When looking into Proof of entitlement - there are several different things we can use as proof of licenses but when working with your procurement teams in the onboarding process - what do you ask for in the standard process to be sent to you ? has any body stipulated in there purchasing/sourcing process a standard set of information that the vendor or re-seller needs to be sent to you and has that worked for you ? Currently the ITAM dont automatically receive copies of invoices unless we ask for these - if we to be sent all it would be to many and also the invoice may not give us the info we need. As a manual process we do gather all the usual contracts/renewals/schedules addendums etc . Just want to know if any of you have automated this process ?
We have an automatic export that sends all new purchase order summary from SAP one in every month. Only 2 different codes are allowed for a software order to be booked. We aligned with Procurement that they would reject anything else. We regularly review the export and open the SAP order manually to read the PO and we update our records with the new expiration date or with the new license agreement.
I had used software reseller extracts on a weekly basis, this was then uploaded to the SAM tool. Nothing fully automated however. Separately for those outliers of purchases that did not come through the reseller extract we required a manual entry executed by the purchasing person or team that gave us PO#, Reseller or source, and so forth to validate the purchase. In the end when you are audited the software publisher will use their records as proof of purchase and most always will lack the complete picture you have since someone internally to your company might not have purchased directly with the publisher, supplied incorrect company code to log your purchase and so forth. So for those large software publishers who come with highest volume/risk for audit it’s a good idea to reconcile what they have on record and compare to your source of “truth”
It’s pretty complex. From an internal controls perspective there should be a matching between PO, Invoice, Receipt of goods, and payment (the payment is important - if you haven’t paid you’re not licensed).
But as Bryant says there’s also the back channel issue, or resellers messing up, or licenses being allocated to the wrong agreement numbers - or even customers! I’ve seen all of those things, particularly in larger organizations. One specific example was projects with their own budgets not purchasing licenses through the usual channels and the expense not coming out of the IT budget lines for software. The outcome of that was the wrong licenses being purchased at the wrong price but I digress. Like much in ITAM it’s all about data reconciliation. Get multiple sources, including publisher records, and find gaps/assess the quality. Measuring the error/exception rate is a good way to understand quality because so much of this is automated - which should mean consistent errors are made which once discovered can be resolved.
Our process is similar to that Matyas mentioned. What we do additionally is financial matching. Every quarter we do license matching on the fixed asset list that our finance team sends.