The risks involved in not implementing a framework should be highlighted in the business case. The risks will vary across organisations and be largely dependent on the size and complexity of its software environment. The following issues are examples of the types of risks the organisation may be vulnerable to:
An organisation may become over licensed, for example full packaged product (FPP) is purchased by a employee and deployed onto their desktop, the licence is then stored in their filing cabinet and forgotten. When the agency conducts an audit and identifies that they are under-licensed for the product deployed, the purchase department purchases another licence for the application due to the perceived shortfall in licences. This results in additional unnecessary expenditure.
If an organisation does not have a framework and adequate procedures in place, they are at greater risk of being under licensed, as products may have been deployed without following the correct protocol. Organisations and their CEO’s are at legal and financial risk of incurring costly legal fines, penalties and damage from respective software vendors if found to be under licensed during an external audit.
Software licensing expenditure may increase unnecessarily because accurate software licensing information is not available to support organisations to make the appropriate commercial decision. For example, if the option is available, upgrading software licences may be cheaper than purchasing new licences. An organisation that does not keep track of their licence records will typically purchase new licences rather than upgrading as they will be unaware that they are entitled to do so.
Issues to be aware of include:
- Purchasing under a volume licensing agreement rather than one off licences (FPP) on an as needs basis which may be more expensive
- Deployment method of the product designates which licence type need to be purchased. Several different licences may be available for one product and an incorrect licence may easily be purchased where employees responsible for purchasing software have limited or no licensing knowledge
- Recording all maintenance expiry dates for software. After the expiry date, new licences will need to be purchased, which can be significantly more expensive than upgrade licences that could have been purchased under the maintenance arrangement.
Security Breaches and Viruses
An inadequate framework may place the organisations environment at risk to security breaches such as viruses, or updates and/or patches are not being automatically or proactively installed.
No technical support or product upgrades
Keeping software maintenance up-to-date will reduce the risk that vendor technical support and/or product upgrades not being available when required and ensuring the software purchase department know what versions of products are installed so they can support the product deployed. Unlicensed deployments of non-standard software on networks will not be supported by any software vendors.
Software compatibility issues
Employees should not be able to load software that is not authorised or has not been tested, as software compatibility issues may occur. This may expose the agency to significant unexpected financial risk and operational impact, especially if compatibility issues arise with a mission critical application, then the repercussions can be immense. Therefore it is recommended that agencies establish Approved Software Lists to guide software procurement.