Software License Compliance – is it part of IT GRC?

I’ve been exploring a very informative article on IT Audit techniques by Robert E Davis. It dives into a level of sophistication around the choices of testing methodologies that I am naive in, so kept me occupied for more than the regulation one mug of coffee per blog read. It also gave me a link to a UK Web site that lists a bunch of compliance resources, and I was struck by the fact that neither Robert’s article, nor this UK resource, made any reference to basic software license compliance. Why is this? 

I can see that making sure your organization stays within the terms of the licenses under which it uses software could be regarded as basic commercial housekeeping. There is no legislation that I know of which makes a specific point about this. Is this why the topic, and the responsibility and cost, of license compliance, is shuffled uncomfortably between Procurement and IT Asset Management?

In attending IAITAM conferences, and the excellent seminars on software license negotiations given by Peter Frazza of Budd Larner, I have noticed how often the delegates came from procurement backgrounds. Massive opportunties were being missed to ‘join up the dots’ and make license compliance a part of an integrated Software Asset Optimization strategy.

If anyone has identified specific compliance legislation clauses that can be linked to the basics of software license compliance, I will be forever in your debt if you can let me know. This Cindarella topic needs a boost. Until it gets it, financial penalties levied by the likes of the BSA for non-compliance will be a  risk being carried – and never declared! – by the great majority of organizations that use software.