Lo 1
Lo 1
Lo 1
Ethiopian TVET-System
INFORMATION TECHNOLOGY
SUPPORT SERVICE
Level IV
LEARNING GUIDE # 1
Ethiopian TVET-System
INFORMATION TECHNOLOGY
SUPPORT SERVICE
Level IV
Information Sheet # 1
You should use this list as a starting point for thinking broadly about the types of risks that could
impact your business. You may discover that you need to consider other important areas of risk
that are not listed here.
Indirect risks to your business
People often make the mistake of overlooking things that don't directly impact their business and
are therefore unprepared to deal with change. For example, while your business might not be
directly affected by a natural disaster, you may still suffer if it affects your suppliers, customers
or general location.
Consider how these scenarios could affect your business:
If your suppliers are affected, you may run out of the products you sell, or the materials you
need to make products.
If your customers are personally affected their priorities may change and you could
experience a reduced demand for your products or services.
If your general location is affected, you and your customers may not be able to access your
premises, or your utilities could be affected. For example, you could lose power, which could
mean you:
o will not be able to operate your business
o may need to throw out any perishable goods and replace them, which can be costly.
Managing risk in your business
The process of identifying risks, assessing risks and developing strategies to manage risks is
known as risk management. A risk management plan is an essential part of any business as it
helps you to understand potential risks to your business and identify ways to minimize them or
recover from their impacts.
Identify and analyze maintenance needs
Guide to maintenance needs
Risks to business continuity are identified due to system malfunction including quantification of
possible loss
Systems architecture and configuration documentation are reviewed.
Equipment and/or software audit are conducted if appropriate information is not available
Warranty status of components and/or software according to vendor, project or organizational
requirements are determined and documented
Critical components and/or software and document recommendations are identified regarding
possible service arrangements
Identified risks and problems are documented.
Recommended maintenance solutions are developed to meet business needs and applied to deal
with the client based on the document
IT Audit
Audit is independent review and examination of records and activities to assess the adequacy
of internal controls, to ensure compliance with established policies and operational procedures,
and to recommend necessary changes in controls, policies, or procedures
IT Audit The process of collecting and evaluating evidence to determine whether computer
system safeguards assets, maintain data integrity, achieves organisational goals effectively and
consumes resources effectively.
Elements of IT Audit
2. System Administration
3. Application Software
4. Application Development
5. Network Security
6. Business Continuity
7. Data Integrity
In order to understand your software compliance status, you must first answer the question, “What do we
have,\ and where is it?” A complete software inventory provides a foundation for you to not only assess
your current license position, but also to ensure ongoing license compliance. It is therefore crucial that it
be performed thoroughly and accurately. Conducting a manual inventory is rarely practical; it is time-
consuming, error-prone, and difficult to keep up-to-date.
For the purposes of this guide, we will therefore strongly recommend that a software asset management
tool be used. For compliance purposes, it is of utmost importance to ensure that, at the most basic level,
the tool collects data on installed software and analyzes the information from a licensing perspective by
comparing collected inventory data with software purchasing records.
If you don’t already have a software asset management tool that provides such functionality, be sure to
select a product that provides:
In addition to helping you determine whether your organization is compliant, the inventory functionality
found within your license management tool can also tell you what applications are installed that may
pose a risk to security or productivity, and give you information to help you determine whether or not
your organization could benefit from establishing software standards.
After performing a software inventory, we suggest you begin collecting software usage data right away,
so that you have more complete information with which to make subsequent purchasing decisions, as
well as offset the costs of “truing up” with savings on unused software. Step Three, which involves
gathering software licensing documentation (discussed in Step Three) can be fairly time-consuming, and
you’ll more than likely be able to establish a good base of usage information during this process.
Software usage tracking tools, or software “metering” tools, are designed to collect software usage
information across an organization. By identifying unused or underutilized licenses, you can save
significantly on licensing costs by either reallocating the unused licenses to users that truly need them or
by terminating maintenance on them. As previously discussed, your software asset management tool will
ideally have both inventory and metering functionality, so that licensing information can be
simultaneously reconciled with both software inventory and usage data.
The next question you’ll need to answer when conducting a software audit is “What software licenses
does my organization own?” Answering this question requires collecting software licensing information
for the software inventoried in Step One. For many, this is the most difficult step in the software audit
process. A good place to begin is with your purchasing records. Gather invoices and organize them
according to software manufacturer. You may need to contact software publishers and/or resellers to
obtain complete purchasing details. Centralize all the documentation into digital format that can be
imported into or referenced by the tool for reconciliation against installed licenses and usage volume. At
a very minimum, you will want to track the exact number of licenses purchased for each software title,
but it may also be valuable to track other details such as dates of purchase, purchase prices, maintenance
expiration dates, and PO or invoice numbers for additional tracking and analysis.
Now that you have gathered both software inventory and usage data, you can reconcile your
purchasing information with the number of licenses installed and the frequency with which those
applications are utilized. As previously mentioned, your tool should be able to automatically reconcile
inventory and metering data with your licensing agreements to show where you are under-licensed, and
where you are over-licensed. With this information, you are prepared to take corrective action.
If you discover, for example, there are 175 copies of CRM software installed across your desktops, but
your company has only purchased 150 licenses, you know that 25 of those copies are not legal; you will
therefore need to purchase 25 more licenses.
You may also find, for instance, that your organization has purchased and installed 300 licenses of
Microsoft Project, but that 100 copies have not been launched over a period of 60 days. In such
situations, there are a number of options available to you, both of which can offset the “trueup” costs for
non-compliant software, if not generate significant net savings: you may uninstall the unused copies and
redistribute them to users that actually need them (thus avoiding the future purchase of more licenses), or
you may let your maintenance contract lapse on those licenses to save money on unnecessary support and
upgrades.
