Ana Márcia Quitério Varela
Universidade Federal Fluminense, Brazil
E-mail: avarela33@gmail.com
Mirian Picinini Méxas
Universidade Federal Fluminense, Brazil
E-mail: mirian_mexas@vm.uff.br
Geisa Meirelles Drumond
Universidade Federal Fluminense, Brazil
E-mail: meirellesdrumond@gmail.com
Submission: 10/09/2017
Accept: 06/03/2018
ABSTRACT
The
implementation of processes and tools of Software Asset Management (SAM) has
become an action agenda for Information Technology (IT) managers. Then this
study aims to investigate the scenario for the implementation of SAM in large
and midsize companies of Rio de Janeiro, Brazil. As methodology, a literature
review was performed which founded the creation of an online questionnaire
applied to 53 Chief Information Officers (CIOs). Based on the result of this
research, it was possible to identify the knowledge of managers pertinent to
the concept of SAM, and the fact that the majority of the investigated
companies are in stages 1 and 2 of the development of the tiers of SAM proposed
by the ISO / IEC 19770 standard. As contribution, it is expected to elucidate
the recognition of SAM as a relevant factor to be used in the IT area, aiming
at the search for solutions that increase productivity and optimize the costs
and investments in companies.
1. INTRODUCTION
Information Technology (IT) is intrinsic part of the business of the
companies, as well as an essential support to the operation of contemporary
organizations (BOWEN; CHEUNG; ROHDE, 2007, FERNANDES; ABREU, 2008). Notwithstanding the perception of the aggregate value
of IT to business, the decisions and management of IT resources become even
more complex with the fast and constant technological advancements, leading to
flaws in the management and definition of acquisitions (MCAFEE, 2004).
This sensitive relationship between the investment in IT and its impacts
on business has been promoting the adoption of processes and management tools
to orientate the decisions of the IT executives. It is in this context that the
aspects of IT Management (ITM) become inserted in the agenda of the executives,
as a resource for managing, qualifying and guarantying that the investments in
technology are effectively in agreement, and promoting positive results for the
business of the company (HAES; GREMBERGEN, 2005).
In this regard, the implementation of diverse IT processes – such as
configuration, distribution and management of changes – depends on whether the
company has accurate knowledge of its IT assets, in special, software assets.
Nevertheless, the efficacy of a company may be seriously compromised when the
organization does not have knowledge of the software assets it has, where they
are located, how they were configured and how they are used, because the
company may be paying too much to be granted or renew software licenses, or
yet, to license them improperly.
Thus, the difficulty in managing software assets in agreement with the
contractual rules established by the supplier has become a challenge to IT
management. On the other hand, the software suppliers are intensifying their
audit activities to confirm the license numbers for their clients. Besides
agreement aspects, the lack of software asset management can result in
significant and unexpected costs.
There are solutions to the automation of the management of assets in the
market, but just the use of this type of tool does not accomplish or guarantee
the implementation of all the processes that deal with software asset
management. Thus, identifying, managing, optimizing and guarantying the
compliance of software assets in the companies are factors that impel the
companies to implement the process of software asset management.
In this context, the objective of this research is to investigate the
scenario of implementation of software asset management in large and midsize
companies of Rio de Janeiro, Brazil, by observing conditioning aspects that
motivate and impact its implementation.
It is expected, with this study, to elucidate the recognition of
software assets and offer information about its management through
bibliographic review and investigation and analysis of the scenario of the
implementation of software asset management in the researched companies.
2. THEORIC FUNDAMENTATION
This section emphasizes concepts and relevant aspects of Software Asset
Management.
2.1.
Software
Asset Management
Initially, resorting to accounting, asset is a term used for expressing
the possessions, valuables, receivables, rights and the like, which in a
determined moment constitute the patrimony of a natural or legal person and
which are evaluated by their costs (FULGENCIO, 2007).
In general terms, an asset defines something valuable that the company
owns and that is associated with risks and benefits. Within the scope of IT,
the assets cannot be limited to informatics equipment and software installed in
the environment under the responsibility of IT management. The ABNT NBR ISO/IEC 27002 standard – Code of Practice for Information
Security Management – defines asset as “anything that has value to
the organization” and it can be represented as information
assets, software assets, physical assets, services, people and intangible
assets (ABNT, 2005).
According to Fernandes and Abreu (2008), the IT assets refer to the
whole IT infrastructure, and comprehend computers, servers, storage devices,
applications and support software, among others. Therefore, it is observed that
IT assets comprehend hardware and software.
Wang et al.
(2015) concluded that the IT assets do not impact the development of the
companies directly. On the other hand, the capacity of management of these
assets, in an interactive and moderate way through environmental dynamics, is a
strategic resource that can improve the competitive advantage and development
of the company directly.
