Software Asset Management Maturity Assessment

Most organisations discover 30–40% more software assets during their first formal inventory exercise than they believed they had. An incomplete inventory is the single biggest risk factor in any audit. Discovery tooling (SNOW, Flexera, Lansweeper) must be combined with defined data governance around agent coverage to produce a reliable inventory.

Organisations operating at ISO 19770-1 Tier 1 typically store entitlements in spreadsheets, creating reconciliation gaps. Tier 2 and above require a purpose-built ITAM tool with contract ingestion workflows. Without a central repository, effective licence position (ELP) calculations are unreliable and audit responses are slow.

Annual ELP calculation is insufficient to catch mid-year consumption drift. Quarterly — or monthly for high-risk vendors such as Oracle and IBM — is the standard at SAM maturity Stage 3. Automate reconciliation rather than relying on manual spreadsheet processes that introduce human error and delay.

Organisations add an average of 21 new SaaS applications per month. Shadow IT subscriptions represent 30–40% of total SaaS spend in many enterprises. SaaS management platforms (Torii, Zylo, Productiv) provide discovery layers; without them, rogue spend and redundant licensing remain invisible to finance and procurement.

Reconciliation processes at SAM maturity Stage 2 remain largely manual. Stage 3 introduces workflow automation and exception queues. Document your reconciliation process, assign named ownership and establish SLAs for clearing exceptions within defined timeframes to prevent backlog accumulation.

Vendors rely on late notification to limit negotiation time. Best practice is to begin renewal review 180 days before expiry for contracts over £/$500k and 90 days for smaller agreements. Missing the negotiation window forces auto-renewal at list price, typically with a 10–15% price increase applied.

Oracle, IBM, Microsoft and SAP all conduct formal software audits. Audit response time from notice to submission is typically 30–60 days, but organisations without audit-ready data spend 40–60% of that window gathering information rather than analysing it. Maintain pre-built audit packs for your top five vendors at all times.

Orphaned licences are a top finding in SAM audits. A leaver who retains a £400/year software seat for 12 months before detection costs the organisation money and creates audit risk. Integrate ITSM and HRMS deprovisioning workflows to automate licence return on offboarding without manual SAM team intervention.

Cloud tagging gaps prevent accurate BYOL (Bring Your Own Licence) tracking for products like Oracle Database on AWS or SQL Server on Azure. Enforce mandatory tagging via policy-as-code before cloud sprawl makes retroactive tagging impractical across thousands of resources.

Research suggests 53% of SaaS licences are unused or significantly underutilised. A formal rationalisation programme at Stage 3 maturity typically yields 15–30% licence cost reduction within 12 months. Use utilisation telemetry from vendor admin consoles, not user surveys, to identify rationalisation candidates objectively.

Vendor negotiation capability is a differentiator between Stage 3 and Stage 4 SAM maturity. Organisations with negotiation playbooks that document discount levers, audit response tactics and contract traps consistently pay 15–25% less on renewals than those without. External advisory support is common for tier-1 vendor negotiations.

Without executive-backed policy, SAM initiatives lack authority to enforce licence return, block unauthorised purchases or mandate tooling. ISO 19770-1 certification requires a published policy as a foundational element. Stage 1 organisations often skip this, limiting their ability to act on audit findings or enforce governance decisions.

Mature SAM programmes demonstrate business value through dashboards tracking licence compliance rate, cost avoidance, rogue spend eliminated and audit risk. Without reporting, SAM investments are invisible to finance, limiting budget for tooling upgrades and headcount to sustain the programme.

The Crawl-Walk-Run FinOps framework parallels SAM maturity stages. Integration between SAM and FinOps eliminates duplication of tooling investment, aligns licence and cloud spend reporting, and enables total cost of ownership modelling across hybrid environments for meaningful business case development.

Organisations without a maturity roadmap plateau at Stage 2. A roadmap with defined milestones, tooling investments and resourcing requirements creates accountability and sustains executive support. ISO 19770-1 Tier 3 certification is the recognised benchmark for enterprise SAM programmes and provides audit defensibility.