This is the accessible text file for GAO report number GAO-14-835R 
entitled 'Federal Software Licenses: Most Agencies Have Reported 
Planned Actions to Address Our Prior Recommendations on Software 
License Management' which was released on September 23, 2014. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

GAO-14-835R: 

[End of section] 

United States Government Accountability Office: 
GAO:
441 G St. N.W. 
Washington, DC 20548: 

September 23, 2014: 

The Honorable Thomas R. Carper: 
Chairman: 
Committee on Homeland Security and Governmental Affairs: 
United States Senate: 

Federal Software Licenses: Most Agencies Have Reported Planned Actions 
to Address Our Prior Recommendations on Software License Management: 

Dear Mr. Chairman: 

In May 2014 we reported[Footnote 1] on federal agencies' management of 
software licenses and the potential for achieving significant savings 
government-wide. Specifically, we found that the Office of Management 
and Budget (OMB) and the vast majority of agencies reviewed did not 
have adequate policies for managing software licenses. We also 
reported that federal agencies were not adequately managing their 
software licenses because they generally did not follow leading 
practices in this area. Consequently, we could not accurately describe 
the most widely used software applications across the government, 
including the extent to which they were over and under purchased. 
Accordingly, we made over 100 recommendations aimed at addressing 
these weaknesses. 

You asked us to describe OMB and federal agencies' current and planned 
actions to address our recommendations on software license management. 
To describe agencies' current or planned actions, we obtained and 
reviewed OMB and the 24 Chief Financial Officers Act agencies' 
[Footnote 2] reported statement of actions[Footnote 3] about their 
efforts to address the recommendations and also gathered relevant 
information from agencies' comments on our May 2014 report. 

We conducted our work from July 2014 to September 2014 in accordance 
with all sections of GAO's Quality Assurance Framework that are 
relevant to our objective. The framework requires that we plan and 
perform the engagement to obtain sufficient and appropriate evidence 
to meet our stated objectives and to discuss any limitations in our 
work. We believe that the information and data obtained, and the 
analysis conducted, provide a reasonable basis for any findings and 
conclusions in this product. 

Background: 

The federal government plans to spend at least $82 billion on 
information technology (IT) products and services in fiscal year 2014, 
such as purchases of software licenses.[Footnote 4] Federal agencies 
engage in thousands of licensing agreements annually. Effective 
management of software licenses can help organizations avoid 
purchasing too many licenses that result in unused software. In 
addition, effective management can help avoid purchasing too few 
licenses, which results in noncompliance with license terms and may 
cause the imposition of additional fees. 

In our May 2014 report, we noted that while OMB had a policy on a 
broader IT management initiative that is intended to assist agencies 
in gathering information on their IT investments, including software 
licenses, it did not guide agencies in developing comprehensive 
license management policies. Of the 24 major federal agencies, 2 had 
comprehensive policies that included the establishment of clear roles 
and central oversight authority for managing enterprise software 
license agreements, among other things; 18 had policies but they were 
not comprehensive; and 4 had not developed any. The weaknesses in 
agencies' policies were due, in part, to the lack of a priority for 
establishing software license management practices and a lack of 
direction from OMB. We concluded that without an OMB directive and 
comprehensive policies, it will be difficult for the agencies to 
consistently and effectively manage software licenses. 

Additionally, we reported that federal agencies were generally not 
following the leading practices we identified for managing their 
software licenses.[Footnote 5] These practices included: centralizing 
management; establishing a comprehensive inventory of licenses; 
regularly tracking and maintaining comprehensive inventories using 
automated discovery and inventory tools and metrics; analyzing the 
software license data to inform investment decisions and identify 
opportunities to reduce costs; and providing appropriate personnel 
with sufficient training on software license management. Table 1 lists 
the leading practices and the number of agencies that had fully, 
partially, or not implemented them. 

Table 1: Summary of Results for 24 Major Agencies' Implementation of 
Software Licenses Management Leading Practices: 

Leading practice: Centralized management; 
Fully implemented: 4; 
Partially implemented: 15; 
Not implemented: 5. 

Leading practice: Established software license inventory; 
Fully implemented: 2; 
Partially implemented: 20; 
Not implemented: 2. 

Leading practice: Tracking and maintain inventory; 
Fully implemented: 0; 
Partially implemented: 20; 
Not implemented: 4. 

Leading practice: Analyzing software license data; 
Fully implemented: 0; 
Partially implemented: 15; 
Not implemented: 9. 

Leading practice: Providing sufficient training; 
Fully implemented: 0; 
Partially implemented: 5; 
Not implemented: 19. 

Source: GAO analysis of agency data as reported in GAO-14-413. 

[End of table] 

The inadequate implementation of leading practices in software license 
management was partially due to weaknesses in agencies' policies. The 
result was an inability to analyze software license data to more cost-
effectively buy and maintain software licenses, and ascertain the 
software applications most widely used across the federal government. 
Consequently, while some agencies were able to identify millions in 
savings for software through ad hoc processes, there was the potential 
for even greater savings and additional opportunities to reduce 
software license spending and duplication than what agencies had 
reported. Until OMB and the agencies focus on improving policies and 
processes, they will not have the data to manage software licenses and 
will likely continue to miss opportunities to reduce costs. 