The IT Asset Management (ITAM) implicates the collection of inventory,
financial and contractual data to manage IT assets during all its lifecycle.
Software Asset Management (SAM) and Hardware Asset Management (HAM) are parts
of the broadest discipline of ITAM.
In this context, the software assets of a company are formed by all the
software systems that support the accomplishment of their organizational
objectives. The term “software asset” is constituted by the right to use some
specific software, which must be documented in software contracts, license
documentation and receipts (ABES, 2014).
Although it is not described in details, the definition of ITIL
(Information Technology Infrastructure Library) for SAM is “all of the
infrastructure and processes necessary for the effective management, control,
and protection of the software assets within an organization throughout all
stages of their lifecycle”, according to ABNT NBR ISO/IEC 19770 standard (ABNT,
2012).
Users, IT professionals, IT executives, suppliers, IT support,
infrastructure and safety services are software asset management clients (FERNANDES;
ABREU, 2008). Thus, the organizations need a strong process of software asset
management. The International Organization for Standardization (ISO) and the
International Electrotechnical Commission (IEC) defined the ISO/IEC 19770 standard as the one that establishes a
base line for an integrated set of the processes of SAM, aligned with the
management of services of ITIL library.
The ISO/IEC 19770 standard is composed by five main
parts, being the first one, the ISO/IEC 19770-1 standard, the object of this
study, because it is a structure of processes aimed at proving that SAM offers
the adequate support to the management of IT assets to fulfill corporate
requirements. Therefore, the main benefits of SAM must include: risk
management; control of costs; competitive advantage.
The ISO/IEC 19770-1 standard (ABNT, 2012) defines four
tiers that allow the implementation, assessment and recognition of the SAM
requirements in stages. The scope details treated in each tier are described as
follows:
Tier 1 – Reliable Database – it comprehends the first or preliminary
stage, where the inventories are the basic source for an efficient process of
software asset management. In this tier, the focus is to identify what is
available, to know how to manage and supply the basis to demonstrate the
compliance of the software ownership right. This is the Basic stage in the
process of SAM.
Tier 2 – Pragmatic Management – it is the
initial stage for Software Asset Management, per se. It starts by the
recognition of the lack of asset data, extension risk, improvement
opportunities and economy. Through the reliable database, constituted in Tier
1, quick wins are obtained, it means, immediate benefits with basic software
asset management. In this tier, the
establishment of rules, policies, responsibilities and definition of the
competencies of SAM are comprehended.
Tier 3 – Operational Integration – it is
based on the foundation of the two previous tiers, inserting integration processes with contract management, financial
aspects through a security system for asset agreement, covering the acquiring,
utilization and downloading phases of the software. In this phase, the result
is the improvement of the efficiency and effectiveness of the process of
software asset management. This is the
Rationalized stage in the process of SAM.
Reaching Tier
4 stage – Complete Agreement – means achieving the ideal strategic stage,
allowing the process of software asset management to support the strategic business objectives, bringing
reduction of costs, operational cycle optimization, production increase and
competitive innovation. It defines the concept of mechanisms that, once in
operation, will allow the company to stay in compliance in a continuous and
constant way, by reviewing the results of the implementation of the initial tiers. It is the Optimized stage in the process of SAM.
The standard still defines the objectives for each one
of the activities or process areas, informing to which tier such objective is applied, the satisfaction
requirements and possible results, aiming at certifying the maturity level of
SAM, which can be attested when all the requirements of a tier are achieved, or yet, when all the objectives of a tier are achieved. It also recommends the continuous
monitoring of these requirements and objectives to guarantee the maintenance of
a maturity level that has already been reached.
The main required competences for the operation of
software asset management were highlighted by Fernandes and
Abreu (2008): Software contract management; Regulations of Property Ownership
and Copyright; Audit techniques in software asset management; Knowledge of
tools for software asset management.
The roles and responsibilities of SAM, according to the ISO/IEC
19770-1:2012 standard, are centered on the profiles owner/administrator (SAM
owner) and SAM local administrator (local SAM owner). It is for the owner/
administrator to develop the SAM plan of an organization, by defining its
objectives and guarantying the necessary resources to deliver the planned
results. It is for the local administrators to manage SAM per se, it means, to
document software assets and implement the SAM policies and procedures,
including the management of suppliers and assessment of licensing
necessities.
3. RESEARCH STRATEGY
Next, the adopted methodological procedures for the
accomplishment of the research, which had the following stages to achieve their
objectives, were presented:
1st Stage – The accomplishment of a cycle
of bibliographic researches and literature review was the starting point for
the determination of the adequate theoretical framework to understand the state
of the art of this research, through bibliographic records. This phase was
fundamental to determine the problem situation and the relevance of the
research, confirming the choice of the theme.
