SAMs Need to Understand Business Process Management/Improvement

As a practicing SAM professional, I spend a significant portion of my time developing, improving, &/or integrating business processes within unique IT environments. While I by no means need to become fully credentialed by the Business Process Management Association, I still use their methods on a daily basis.

My point is this: Until the Institute for Technology Asset Management introduced its “next generation” SAM credentials, SAM certificate training has ignored – & continues to ignore – this critical skill set. Instead, SAMs are being handed generic processes/methodologies that more often than not do not apply to their unique corporate culture.

Effective business processes evolve to fit very specific needs in highly diverse environments. They do not “plug in.”

Management Methods Need to Evolve to Reflect Knowledge Worker Competency

What if you could convert your enterprise organizational matrix to help the enterprise function at a significantly higher level. In my experience, executives in way too many enterprises are still managing their employees with a sort of "industrial age" mentality. This mentality does NOT work with well educated or highly skilled knowledge workers.

For a more involved project team consider "Holacracy" - Believe it or not, this is precisely how we need to build the most effective teams to deliver maximum value as well as creative teams to deliver innovative approaches to existing issues or needs.

Take a look at this InfoGraphic from TopManagement Degrees[dot]com.


Source: TopManagementDegrees.com

When consumers speak out about licensing sharp practices, we're belligerent. When the industry acts belligerently, they're justified?

Definition:  “Belligerence” - aggressive or warlike in nature.  

“…your belligerence is commendable…”

This discussion is a result of a LinkedIn post regarding a shortage in skilled SAM practitioners. Not sure how we moved to this topic but my reply was too in-depth for the LinkedIn word count.

Thanks, Paul!  Just so you understand, this has been an enjoyable interaction. I genuinely wish we could all sit down as a group & discuss these topics – without interference from the software industry players & their friends. Unfortunately, these groups have managed to divide the business technology consumers so that very little coordinated resolutions will be forthcoming anytime soon.

Let’s take your questions one at a time:

It never ceases to astound me how many people perceive anyone who pushes back at the predatory software industry enforcement groups as belligerent. A majority of licenses is specifically designed to be nearly impossible to comply with; license terms & conditions can be changed at will, as frequently as desired, and with little or no notification to the consumer; online licenses are intentionally designed to be nearly impossible to read as well as impossible to print and those of us who speak out against such sharp practices are belligerent? Gee… I guess that would be me, except I have spent years trying – and failing – at the “Renaissance man” approach. 

It’s beyond time that our IT execs & the CEOs/CFOs woke up to discover that it’ll be THEIR names on the non compliance settlement papers. Has anyone READ Sarbanes Oxley or related due diligence regulations? It is beyond time to haul our heads out of that fascinating hole and lead with intelligent awareness.

“…with your process how do you propose to deal with a CEO of an End User who is looking for compliance when his view follows the logic that he does not need to understand electricity to be able to turn a light on and off…”

My clear statement for over a decade has been to require the enforcement industry to publish their audit process, their audit results, and their audit records. As long as these people continue to intentionally hide audit activities – humorously entitling them as “educational”, our executives will never become well aware of the entire range of compliance issues.

Example: Even while “advertising” their $1,000,000 whistle-blower reward programs, the US enforcement groups are actually only handing out around $4,500 in rewards in less than a tenth of the audit action events. Very few people will actually read the fine print in the offer, or actually hear the whispered “up to” in the heavily published ads. In fact, sincewe began teaching SAMs to track enforcement industry press releases, those releases are becoming more & more difficult to locate. (I wonder why?)

I’m sorry but, if a CEO, or any C-suite executive of even a partially sophisticated enterprise is still unaware of at least the fringes of the license compliance environment, they do not belong in their position. At the next level of the org chart, if the IT people, or purchasing, or whoever is working with the licenses is not aware enough to communicate the issues to the C-suite, then THEY do not belong in their position. Let’s see… The real world demonstrates that license compliance & audit costs are serious business & ethical issues. One would reasonably believe that genuine leaders, not figureheads, should be aware of the topics by now.

Example: Any effective captain of a ship is trained & capable of a clear awareness of all aspects of operating & managing that ship. They even know better than to stick a screw driver into a live electrical outlet. That’s called leadership and it’s in rather short supply.

