Johannesburg, 15 Oct 2010
The magnitude and reality of under-licensed software has come as a great surprise to top executives. Many of these executives have only recently spent a great deal of effort and resources introducing corporate governance policies and processes.
This is according to Alexander Forbes Risk Services' unit head, Peter Cook, who says the extent of this unrecognised liability could be much higher if software providers were to become more aggressive in imposing penalty clauses.
“Penalties in the contracts can run to a R5 000 fine for each illegal copy used and/or a five-year maximum prison sentence. A second criminal finding sees the fine rise to R10 000 per copy and a five-year maximum sentence,” he says.
IT asset management firm Scantrack says it recently completed software compliance reviews of over 300 organisations in SA. Findings from these reviews confirm existing Gartner statistics that 35% of software utilised within organisations is under-licensed.
“This costs the general economy R1.5 billion each year and the software industry R3.1 billion in lost income,” Scantrack reveals.
The precarious legal status of IT licensing and usage in most of SA's larger companies has led Alexander Forbes and Scantrack to establish a joint IT assessment and management consultancy.
“The alliance between our two organisations and the combination of our respective skills is helping us meet the growing demand for independent review services in the IT risk area,” says Cook.
Complex licensing structures
Cook believes that most under-licensed positions have not been intentionally created but, instead, arose due to complicated licensing structures.
“Most commercial software is licensed via a complex structure of volume agreements that provide entitlement to use a suite of programs for a period. This often leads to a 'mis-licensing' position where what is deployed does not match the entitlement profile purchased,” he explains.
He also reveals that the other problem leading to under-licensing is the 'deploy now, pay later' philosophy.
“This generally leads to a position where the goods have been delivered and are in use before the commercial considerations have been agreed and formalised.”
Cook also believes overwhelming data volumes also leave organisations with under-licensed software.
“The volume of software titles evidenced on machines in any fairly large-sized network can run into thousands. Since it is often fragmented and incomplete, licence risk assessment is difficult, and hence often avoided.”
In his findings, Cook also points out that after a merger, the new entity often pays twice for much of its IT licensing “as each of the original entities continue in their previous licensing agreements without any attempt to consolidate licenses and payments.”
IT a black box?
According to Cook, executive management and non-executive directors can no longer treat IT as a black box, trusting that their CIO, outsource service providers, software vendors or IT managers are doing the right thing when it comes to IT corporate governance.
“The King III recommendations specifically call for an independent assessment of the adequacy and efficacy of the IT corporate governance framework,” he says.
As such, King III recommendations and requirements under the new Companies Act and Public Management Finance Act have raised the bar on IT governance responsibility and widened the scope beyond listed entities only.
While there are various steps a company can follow, the first step is a thorough assessment of the current IT corporate governance framework, he says.
“The objective here is to identify and highlight significant areas of risk to ensure that the business is not carrying any unrecognised liability - providing an independent, holistic view of an organisation's IT governance framework since just knowing what risks you are running can help you manage them,” says Cook.
“This assessment will provide executives and risk committees with the independent risk assessment recommended by King III while providing some high-level quantification of the various IT risks facing the company,” says Cook.
This will enable the organisation to focus its efforts on correcting past errors and begin building an effective IT corporate governance framework going forward.
“It will also empower them to be in a far stronger negotiating position with software vendors to negotiate better licensing platforms going forward,” adds Cook.
Share