2nd Stage – Identification, based on the
literature, of the relevant aspects of the process of
software asset management, which may be objects
of verification in the practices of IT managers that aim at the objective of
the research.
3rd Stage – Development of a quantitative
questionnaire from the aspects identified in the 2nd stage and from
other elements and sources that could contribute to reaching the objectives,
validating them through a previous application with three IT managers and scholars.
4th Stage – Mapping of the perceptions of
the implementation of software asset management, through the application of a
questionnaire, developed in the previous stage, to the IT managers in companies
of Rio de Janeiro, which was distributed and answered online.
5th Stage – Analyses of the results and
conclusion of the study in light of the objective of the research, emphasized
in perspectives of future works.
In relation to the literature review, the ISO/IEC
19770 standard brought the central term of this research – software asset
management. Besides the low incidence of records found on the portal of periodicals of CAPES-- Coordenação de Aperfeiçoamento de Pessoal de
Nível Superior --, only
the Scopus and Web of Science database records were considered, due to the
reliability and quality of their contents.
By refining the researches in the bases, the records obtained with the
key words “ISO/IEC 19770”, the combination of “software asset” and
“management”, “software” and “license agreement”, besides the central term
itself, were considered relevant to the theme, resulting in 73 distinct
records. From these 73 initial articles, the diversity of research themes about
software assets was observed, making a deeper investigation to identify studies
related to the management and control of such assets necessary. Then, 11
articles that really corroborated the comprehension of the research theme, and
that founded the questionnaire described in the 3rd Stage, were
selected.
The questionnaire was elaborated with closed questions, grouped in 2
blocks, being the first one about the profile of the company, with 8 (eight)
questions. The second block with 12 (twelve)
questions that aim at investigating the current scenario of the company in
relation to software asset management.
Questions 9 to 20 were conceived to receive the following answers: 5
(Yes, automated), 4 (Yes), 3 (Do not know), 2 (Not yet (suggests future
intention)), 1 (No).
As described in the 3rd Stage, the elaborated questionnaire
was legitimated through a pre-test applied to three members of the research
group who were selected to assess the clarity, the number of questions and the
average answering time. The pre-test result did not indicate the necessity of
alteration in the format or number of questions.
Therefore, the questionnaire could be published on the
virtual forum of the group – CIORJ (Chief Information Officer of Rio de Janeiro) –
in Yahoo Groups, composed by 80 IT managers from large and midsize companies
based in the city of Rio de Janeiro, being each manager a representative of a
company.
4. ANALYSIS OF RESULTS
In this stage, the processing and analysis of the
result of the research with the involved public is presented, by comparing it
with the data found during the literary review.
The elaborated questionnaire applied in this research
was available for answering for 20 days, between the dates 06.27.16 and
07.16.16, and was made with the support of the online research tool software
Survey Monkey. The invitation to participate in the research was sent to 80
members of the CIORJ group, obtaining response from 53 of them, corresponding
to a response rate of 62,25%.
4.1.
Result
of the Profile of the Companies
The first block of answers sought to identify the
profile of the companies in which the respondents act as IT managers, with
descriptive and quantitative answers, related to legal nature, income, business
segment, the number of employees and hardware assets, and still to the use of
cloud computing and serve virtualization.
The first question of this block (Q1) aimed at mapping the legal nature of the companies, and it was
observed that 90,57% are private companies, in which producing with the lower
costs to generate profits is one of the main objectives; 9,43% are public
companies. Therefore, the management of software assets used in the
organization must promote efficient cost through the acquisition and
maintenance of licensing, in a way to cooperate with such objective.
The following question, question 2 (Q2), intended to investigate the
average annual income of the organizations. It was observed through the
analysis of income that 7,55% are small and midsize companies, 11,32% are
midsize-large companies and 81,13% are large companies, considering the
criteria defined by the National Bank for Economic and Social Development (BNDES, 2010). Thus, the quantity, diversity
and amount in software development tend to follow the size of the company,
being it the interest for this issue.
The mapping of the economic activity segments was
object of investigation in the third question (Q3). Approximately 30% of the companies perform in the Industry,
Trade and Services segment, being the answers 32,08%, 26,42%,
11,32%, respectively. A significant number of 22,64% could not be identified,
being classified in the category Another. The remaining companies perform in
Education (3,77%), Technology (1,89%); and Telecommunications (1,89%).
However, by this point it can be enlightened that the majority of the
respondents work in large private companies of the 3 (three) main economic
segments, thus, being a significant and expressive sample to analyze aspects of
software asset management, once the companies widely use software to perform
their buying and production operations, confirming the adherence of the sample
to the objectives of the research.