“Why over complicate an issue when we should be feeding the ‘need to be compliant’ story at the User end rather than creating confusion and complexity at the MSP end….”  

Precisely “who” is going to “feed” this information to the end users? I recognize that MSPs are relatively new on the scene but if they cannot fully define their industry perhaps they shouldn’t be in that industry in the first place. In order to sell in a managed service, shouldn’t a key performance indicator be to educate the buyers of root cause & critical underlying operational issues? We can bet the enforcement industry isn’t going to “educate” the end user – there’s WAY too much money to be made in conducting punitive audits for the auditing groups to deliver any thoroughly meaningful awareness campaign.

Example: SAM training programs that are managed by, or reliant upon, the software or enforcement industry players do not teach SAMs how to negotiate audit clauses OUT of licenses. Most of these same programs don’t even discuss negotiating agreements for more favorable terms. And THESE SAMs are the “qualified people” that IT Directors have to call upon for advice?

How many people are aware that the generations & industries who are responsible for a majority of incorrectly licensed products being used on systems are also the most “educated” generations on the planet. The average sixth grader probably knows more about piracy and copyright than our average executive? (Now THAT is scary.) Since the software industry, recording industry, video industry & general copyright enforcement industry began their “education” campaign, incorrectly licensed software & other copyright violation use has soared.

Example: These problems aren’t easy to resolve. However, when a clear majority of end users cannot understand the licenses, they are at minimal fault for not knowing how to behave.(Oh, wait. I nearly forgot. The compliance auditors are “letter of the law” people. Consumers are expected to have a fully legal understanding of all compliance issues.) When these same “end users” are intentionally confounded by shifting terms & conditions; shifting audit procedures; and clueless leaders, what is the logical result? Lots & lots of non compliant companies to audit?  Lots & lots of easy audit issues for levying fines & penalties?

As to an executive not needing to know how electricity works to be able to plug in a light; let’s see how well they learn when they short out the circuit by incorrectly inserting the plug. Don’t suppose someone had to teach them, somewhere, what the hazards of electric current could be… Go back to my knife in the socket analogy.

“If the IT Director has trained staff who are educated to remain compliant in the software deployed on his estate and also trained in the basics which enable the User to follow a path that ensures correct software usage ie not overspending, surely that is panacea? “

This is the key point I have been trying to make: A clear majority of IT Directors does NOT have a staff genuinely trained in compliance. Well over ¾ of existing SAMs have been trained & certified in literal “overnight” certification mills. An additional 70% – have been trained by the enforcement groups or software industry players themselves. Does anyone genuinely believe that these special interest groups are actually delivering the full SAM perspective in less than 12 hours of actual training?

Example: The Institute SCCA & SAM programs deliver over 29 individual online, on-demand, sessions that teach credential candidates the basics of over 42 different types of software licenses. We cover more than 30 specific key license clauses that SAMs must know & understand. We walk candidates through two actual audit scenarios to help them understand what they’ll need to know/do. We discuss how to negotiate many clauses that are onerous OUT of licenses as well as how to insert many clauses that are necessary but missing INTO the license. A majority of SAM certifications – including so-called “standards” – do not touch these topics…

“Are you stating that the ‘Just In Time’ process is not right for SAM?”

Anyone who is foolish enough to play a “just in time” license compliance game does not belong in our industry. Licensing begins when the enterprise identifies an initial need and continues until all products & derivative products relating to the original agreement have been eliminated from all enterprise systems. Compliance issues must also be carefully tracked & managed for as many as ten years after the last product or derivative has been removed.

Maybe you are correct. While I prefer to be labeled as “passionate” about these topics, maybe belligerence is the only method to gain the attention of people who are being robbed blind by an industry that has created the problem, continues to find new methods of enhancing the problem, and continues to conceal their actions behind self-righteous “educational woe is me” public relations campaigns. Anyone who has suffered through a conversation with an enforcement agency or software publisher auditor is well aware that this industry has declared war on its own consumers. My apologies if my “push back”, “know your rights”, and “openly proactive SAM training” frameworks are not gentle enough.

Software Audit! Run for your lives!!!

