When an organization that’s meant to represent the ultimate in “strict” gets caught with pirated software, it’s worth digging a little deeper into the story. A recent audit by the Treasury Inspector General for Tax Administration (TIGTA) discovered that the Internal Revenue Service (IRS) had been running pirated software due to “poor management of software licenses.” Auditors also stated that the IRS couldn’t produce documentation to validate proper licensing on 24 of 27 software products they reviewed, were over-using three software packages, under-utilizing eight others, and lacked the documentation to determine the status of a further eight. Given that the U.S. Tax Code is about as convoluted as the average vendor’s software license agreements, I’m sure the irony of the situation isn’t lost on anyone.
No wonder that the report called the IRS out for “not adhering to Federal requirements and recommended industry best practices” and warned that the absence of effective software license management protocols could result in legal problems and financial liabilities in the future.
The IRS isn’t the only large organization faced with software license management issues. (In another interesting case, the Central Intelligence Agency has been battling with software maker Kofax in the U.S. Court of Federal Claims over ambiguous software licensing terms.) Efforts to prevent the use of pirated software in federal agencies go back to the Clinton era, but government action to remedy the situation has been slow.
At least this report shows a willingness on the part of the government to address the problem. An organization as large as the IRS, however, could be using far more than 27 software packages in different areas or departments; but without a single, integrated, overarching software license management tracking and control system in place, it will be a hard problem to solve.
The IRS agrees. Following the report, IRS CTO Terence V. Milholland wrote that the agency planned to create a central control system for software licensing that will put “effective management controls around desktop, laptop, server and other delivery platform software licenses.” The IRS will also create an Enterprise Software Governance Board to oversee the management of software licenses.
The jury is out on how effective the agency’s efforts will be in policing themselves to stem the tide of unlicensed software. As any private sector organization can likely attest, understanding the intricacies of dozens of license models from hundreds of ISVs—much less enforcing them—can be infuriating, if not excruciating, for even to the most seasoned IT departments. I’d like to think, though, that a little investigation into the other benefits of a comprehensive software asset management program might provide additional incentive for the IRS to get its house in order. As Kris Barker wrote in his March 13 blog post “Are You Part of the One Percent?“, organizations that have effective SAM programs in place not only have a better chance at staving off full-blown audits, but also, on average, save about 20% of their software spend by identifying and purging unused applications from their software portfolios. In light of most people’s contempt for wasted taxpayer dollars, an effort on the part of the IRS to reign in superfluous IT spending could go a considerable ways toward repairing the damage this incident has done to the agency’s already less-than-sterling reputation—but given the bureaucracy, sprawl, and glacial pace of most government agencies, I, for one, am not holding my breath.