Yet in question 4 (Q4), the objective was to know the number of employees of the
companies: 3,77% with less than 100 employees; 13,21% between 101 and 500;
15,09% between 501 and 1000; and 67,92% with more than 1000 employees. About
the number of employees, the characteristics of the midsize and large companies
could also be confirmed, being 67,92% with more than 1000 employees.
Knowing the amount of computers and mobile devices was
the next object of investigation in question 5 (Q5). The amount of desktop computers and laptops could be observed,
and it was verified that 58,49% of the respondents informed that there are more
than 1000 pieces of equipment in their companies and 37,74% informed that there
are between 100 and 1000 (18,87% between 101 and 500, and 18,87% between 501 and
1000); and 3,77% with less than 100 pieces. The investigation on hardware
assets justifies itself in the concept of software asset like the
software/hardware combo, in this specific case, those programs related to the
operational system.
Still in the ambit of hardware, the use of tablets and smartphones has
become more and more common in the routine of the employees in the companies,
independent of the position or role that they have. Thus, it is fundamental
that the IT managers (Chief Information Officers – CIOs) face the challenge to
manage these devices and mobile applications. In this ambit, the main
challenges found by the CIOs are related to management, information security
and software asset management, being the last one, the aspect that motivated
question 6 (Q6).
It is observed the use of mobile corporate devices, considering tablets
and smartphones, in which 41,51% of the respondents informed that in their
companies there are between 101 e 500 devices and 32,08% more than 1000. Also,
11,32% have less than 100, and 15,09% have between 501 and 1000. It is still
interesting to relate the proportion of employees and mobile corporate devices,
according to Table 1 below:
Table
1: Relationship employees X mobile
devices
Nº of devices |
Employees |
Mobile devices |
Less than 100 |
3,77% |
11,32% |
Between 101 and 500 |
13,21% |
41,51% |
Between 501 and 1000 |
15,09% |
15,09% |
More than 1000 |
67,92% |
32,08% |
In Table 1, the massive use of such devices, mainly in
the companies with up to 500 employees, was observed. From 500 employees, there
is a tendency to balance the use of devices or any other event that was not
possible to identify, being possible to draw some inferences that may explain
such relationships, like: the business segment and/or a type of the activity of
the company like, for example, external sales.
Another aspect that can influence this relationship is
the fact that it has become more and more common for the employees to use their
personal devices for professional purposes, strategic known as BYOD
(Bring Your Own Device), which may make the challenge of the IT managers to
manage the devices and mobile applications even more expressive.
Following the mobile devices, there are the advances of the use of cloud
computing resources, which refer to the shared and interconnected use of
storage resources, computing capacity and processing, being able to be accessed
over the internet from any place and any device.
This was the focus of motivation of question 7 (Q7), in which it was possible to verify the reality of the use of
cloud computing, with 79,25% of the respondents affirming the use of cloud
software and 20,75% affirming that they do not use it. This model allows the
adoption of diverse types of software as a service to make the innovation
process in the organizations agile.
Cloud computing allows the companies to incorporate innovations in the
IT field without affording the costs of acquiring the software license and
implementing a specific infrastructure (systems and hardware) to run the
applications.
In the software cloud model, the costs are only related to the payment
of a monthly fee that refers to the services and specific processing resources
that are being used and that are hosted on the server of the service provider.
However, the adoption of cloud computing technology by the companies cannot
only be seen from the cost point of view, but from an expansive technology,
which takes the financial and strategic aspects, architectural technology and
Management into consideration (RIBEIRO; BIANCHINI, 2017).
From another aspect, virtualization of datacenters is
one more technological resource that impacts the process of SAM, by considering
the separation degree between software and hardware and introducing configurations
for dynamic changes, which are unquestionably more difficult to keep track of
and manage, from the compliance point of view with licenses, notwithstanding
the benefits of such resource for the management of datacenter.
Question 8 (Q8)
sought to know the adoption degree of such technology. It was observed that 52
out of the 53 respondents, corresponding to 98,11%, affirm
that virtualization is proven to be a technology that has been adopted by many
companies; and 1,89% affirm that it is not.
Virtualization allows using an existing server to execute two or more distinct
systems, as each one runs inside its own virtual machine. Thus, expenses on new
equipment are avoided and the possible software and hardware resources of the
server that are idle can be used. Consequently, it delivers significant
advantages in terms of IT efficiency, reduction of costs, more flexibility and
infrastructure availability, contributing to the objectives of IT management.
4.2.
Sam
in the Companies
In the last questionnaire block, questions 9 to 20 researched into the
real scenario and aspects of SAM, it means, in the environment of the companies
through IT managers, according to the benefits and requirements of the tiers of
implementation development defined in the ISO/IEC 19770 standard.