Here is an excellent article in CIO Magazine covering software audit awareness (HERE). We need more like this. However, DO NOT STOP HERE. This article lets you know just enough to be dangerous. 

For nearly 15 years I've been working with enterprises from around the world to teach them how to minimize their exposure to non compliance audits. These audits are incredibly costly - even crippling - and the business technology consumer simply has no idea how to manage audit assurance. What's even more hazardous is that a majority of so-called training programs on the market are being sponsored or delivered by the very organizations that want to conduct that predatory audit on your company.

Here are a few observations about the article:

$. The key to all audits is that you agreed to be audited, at any time, for any reason, or for no reason at all. That's correct. A clear majority of licenses lock you into agreeing to be audited. And you accepted the clause!

$. When you receive that audit letter, you are required to LOCK down all changes to your systems. That means, from the date the letter was written.

$. According to the auditing groups themselves, the average lawyer is THEIR best friend during an audit because that average lawyer has no idea how to manage a copyright compliance audit. i.e. In fact, the majority of lawyers will advise you to settle out of court - whether you are compliant or not. Unless you thoroughly understand the process, you WILL lose & you WILL pay whatever the auditors want to charge you. Figure an average minimum of $2,000 per computing device. More for servers.

$. Comparing what you have loaded against what you are entitled to possess is only the tip of the audit iceberg. You also have to prove you distributed the products correctly, prove your documentation is "written" according to the auditors' standards, and an entire raft of hidden scams - all designed to ensure you lose.

$. Don't expect the original license terms to still be in place when you are audited. Most licenses developed in the past ten years permit the copyright holder to change the terms & conditions at will & essentially without notifying you. You'll lose.

$. Still think you're compliant? Several VERY major software industry players (Yes, I guarantee you have their products) will backtrack any and ALL upgrade licensed products as well as uninstalled products back as many as ten years (That's 10 years) to ensure that your entire upgrade path is correct. It won't be. Pay up...

$. By the way... Most of the time you are only given 30 days to conduct the audit. Jump on that & negotiate an extension or (you guessed it) You'll Lose.

$. During an audit, would you like to bet you’ll still have products that you “thought” were uninstalled? Many of the more popular software publishers are well aware that some of their products cannot be completely uninstalled by the operating system service. During an audit, they know precisely which files to look for & where to look to “prove” you still have the product. In some cases, even a single file can expose you to fines & penalties.

$. You know that vendor or consulting firm you purchased product from or that you hired to help you configure systems? Guess where a large percentage of non compliance reports come from. Yes, your suppliers, consultants, employees, ANYONE who knows enough about your systems can report you & initiate an audit.

$. In many developed countries, the enforcement industry players are offering rewards to anyone who can report your company for violations of software licenses. In the US, two enforcement groups are offering up to $1,000,000 for reporting non compliance. (Of course whistle-blowers will never receive that amount - more like around $4,500) Further, there are more than 100 of these predatory auditors around the globe, nearly two dozen in the US alone. There's serious cash to be had in auditing you. Shouldn't you have a better defense?

Every one of these tales of woe (and many more) has been repeated by companies around the globe, of any size (down to five or six computers), in every industry.

If you want to know more about the business technology CONSUMER side of predatory software license compliance audits, please let me know. I'll be glad to help you sort out the facts from the scams. You can also take a look at several quick audit-related overviews here: http://www.taminstitute.org/training-video-overviews/

Negotiating with Hitler - A Software Asset Manager's Reality

Recently, a practicing software asset manager (SAM) emailed me with a very typical question:

How can we get better software license terms when the software publisher refuses to permit us to negotiate the license terms?

"ARE YOU KIDDING ME???"

My answer was fairly comprehensive, but the bottom line was this:

As long as we permit the software industry players to play contract management games, we are as much at fault for onerous license terms & conditions as they are.

After multiple decades of negotiating with software industry players & their friends, I can give you one key issue that leads to a majority of costly problems for the business technology consumer:

The root cause of nearly every problem you will have with the software publisher, as long as you use their product (and well beyond) will be the terms & conditions of the license.

Learn to negotiate licenses. Learn to push back against onerous terms & conditions. Quit accepting software industry bullying as your only reality. You have as much right as the software publisher to gain mutual benefit in all contractual agreements.

