Dedicated assessment methodology to establish roadmap for development of a comprehensive SAM operation.

1. All
Software Asset Management
Operational & Capability Assessment
Audit Susceptibility Index™
www.it-tprm.com
TPRM Forum LLC Confidential © 2018 All Rights Reserved

2. Susceptibility Defined
Susceptibility is defined as ‘the state or fact of being
likely or liable to be influenced or harmed by a
particular thing’.
In the case of a software audit, Susceptibility is the
likely severity, disruption and extent of financial
exposure a firm may experience in the event a software
publisher issues a ‘Notice of Intent to Audit’ the
deployment of their software.
TPRM Forum LLC Confidential © 2018 All Rights Reserved www.it-tprm.com 2

3. Software Asset Management (SAM) is a multi-
level, multi-discipline function intended to
reduce non-compliance risk of business critical
software assets.
Negotiating the reduction or elimination of
software audit findings, while valuable, is
NOT Software Asset Management.
Effective SAM requires careful orchestration,
monitoring and entitlement management of a
tangible asset. SAM encompasses successful
alignment of policy, procedures, controls,
procurement, IT and PMO processes with rapid
infraction identification. Properly executed,
SAM not only minimizes audit exposure, it
delivers efficiency of software investment.
Software Asset Management (SAM)
TPRM Forum LLC Confidential © 2018 All Rights Reserved www.it-tprm.com 3

4. Software Market Landscape - 2020
TPRM Forum LLC Confidential © 2018 All Rights Reserved www.it-tprm.com
In the past 5 years, software publishers have
demonstrated intent to offset growth challenges
with an increased focus on audit revenue. There
have been many contributors to this dynamic, but
at the core, publishers know the vast majority of
Fortune 2,000 firms have immature or non-existent
SAM capabilities.
Firms need to consider what actions are required
to limit this third party risk exposure. Actions to
consider include:
Clarity of Policy & Procedures
Appropriate Controls: Purchase thru Harvest
Establish dedicated SAM Organization
IT & PMO Process Alignment
Cloud Strategy & Implementation
Leverage proven Technology Platform
Non-conformance Escalation Procedure
Produce effective reporting
4
The Software Asset Management Audit
Susceptibility Index™ Assessment
Methodology addresses each of these core
areas.

5. TPRM Forum has created the SAM
‘Audit Susceptibility Index™’
Assessment Methodology to assist
organizations identify current
effectiveness of their SAM capability and
quickly chart a course for greater
maturity and productivity.
The SAM Audit Susceptibility Index™
(SAM-ASI) Assessment Methodology
features:
 Detailed Assessment across internal
environment.
 Assessment findings produce the Audit
Susceptibility Index™ which enables
development of the detailed ‘SAM Playbook’.
 The SAM Playbook contains detailed,
actionable recommendations, steps, calendar of
events and recommended sequencing in addition
of remedies for the most significant Areas of
Exposure (AoE).
SAM Audit Susceptibility Index™ Assessment Methodology
TPRM Forum LLC Confidential © 2018 All Rights Reserved www.it-tprm.com 5

6. SAM Audit Susceptibility Index™
Execution
14-Sep-18
TPRM Forum LLC Confidential © 2018 All Rights Reserved www.it-tprm.com
The SAM Audit Susceptibility Index™ (SAM-ASI)
Assessment Methodology features a rapid 4-5
week execution to produce detailed Playbooks
designed to drive maturity and overall SAM
capability.
Unlike software
development, SAM
operations need to achieve
Level 4 Maturity to materially
reduce audit exposure.
Assessment of Operational
Risk and Environment
Complexity enables
development of required
actions to reduce risk and
improve environment
dynamics to mature SAM
capability.SAM-ASI ™Assessment Methodology
delivers operational guidance to
produce mature SAM operations.
6

7. www
www.it-tprm.com
TPRM Forum LLC Confidential © 2018 All Rights Reserved www.it-tprm.com 7