Questions 09 to 12 investigated the basic requirements established in Tier 1 – Reliable Database, according
to the ISO/IEC 19770-1 standard, it means, the first stage of the
implementation of SAM, in which the objective is to identify hardware and
software assets, through the inventory procedure.
Table 2 below was elaborated in order to make the comprehension of the
results related to the process of SAM in the companies easy.
In question 9 (Q9: Is there a
hardware inventory?), it was observed that 77,36% of the companies perform
the hardware inventory, and in 28,30% of the companies this process is also
performed in an automated way with tools that perform the search and
registration of hardware in a communication network. By considering the size of
the companies and the quantity of installed equipment, a more expressive use of
automation tool for hardware inventory was expected. On the other hand, it was
interesting to observe that 9,43% of the respondents informed that this process
is not yet performed, but they suggest the intention to implement it.
Table 2: Question distribution for the
processes of SAM in the companies
Question |
Likert Scale |
||||
5 |
4 |
3 |
2 |
1 |
|
Yes, automated |
Yes |
Do not know |
Not yet |
No |
|
(Q9) |
28,30% |
49,06% |
13,21% |
9,43% |
0% |
(Q10) |
16,98% |
56,60% |
11,32% |
13,21% |
1,89% |
(Q11) |
26,42% |
47,17% |
13,21% |
11,32% |
1,89% |
(Q12) |
20,75% |
50,94% |
11,32% |
16,98% |
0% |
(Q13) |
26,42% |
37,74% |
11,32% |
20,75% |
3,77% |
(Q14) |
7,55% |
52,83% |
13,21% |
11,32% |
15,09% |
(Q15) |
1,89% |
37,74% |
13,21% |
39,62% |
7,55% |
(Q16) |
9,43% |
43,40% |
15,09% |
28,30% |
3,77% |
(Q17) |
3,77% |
56,60% |
15,09% |
22,64% |
1,89% |
(Q18) |
0% |
47,17% |
13,21% |
30,19% |
9,43% |
(Q19) |
1,89% |
66,04% |
11,32% |
7,55% |
13,21% |
(Q10) |
0% |
75,47% |
11,32% |
5,66% |
7,55% |
In
question 9 (Q9: Is there a
hardware inventory?), it was observed that 77,36% of the companies perform
the hardware inventory, and in 28,30% of the companies this process is also
performed in an automated way with tools that perform the search and
registration of hardware in a communication network. By considering the size of
the companies and the quantity of installed equipment, a more expressive use of
automation tool for hardware inventory was expected. On the other hand, it was
interesting to observe that 9,43% of the respondents informed that this process
is not yet performed, but they suggest the intention to implement it.
Another relevant observation was the inexistence of a completely
negative answer (Answer: No), fact that affirms the preliminary conditioning of
this tool for the implementation of SAM, and even the relevance of this process
in the ambit of IT management, suggesting what those that do not have inventory
yet (Answer: Not yet) intend to do.
Questions 10 and 11 asked the managers about the performance of the
inventory process of acquired and installed software, respectively. As to question
10 (Q10: Is there an acquired software inventory?), it was observed that
73,58% of the companies perform inventory for acquired software, however, only
in 16,98% of the companies this process is performed in an automated way. In
13,21% of the companies it was possible to realize the intention to implement
such process, in counterpoint, 1,89% of the managers simply informed that this
process is not performed, suggesting no intention to implement it at that
moment.
As to question 11 (Q11: Is there an installed software inventory?),
it means, those ones effectively activated in the hardware devices in the
network, and as expected, the result obtained in question11 is similar to the
one in the previous question. It was observed that 73,59% of the companies
perform the inventory for installed software, seeing that in 26,42% of the
companies this process is performed in an automated way. In 11,32% the
implementation intention can be inferred and, the same way, 1,89% of the
managers simply informed the non-achievement of this process.
In addition, question 12 (Q12: Is it possible to
identify how many, which and where the software assets are installed?),
sought to validate if the performed inventory process allows to identify,
quantify and map software assets. Consonant with the result of the questions
about the performance of the inventory for hardware and software, 71,69% of the
managers informed that such instrument indeed allows to identify, quantify and
map their assets, accomplishing, this way, the main objective of Tier 1 –having inventory knowledge so
that you can manage it – according to the ISO/IEC 19770-1 standard.
Additionally, even if one of the options of the answering scale
highlights the automation function of software asset management (Answer: Yes,
automated), it was chosen a specific question about the use of an automation
tool (software) with the objective to highlight the contribution of this
resource to the process of SAM, being this the focus of question 13.
