As a leader in the financial services industry, this well-rounded financial technology company employs over 6.5k people and proudly advocates and innovates for those they serve. Their reputation is a top priority as it lays the foundation for the relationships with their stakeholders. They are no stranger to audits that could damage them reputationally and financially so ensuring they had a robust ITAM Governance structure in place to protect this was imperative. They needed a partner that would help build a SAM program and offer the expertise to support them during with three current audits.
Anglepoint facilitated this program and provides ongoing audit support, managing audits from some of the industry’s most aggressive auditors. They have a strong working relationship with Anglepoint and call upon them regularly when an audit arrives because Anglepoint can respond with confidence.
Multiple Vendor Audits & Limited ITAM Governance
For financial organizations, audits are not uncommon. The client recognized that to ensure they were in a state of continuous audit readiness with all of their vendors, they needed a Software Asset Management program in place to manage the full life-cycle of all of their software assets. They needed to be confident that, when an audit arrived, they would be armed with both the accurate data and information required to respond and the expert knowledge of each of the vendors.
They needed to outline clearer goals and processes to streamline the audit responses and those responsible at each stage. Without a repeatable documented process in place, each audit was dealt with reactively rather than proactively. They had limited visibility around risk, where it was located, and which vendors were in scope. This meant they were unable to prioritize vendors and where to focus their time and effort. Without a governance strategy in place, there was limited control of assets, data, and resources and the ability to communicate this back to stakeholders with the required information needed to manage the business’s software assets.
The arrival of a federal audit notice, a Quest audit and then very shortly after, an Oracle audit, left the client in fire-fighting mode, requiring resources to provide responses rather than being able to focus on planning the SAM program.
They needed a short-term fix and a long-term strategy.
Navigating three major audits and launching ITAM Program Transformation
There were two layers to the solution Anglepoint provided – immediate support with ensuing audits and the development of a robust SAM program to deliver governance, processes, and life-cycle management. Anglepoint’s experts worked with the client to deliver ITAM Program Transformation. This involved a series of training sessions and workshops to fully assess requirements and KPIs. Through this, they secured stakeholder buy-in and implemented the program. Alongside this project, they navigated three major audits.
The FFIEC audit was the top priority. The client and Anglepoint agreed upon a 2-week sprint methodology. They defined clear goals and responsibilities, reviewed data from 60 domains, and implemented the necessary standardized controls.
Quest was next on the list. Having settled an audit back in August 2020 they were surprised to receive a second formal audit notice in July 2021 requiring further information. In addition to completing an Effective License Position (ELP), Anglepoint performed an analysis of the Quest audit language within their agreement. After reviewing the agreement, Anglepoint noted that Quest only had the right to audit the client once per year, and Quest had used that audit already. Following Anglepoint’s recommendations, the client emailed Quest indicating that the audit was closed from their perspective. Quest did not respond until the following year.
Finally, Oracle. When the “soft audits”, that came as a result of a tardy response to a Java subscription bill evolved into full-blown formal Java audits, the client was one of the first recipient organizations. The client and Anglepoint completed a full Java assessment, reviewing consumption and entitlement data. Together, they identified several potential areas for optimization and developed a fresh strategy to reduce Java license consumption. Additionally, Anglepoint provided guided responses to help with the audit along with recommendations on a strategy for a new Oracle Java ULA.
Short-term: successfully navigated three software audits
FFIEC – Used gap analysis to identify potential areas for optimization and address consumption. Anglepoint also highlighted areas of risk, providing the client with an effective mitigation strategy. Ultimately, the client successfully navigated the audit and avoided negative reputational and financial implications.
Quest – Leveraging language within Quest’s usage agreement, the partnership was able to delay the most recent audit until the following year. This allowed additional time to mitigate any possible financial risk.
Oracle – Utilizing Anglepoint’s guidance responses, the client successfully navigated the Oracle Java audit. Additionally, the client followed Anglepoint’s recommendations and entered a new ULA for Java. The new agreement contained an amendment of the audit clause and resulted in cost savings.
Long-term: Transforming their ITAM Program
As a result of the extensive work done through this partnership, the client’s SAM team gained sponsorship from senior leadership to utilize Anglepoint’s recommendations in transforming their ITAM program. The client is now well-positioned to navigate any future audits, including the delayed Quest audit, and mitigate any potential financial risk. Today, the client continues to drive their ITAM program forward with increased visibility.
The internal team didn’t have the appropriate skill set or time to outline exactly what was required for an RFP, evaluate and assess the vast selection of SAM tools available on the market; and then run a POV exercise on their own.
Transform Your ITAM Program Today
Anglepoint’s ITAM Program Transformation Services help you establish program objectives, success criteria, policy development, process design, and roles/responsibilities.