A survey conducted by Software Asset Management (SAM) consultants Liken Group, reveals that 87 % of the IT and SAM Executives who responded felt that because of a growing focus on compliance-only criteria, current ISO/IEC 19770-1 targets for effective SAM would not be sustainable. Other areas of the standard such as risk mitigation and cost control would be sidelined by an ill informed, shortsighted approach at Board Level, which some are describing as a “tick-box” compliance culture.
87% of the 138 who completed the survey felt that unless the situation changed drastically, their organisations would be unlikely to meet the full targets over the next 12 months. Of these, 80% felt that the situation had worsened markedly over the last 12 months as enterprise wide compliance-only business drivers have taken centre stage.
The main reasons given centred around a lack of understanding of the benefits of the standard and on the pressure to meet only corporate governance objectives. Of those who feared for their own company’s ability to achieve and sustain ISO 19770-1, 95 % felt it was due to a top down squeeze on internal resources and 83% a lack of board level understanding of the benefits of the standard as a whole package. 68% highlighted cultural challenges in implementing best practice in SAM.
82 % of those who expressed a concern were worried that this attitude would mean real sacrifices in terms of other elements of the standard, such as Risk Mitigation and Cost Control within their organisation.
According to James Rowlands, Managing Director of Liken Group,
“ It seems that where there is an over-emphasis on purely meeting legal compliance levels, organisations are being held back from achieving real best practice standards, which is bad news for those charged with focussing on risk mitigation and cost control. The birds eye view of many boards is that if we can tick the box on compliance alone, then why do we need to provide resources go beyond this.”
“However, to many SAM experts this seems to be a short sighted and ironic approach because the areas of the standard under pressure seem to be those most likely to protect the organisation against unexpected problems and unforeseen costs at a later date. There is clearly a need for a better business case for ISO/IEC 19770-1 to be made with an emphasis on the cost control and risk mitigation benefits that arise from achieving it.”
“Unless the highest levels of management perceive these broader benefits, which in turn requires a full understanding of the standard, organisations may be dropping their guard with potentially disastrous consequences and missed opportunities.”