In relation to question 13 (Q13:
Is software asset management performed
with the use of inventory tools?), it was observed that in 64,16% of the
companies, software assets management is performed with the help of some
inventory tool, according to their IT managers. Moreover, 20,75% of the
managers informed that they do not use it yet, but it is possible to infer the
intention to use it. In this result, it is pertinent to highlight the
observance of divergence with the results presented in Table IV, which
indicated that the hardware and software inventories are performed in an
automated way (Answer: Yes, automated) in 26% of the companies, approximately.
As to the pointed divergence, there are indeed diverse hardware and
software inventory solutions in the market, from free to complex and paid
solutions developed by major software manufacturers, like Microsoft and IBM,
with focus on the copyright of their products. In addition, the major
consulting and audit companies provide inventory solutions aiming at offering
assurance of conformity to audit cases, as well as providing an opportunity to
reduce costs and optimizethe use of corporate software for their clients.
In general, such solutions sweep the whole network to identify the
installed devices, searching for hardware and software information on different
platforms, whether they be Windows, Linux, Mac, and storing them in a single
Configuration Management Database (CMDB).
After the identification of the existing software assets by following
the implementation stages defined in the ISO/IEC 19770-1 standard, it starts
the stage in which occurs the effective software asset management, denominated
– Tier 2 – in which it is possible
to recognize not only the lack of information about software assets but also
opportunities to optimize and reduce costs, allowing, therefore, the so called
win-wins, it means, immediate benefits from the basic software asset
management. This tier also embodies the establishment of rules, policies,
responsibilities and definition of competences of SAM.
In this context, questions 14 and 15 investigated, based on the
inventory, the accomplishment of the procedures for conformity analysis, as
well as the existence of policies on software assets. This comparison process
consists of the analyses of software contracts and copyrights according to each
licensing model from the suppliers, through hardware and software inventory.
The auditory conformity and the reduction of costs are among the main
benefits of SAM, however, it is primarily necessary to confront the information
about acquired and installed software according to inventory data. As results
of question 14 (Q14: Are any comparisons between the installed
software and the acquired software performed?), this procedure is performed
by 60,38% of the companies, and 7,55% of them use the specific asset discovery and
inventory data software, which may speed this stage and identify potential
conflicts. It is possible to realize that 11,32% of the companies informed that
they do not perform comparative analysis between the acquired and installed
software data yet, but the answer option (Answer: Not yet) suggests intention
to accomplish it in the future. The verification of license agreement does not
occur in 15,09% of the companies, even though the preliminary inventories are
performed.
It is still part of this stage to review the necessities to use
software, and perform the renegotiation and license renewal processes, if it is
the case. Therefore, it is important to know the internal “owners” of the
licenses, it means, who the people and department that use each software asset
are.
In relation to the requirements for the development of SAM, in Tier 3, question 15 (Q15: Are there policies, rules and procedures
that, allied to inventory tool, manage the lifecycle of the software assets
(development/acquisition/maintenance and download)?), it was observed that
only 39,63% of the companies have management instruments, such as policies,
rules and/or procedures that deal with the information obtained through
inventory, against 47,17% of the companies that affirmed they do not have any
instruments, although 39,62% of them suggest the intention to implement these
resources.
Questions 16 to 18 had the objective to verify the results reached with
the implementation of SAM. The benefit of effective compliance in asset audits
is reached in 52,83% of the companies, according to question 16 (Q16: Does the current process of software asset management guarantee compliance
of asset audits?), a result that expresses a successful relation regarding
the objectives of SAM, if the companies that have hardware and software
inventories (approximately 70%), and still the fact that only 40% of them have
defined rules and/or procedures for SAM, are considered the universe of the
research.
On the other hand, 32,07% of the companies informed that the current
process of SAM does not guarantee compliance of software license, suggesting
fragility in the inventory and asset analyses stages, or yet, resulting from
the lack of automation tools and of procedures and rules that make the process
easy and agile.
In question 17 (Q17: Is the current process of software asset
management applied to the optimization of software use and as a basis for the
acquisition of new software assets?) allied with compliance, the research
aimed at investigating the noticed results in relation to the optimization of
the already acquired user licenses, as well as to the acquisition process.
According to Table IV, 60,37% of the investigated IT managers confirmed that
the implementation of the SAM process is performed with such objective,
although the formulated question does not allow to quantify the reached economy
and/or optimization. In 22,64% of the companies the SAM process is not aimed at
this objective, suggesting the intention to reach it in the future, opposing
1,89% of negative manifestation of the implementation of SAM for this purpose.