In some cases, organizations are simultaneously out of compliance and over-licensed on the same
software title. How can this be? Let’s say that your inventory reveals 200 copies of a certain application
installed across your company, but your licensing information indicates that monly 150 licenses were
purchased. Based on this data alone, the logical conclusion would be to purchase an additional 50
licenses in order to regain compliance. Now, let’s say your data tells you that only 50 copies of that
software have been launched over a period of 30 days. This could lead to a completely different
outcome; although the terms of your licensing agreement may likely still require that you “true up” on
the over-installed copies, your organization may be able to partially offset this expense by reallocating or
terminating maintenance on the unused licenses.
And, in some cases, your software vendor may even be willing to “forgive” the compliance violation or
reduce your true-up costs as an act of good faith if you can prove those installed licenses have not been
used.
In summary, when conducting a license reconciliation, it is very important to take into account both
software inventory and usage data. When considered together, this information can help you not only
offset your costs of becoming compliant, but help you make informed buying decisions well into the
future.
To protect your organization from compliance violations in the future, you should have written policies
and procedures regarding software installation and use throughout the software lifecycle, from
procurement to retirement. The following three areas should be addressed, at a minimum:
To simplify your compliance efforts going forward, you will need to establish software purchasing
guidelines, as well as procedures that ensure ownership is documented and records are maintained on an
ongoing basis. These processes will vary greatly depending on who is authorized to purchase and install
software. Things to consider include:
Determining specifically which people and/or departments are responsible for acquiring new
software, negotiating pricing, and tracking purchases.
Creating a list of approved software vendors.
Deciding whether or not employees are allowed to buy software on their own, and if so, what
kinds of software they are authorized to purchase. If employees are allowed to purchase
software, be sure to develop and communicate guidelines for documenting the purchase and
storing documentation.
Creating a central location and assign ownership for maintaining all relevant purchasing data.
You will likely want to incorporate some of the data into your software asset management tool
for reconciliation, while other, more detailed documentation and proof of ownership may be
stored elsewhere.
Determine exactly what purchasing information is important to have on hand. Check with
your software vendor or reseller to determine what constitutes “proof of ownership” in the event
of an audit.
B) Software use
In addition to establishing purchasing procedures, is very important to develop a set of policies governing
the download, installation, and use of software among employees, and to make employees aware of these
rules. Consider posting a Software Usage Policy on your internal company web site, having each
employee review and sign the document, and sending periodic reminders to employees that they are
responsible for knowing the rules. This will demonstrate your commitment to good corporate citizenship
not only to your employees, but also to vendors, if you make them aware of your efforts. Some questions
to address are:
Who should be allowed to install software? If employees are allowed to install software on
their own desktops, you must develop a process for reporting and documenting these activities.
What kinds of software are allowed on the desktop? Should the use of gaming applications,
chat programs or other non-business related software be allowed in your organization? If not,
you must consider whether employees should be self-governing, or whether you want to
implement a system to monitor and/or block the launch of unauthorized applications (many
software metering tools have both of this capability).
What are the penalties, if any, for not complying with your organization’s Software Usage
Policy?
Introduction to warranties
If you complained about a problem with a product while it still was under warranty, you are
entitled to get it repaired under the terms of your warranty contract.
Even if your warranty has ended but you complained about a problem before the expiration, a
company still is expected to repair the product under the warranty terms. However, keep copies
of repair orders and the warranty if you need to back up your claims.
To help prevent future problems when you make a major purchase, compare warranties on
competing products.
Spoken warranties
Sometimes a salesperson will make an oral promise, for example, that the store will provide free
repairs. Have the salesperson put the promise in writing, or do not count on the service.
Service contracts
When you buy a car, home or major appliance, you may be offered a service contract. Although
often called extended warranties, service contracts are not warranties. Warranties are included
in the price of the product.
Service contracts come separately from the product at an extra cost. To decide whether you
need a service contract, consider several factors:
Whether the warranty already covers the repairs you would get under the service
contract;
Whether the product is likely to need repairs and what the potential costs might
be;
How long the service contract is in effect; and
The reputation of the company offering the service contract.
Carefully read the product instructions and warranty. Do not expect features the
product was not designed to give or assume warranty coverage that never was
promised. Having a warranty does not mean you automatically get a refund if a
product is defective. The company may be entitled to try to fix it first.
Discuss your complaint with the retailer. If you cannot reach an agreement, write
the manufacturer. Your warranty should list the company's address. Send all letters
by certified mail and keep copies.
If this doesn't work, you can call your local consumer protection agency; contact
the company's dispute resolution organization; take your case to small claims court;
or consider a lawsuit.
Documentation Tools
Documentation tools include any technical resources and materials that are used to develop and
support documentation.
Some tools, which can be used to create text, drawings and software specifications, include:
Word processing software, eg MS Word or Open Office
Drawing software, eg MS Visio
Database software, eg MS Access
Project management software, eg MS Project
Web page development software, eg MS FrontPage or Dreamweaver
Spreadsheet software, useful for analysis, eg MS Excel
Systems analysis and design CASE tools, eg System Architect.
Help authoring software, eg Help Developers Kit – HDK
Templates are predefined outlines that contain the structure and format of a document. The
writer opens the template and inserts the required text or diagrams into the relevant area of the
template. The advantage of this is that a standard layout can be used and the writer will be
prompted for information for the required sections, thus reducing the possibility that important
items may be overlooked. Software packages that are used for producing documentation will
usually include templates for most of the standard business documents that a company might use.
Often, during a project, you will develop standards specifically for that project. This would be
done in collaboration with the other members of the project team and incorporating any existing
organisational standards.