This blog is originally published as an article in the June 17 issue of LABJ.

In 2018, over $3.5 trillion was spent globally in association with over 19,000 mergers, acquisitions and divestitures with no expected slowdown. For any M&A projects, there is one overlooked area that can result in unexpected costs: software asset management (SAM).

The integration of IT environments during the M&A process is a key focus area, but many fail to account for the importance around SAM. Failure to conduct a SAM assessment leads to increased cybersecurity exposure, inefficient IT spend and high legal and reputational risk around noncompliance.

Security at Risk

Almost 25 percent of cyberattacks reported are due to the vulnerability of end-of-life IT systems and software that is out of date and no longer supported.

Arizona Beverages lost millions in sales due to a cyberattack attributed to their backend servers running outdated Windows operating systems.

Additionally, 143 million consumers were affected by the Equifax data breach. The House Oversight Committee concluded that the breach occurred due to systems and software that were out of date: “Equifax did not see the data exfiltration because the device used to monitor network traffic had been inactive for 19 months due to an expired security certificate.”

Part of a SAM assessment is to ensure all assets are accounted for and inventoried. Through this process, a company is able to identify un-inventoried devices that will be at risk. After inventorying all devices, a secondary analysis should be done on the operating system and individual software components on each device to ensure all installations are up to date. This is critical data required for a cybersecurity team to identify and address vulnerabilities.

Capitalizing on Synergies

When two companies merge, there can be cost-reduction synergies by identifying efficiencies. One of the easiest ways to identify synergies is within the IT environment. However, over two-thirds of IT professionals admit they do not have a formal SAM strategy. This can result in a 10-20 percent waste of the annual software spend through paying for licenses and maintenance on software not in use or providing the same value.

A SAM assessment establishes a baseline showing how many licenses are owned and how many are currently deployed. From that assessment, a company can identify competing software solutions that generate the same value and consolidate down to a single preferred vendor. Additionally, a company is able to identify software that is being under-utilized and no longer need to pay for licenses not in use, creating an immediate and reoccurring annual savings.

Targeted For an Audit

It is no secret companies involved in M&As are targeted by software vendors to conduct software license audits. Changes involving geographical location, employee counts and IT environments have licensing implications, and these audits are timed to catch companies in non-compliance, which often results in millions of dollars of compliance issues.

Assuming a company is in compliance, it will need to find out if the company it is acquiring doesn’t have any hidden compliance issues in its IT environment. It also needs to look for pirated software and cracked license keys (a common issue seen in audits). Even worse, businesses assume because they acquired a company, they own the license entitlements and deploy software they believe they own. The result: a multi-million dollar settlement letter because the license agreement was nontransferable.

Do Not Be Surprised

Managing a company’s always-changing IT environment is difficult enough for resources familiar with it, but introducing a second environment, as well as complex license agreements, only complicates matters.

To avoid surprises when merging IT environments, be sure to answer:

  • What security threats are being introduced, and what is being done to combat them?
  • How much IT budget is spent on unused or duplicate software, and how to realize cost savings?
  • What are the legal exposures in software noncompliance, and how are they resolved?

Companies that do not focus on SAM during the M&A process are left exposed to risks and costs that can impact the overall success of the deal. By doing their due diligence before the merger, companies can reduce their exposure and make sure they are prepared.

GHJ’ Royalty and Licensing Practice has the skillset and expertise to provide the necessary software asset management services for any company to:

  • Evaluate legal risk around license noncompliance
  • Prepare a company for its next software vendor license audit
  • Negotiate a company’s next software license agreement or upcoming renewal
  • Assess the completeness and accuracy of a company’s Software Asset Management tools
  • Realize cost savings of 10-20 percent of a company’s annual software spend through software asset management

Please contact GHJ' Royalty and Licensing Team to learn more about our services and how we can assist your company in mitigating risks.