The focus of question 18 (Q18:
Does the current process of software
asset management allow the alignment of IT investments with strategic
objectives?) was to investigate the implementation of SAM, as a strategic
competency that, through the alignment of IT investments, permits to contribute
to the strategic objectives, according to Tier
4 of the ISO/IEC 19770 standard. In this ambit, it is interesting to
highlight that there was no incidence of answer “automated process”, it means,
the process of analysis and investment decision-making, which allows the
alignment of IT investments with the software assets, occurs in a manual way,
according to data from 47,17% of the managers. It is also expressive to observe
that 30,19% of the managers informed that the current process does not allow
any contribution related to automation of investment, but it is suggestive that
there will be future pretensions soon, against 9,43% of the managers that
stated it negatively.
To complement the understanding of the scenario of SAM in the companies,
questions 19 and 20 focused on the human resources inserted in the process.
According to question 19 (Q19: Does your company have a team or a
professional acting in software asset management?), in 67,93% of the
companies there is at least one professional aiming at SAM, and in 1,89% of the
cases it is a dedicated and specialized resource in this process. It is a
positively expressive result with regard to comprehending the relevance of SAM
for the IT managers, in the ambit of the governance they represent. Only 20,76%
of the managers informed that there are not professionals actin in the process
of SAM, since 7,55% of them suggest the intention to have one in the future.
To conclude, the last question, number 20 (Q20: Does your company have
professionals with knowledge of the main licensing models from the software
providers?), referred to the knowledge of licensing models from the main
software manufacturers/suppliers, considering it to be a relevant aspect for
the process of SAM. As the knowledge of the diverse licensing models, 75,47% of
the managers informed that they have professionals with such competence,
against only 13,21% of them who admitted not having any. However, this
apparently positive result does not guarantee the achievement of the expected
objectives with the implementation of SAM. Firstly, it is necessary to focus
the existence of this competency on the effective implementation of SAM, by
following its implementation and development stages.
In relation to the implementation of SAM in the researched companies,
the observed results suggest compatibility with the study performed by KPMG (2010), which pointed that 50% of the
organizations in Brazil have deficiencies in the maturity SAM, once they do not
have complete and precise information about software copyright, 34% have
limited control, but do not adopt procedures or tools for SAM and only 16%
implemented some procedures and tools for SAM, but the derived information may
not be reliable and, generally, it is not part of the decision-making process.
It is pertinent to except that the comparison above considers that the study of
this research is limited to the companies in the city of Rio de Janeiro, while
the study by KPMG embodies the national ambit, justifying certain
differentiation in the assessment of the development of SAM in the companies of
the city of Rio de Janeiro, target of this research, with the national
scenario, which contemplates companies of other diverse economic segments and
sizes.
Next, the obtained results were integrated and
interrelated, creating a relationship between the development tiers of the
implementation of SAM and their objectives, defined in the ISO/IEC
19770-1 standard, with the questions in the third block of the questionnaire,
according to Table 3:
Table
3: Relationship between questions and
stage of development of SAM
Stage |
Requirement |
Question |
Tier 1 |
Reliable data |
9, 10, 11 e 12 |
Tier 2 |
Keep track of assets |
13 e 14 |
Tier 3 |
Efficiency
improvement |
15, 16 e 17 |
Tier 4 |
Alignment with the strategic objectives |
18 |
For
each question, it was then observed the distribution rate that confirms the
objective accomplishment of each tier, adding up the rates of the answers “Yes,
automated” and “Yes”, according to Table 4. In this table, the column “Tier”
was created, in which it was observed that, in the majority of the companies,
the process of SAM is in the initial stage of development – Tier 1, followed by
Tier 2.
Table
4: Relationship between the questions and the positive distribution
Question |
Positive distribution |
Tier |
(AnswersYESandYES,
AUTOMATED) |
||
09 |
77,36% |
|
10 |
73,58% |
Tier 1 |
11 |
73,59% |
|
12 |
71,69% |
|
13 |
64,16% |
Tier 2 |
14 |
60,38% |
|
15 |
39,63% |
|
16 |
52,83% |
Tier 3 |
17 |
60,37% |
|
18 |
47,17% |
Tier 4 |
5. CONCLUSION
It was initially performed a literature review, especially regarding the
ISO/IEC 19770-1 standard and academic works aiming at software asset
management, which assisted in the creation, application and analysis of the
proposed questionnaire with focus on IT management. Therefore, the answer about
the scenario of the process of software asset management in large and midsize
companies of Rio de Janeiro was founded in the knowledge verification of the
aspects of SAM identified in the literature review and of the current situation
of the process of SAM in the companies.
In relation to the situation of the implementation of SAM, the analysis
of result allowed to conclude that in the majority of the companies the SAM
process is still in the initial stage of development - Tier 1 – in which only
the reliable data on software assets are guaranteed, followed by Tier 2. It is
relevant to highlight that about 25% of the companies do not even recognize or
are able to identify their software assets.
