and it was based on the stages of development of SAM defined in the ISO/IEC 19779-1 standard. Other researches may complement and extend the results of this work by analyzing the scenario of SAM in national ambit, or for other segments and companies sizes.
ABES (2014).
ASSOCIAÇÃO BRASILEIRA DE NORMAS TÉCNICAS (ABNT). (2012).
ASSOCIAÇÃO BRASILEIRA DE NORMAS TÉCNICAS (ABNT) (2005). NBR ISO/IEC 27002 - Código de Prática para a Gestão de Segurança da Informação. Rio de Janeiro.
BANCO NACIONAL DE DESENVOLVIMENTO ECONÔMICO E SOCIAL (Brasil) (2010).
BOWEN, P.; CHEUNG, M.; ROHDE, F. (2007). Enhancing IT governance practices: a model and case study of organization’s efforts.
FERNANDES, A.; ABREU, V. (2008).
FULGENCIO, P. C. (2007). Glossário Vade Mecum: administração pública, ciências contábeis, direito, economia, meio ambiente. São Paulo: Mauad.
HAES, S.; GREMBERGEN, W. Van (2005) IT governance structures, processes and relational mechanisms: achieving IT/business alignment in a major Belgian financial group
KPMG (2010).
MCAFEE, A. (2004). Do you have too much IT?
RIBEIRO, A. S.; BIANCHINI, D. (2017). The Deployment of Systems in Cloud Computing Environment: a Methodology to Select and Prioritize Projects
WANG, Y. et al. (2015). The interaction effect of IT assets an IT management on firm performance: A system perspective.
The author declare that no competing interests exist.