The business technology consumers did not declare licensing & economic war on the software industry players. They declared war on us.

And, YES, you can quote me!

To download the full PDF document covering my observations on how the business tech consumer needs to change our approach to contract negotiations in general, and software license negotiations specifically, follow the link  HERE

It isn't going to be easy. We have to overcome nearly four decades of letting the software industry have its way with us, BUT we CAN become the initial agents for IT asset management change.

Will SAM die out with the growth of subscription-based licensing?

Well qualified SAMs will remain critical to the enterprise as licensing types evolve. Recognize that subscription-based licensing has been the bane of mainframes for decades & only began leaching into the client-server environment at the turn of the millennium.

In fact, studies have consistently found that the prohibitive costs of subscription licensing are one of the top barriers to mainframe growth. Expect the same with client-server. 

The evolution away from perpetual licensing is a result of two factors:

• Sheer greed on the part of software industry players. Gotta keep those revenue streams rolling.
• Legal precedent actions (in some enlightened countries) that have strongly suggested that, if a license is perpetual, it may also be labeled as possessed (as in owned). NOT a concept the software industry players want to take hold.

If you carry the concept one step further, the loss of perpetual licenses is merely a single step toward removing what few licensing controls enterprises have over their software. The next, and even more costly, step is SaaS.

Capable SAMs actually represent the single point of defense enterprises possess when licensing becomes more a process of cash flow than services. Unfortunately, a majority of SAMs have been trained (by SAM programs sponsored or funded by the software industry players themselves) to function tactically (responding to external impetus) rather than strategically (predictively minimizing risks while establishing long range cost reductions & deliverable value).

*(This quick discussion is a response to a post by Rajat Kumar Singh on the LinkedIn group “Software Asset Management Professionals, India.)

Do you know how to calculate the actual costs of a punitive software license audit - BEFORE the audit occurs?

Most software asset managers cannot give their enterprises a "proactive cost-benefit analysis" of exposure to potential punitive audit costs. When we can't clearly define & accurately quantify the risks of software license non compliance, our enterprises will not take those risks seriously - UNTIL the punitive auditors show up. It's little wonder that a majority of SAMs report that management simply ignores their warnings.

But, what if you could actually produce a clear report that demonstrates the actual audit costs & risks to your enterprise bottom line?

One of The Institute's most popular online sessions, "Calculating the Costs of a Punitive Audit," delivers the information you need to help convince management to support. To view a 3 minute sneak preview of the session follow the link below. The slide deck contains audio, so you may want to listen as well:

http://taminstitute.org/images/Flash/open/overview__calculating_actual_costs_of_a_punitive_software_license_compliance_audit_viewlet_swf.html
 
 It's the knowledge you need to succeed!

SAM Standards & Best Practices - Great for the big guys. Not so great for the SME...

I've seen small- to medium-sized enterprises around the globe spend tens of thousands of completely wasted dollars attempting to conform to software asset management and/or software license compliance standards & best practices that had virtually nothing to do with their unique environment.

Evidently, Dogbert agrees. This quote from a recent Dilbert comic:

Dogbert: "I'll teach you the best practices of companies that have nothing in common with yours. Those practices will fit your company like a foot in a glove."

While best practices are useful as general guidelines, they are more frequently too complex, to costly, & too dependent on highly controlled environments & high level technicians to genuinely work.

Tired of throwing away good money attempting to implement global standards or best practices?

Do this: Determine what your actual goals are for your software license compliance, software asset management or systems asset management initiative. Conduct a GAP analysis to identify where you need to apply your efforts. Prioritize the efforts to minimize risks & deliver rapid value. Then, permit the process to work for a month or so to stabilize. 

Once stable, repeat. Don't forget to allow for your unique enterprise culture when you initiate these types of changes. Human & organizational change management are critical to your license compliance, SAM, & ITAM/TAM success. 

Take a look at your personal SCCA & SAM credential roadmaps HERE.  Keep in mind that The Institute delivers the only competency-based credentials in the world. These are the skills that employers are genuinely searching for. Credentials that deliver the knowledge you need to succeed - only from The Institute!