On the other hand, approximately 47% of the companies have already
reached the stage Optimized – Tier 4 – in which the process of SAM is already
able to contribute to the organizational strategic objectives, however it is
essential to accentuate that the result was not achieved through verified and
corroborated evidence, but actually based on the perception of the respondents.
Still, in relation to the scenario of SAM in the companies, it was possible
to verify that the current stage of implementation allows approximately 50% of
them the accomplishment of the conformity to software audits, the optimization
of the use and acquisition of software licenses and even, in a little smaller
incidence, allows to contribute to the alignment of IT investments with
strategic objectives, due to the effective rationalization of control of
software assets. Eventually, it was observed that as the management process
develops, fewer companies fit these stages.
It is a relevant factor to consider that the implementation of a program
for software asset management consumes IT budget resources, or with investment
in dedicate human resources or with the acquisition of a tool for inventory
automation and analysis of conformity, still varying as the processes are
created and matured.
The recovery of this investment varies from a certain level of
inefficiency before the implementation until the time the plain management is
capable of interfering in the organizational objectives, being one of the
responsibilities of IT managers to control the development level of SAM
adequate to his organization, so the implementation cost is not higher than the
obtained return.
As more companies incorporate the management of software assets by
considering the resulting benefits – monitoring of assets, conformity,
efficiency and cost reduction – as an IT strategy capable of promoting some
competitive advantage for the organization, it is possible to expect an
expansion tendency towards its adoption.
The objective of this research was investigating the scenario of the
implementation of software asset management in companies in the city of Rio de
Janeiro, and it was based on the stages of development of SAM defined in the
ISO/IEC 19779-1 standard. Other researches may complement and extend the
results of this work by analyzing the scenario of SAM in national ambit, or for
other segments and companies sizes.
REFERENCES
ABES (2014). Manual
ABES de Gestão de Ativos de Software versão 1. Available at http:// www.abessoftware.com.br. Access:
15/06/2015.
ASSOCIAÇÃO BRASILEIRA DE NORMAS TÉCNICAS (ABNT).
(2012). NBR ISO/IEC
19770-1:2012 - Information technology
- Software asset management - Part 1: Processes. Rio de Janeiro.
ASSOCIAÇÃO BRASILEIRA DE NORMAS TÉCNICAS (ABNT)
(2005). NBR ISO/IEC
27002 - Código de Prática para a Gestão de Segurança da Informação. Rio
de Janeiro.
BANCO NACIONAL DE DESENVOLVIMENTO ECONÔMICO E SOCIAL
(Brasil) (2010). Circular 11/2010 – Alterações das normas relativas ao porte das beneficiárias.
Available at:
http://www.bndes.gov.br/SiteBNDES/export/sites/default/bndes_pt/Galerias/Arquivos/produtos/download/Circ011_10.pdf.
Access: 15/06/2015.
BOWEN, P.;
CHEUNG, M.; ROHDE, F. (2007). Enhancing IT governance practices: a model and
case study of organization’s efforts. Accounting
Information Systems, v. 8, p.191-221. DOI: 10.1016/j.accinf.2007.07.002
FERNANDES, A.;
ABREU, V. (2008). Implantando a
governança de TI: da estratégia à gestão de processos e serviços. 2 ed. Rio de Janeiro:
Brasport.
FULGENCIO,
P. C. (2007). Glossário Vade Mecum: administração
pública, ciências contábeis, direito, economia, meio ambiente. São Paulo: Mauad.
HAES, S.; GREMBERGEN, W. Van (2005) IT governance
structures, processes and relational mechanisms: achieving IT/business
alignment in a major Belgian financial group. In: INTERNATIONAL CONFERENCE ON SYSTEM SCIENCES, 38, Hawaii. Procedings.
Hawaii.
KPMG (2010). Gerenciamento
de Ativos de Software. Available at:
http://www.kpmg.com.br/publicacoes/Gerenciamento_Ativos_30jun.pdf. Access:
15/06/2015.
MCAFEE, A.
(2004). Do you have too much IT? MIT Sloan Management Review, v. 45, n. 3, p. 18-22.
RIBEIRO, A. S.; BIANCHINI, D. (2017). The
Deployment of Systems in Cloud Computing Environment: a Methodology to Select
and Prioritize Projects. IEEE Latin
America Transactions, v. 15, n. 3. p.
557-562. DOI: 10.1109/TLA.2017.7867608.
WANG, Y. et al.
(2015). The interaction effect of IT assets an IT management on firm
performance: A system perspective. International
Journal of Information Management, v. 35, n. 5, p. 580-593. DOI:
10.1016/j.ijinfomgt.2015.06.006.