As such, we recommended that the Director of OMB issue a directive to 
the agencies on developing comprehensive software licensing policies 
comprised of the seven elements identified in that report.[Footnote 6] 
We also made 135 recommendations to the 24 agencies in our review to 
improve their policies and practices for managing software licenses 
including implementing the comprehensive policies and the leading 
practices identified in table 1. 

In commenting on our report, OMB disagreed with our recommendation to 
issue a directive and of the 24 agencies that we made specific 
recommendations to, 11 agreed, 5 partially agreed, 2 neither agreed 
nor disagreed, and 6 had no comments. Table 2 summarizes the 24 
agencies' responses to recommendations made in our May 2014 report. 

Table 2: Summary of Agency Response to Recommendations: 

Recommendation concurrence: Agreed; 
Agency: Departments of Agriculture, Education, Homeland Security, 
Justice, State, Veterans Affairs; General Services Administration, 
Office of Personnel Management, Social Security Administration, 
Nuclear Regulatory Commission, U.S. Agency for International 
Development. 

Recommendation concurrence: Partially agreed; 
Agency: Departments of Commerce, Defense, the Interior; Environmental 
Protection Agency, National Aeronautics and Space Administration. 

Recommendation concurrence: Neither agreed nor disagreed; 
Agency: Departments of Energy, Health and Human Services. 

Recommendation concurrence: No comments; 
Agency: Departments of Housing and Urban Development, Labor, 
Transportation, the Treasury; National Science Foundation, and Small 
Business Administration. 

Source: GAO analysis of agency data as reported in GAO-14-413. 

[End of table] 

Most Agencies Have Reported Planned Actions to Address our Prior 
Recommendations on Software License Management: 

As of August 2014, the majority of agencies that have provided 
information reported that they plan to address most of the 
recommendations we made to them. Specifically, 21 agencies plan to 
fully address all recommendations. Three agencies have reported that 
they plan to address most recommendations, but not all, primarily, 
because they partially disagreed with the report's prior findings or 
did not provide information on their efforts to implement the 
recommendations made. Finally, OMB does not have plans yet to address 
the recommendation we made to it. Of the 136 recommendations made, 
agencies have planned actions for 129 recommendations, no actions 
planned for 6 and the status is unknown for 1. Figure 1 illustrates 
the information of agencies' reported planned actions to implement 
prior recommendations on managing software licenses. 

Figure 1: Summary of Agencies' Reported Planned Actions on Prior 
Recommendations: 

[Refer to PDF for image: illustrated horizontal bar graph] 

Agencies with planned actions for all Recommendations: 

Agency:	Department of Agriculture; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Department of Commerce; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Department of Defense; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Department of Education; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Department of Health and Human Services; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Department of the Interior; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Department of Justice; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Department of State; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Department of Transportation; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Department of the Treasury; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Department of Veterans Affairs; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	National Aeronautics and Space Administration; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Nuclear Regulatory Commission; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Office of Personnel Management; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Small Business Administration; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 6 planned. 

Agency:	Department of Homeland Security; 
Number of recommendations: 5; 
Agency reported actions on recommendation: 5 planned. 

Agency:	General Services Administration; 
Number of recommendations: 5; 
Agency reported actions on recommendation: 5 planned. 

Agency:	U.S. Agency for International Development; 
Number of recommendations: 5; 
Agency reported actions on recommendation: 5 planned. 

Agency:	Department of Labor; 
Number of recommendations: 4; 
Agency reported actions on recommendation: 4 planned. 

Agency:	Department of Housing and Urban Development; 
Number of recommendations: 4; 
Agency reported actions on recommendation: 4 planned. 

Agency:	National Science Foundation; 
Number of recommendations: 4; 
Agency reported actions on recommendation: 4 planned. 

Agencies with planned actions for some, but not all recommendations: 

Environmental Protection Agency; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 2 no action planned, 5 
planned. 

Social Security Administration; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 1 unknown, 5 planned. 

Department of Energy; 
Number of recommendations: 6; 
Agency reported actions on recommendation: 2 planned, 4 no action 
planned. 

Agency with no planned action: 

Office of Management and Budget; 
Number of recommendations: 1; 
Agency reported actions on recommendation: no action planned. 

Totals: 
Total recommendations: 136; 
Planned actions: 129; 
No action planned: 6; 
Unknown status: 1. 

Source: GAO analysis of agency reported data. GAO-14-835R. 

[End of figure] 

As shown in the graphic, 21 of the 25 agencies' reported planned 
actions for all of the recommendations made. For example, 

* The Department of Education stated that in response to the weakness 
we identified, the Office of the Chief Information Officer (CIO) 
developed a department-wide directive that establishes guidelines for 
software acquisition and management, and places central control for 
software license management within the Office of the CIO. The 
directive is in the final stages of review and is expected to be 
approved by September 2014. 

* The General Services Administration stated that the CIO has 
established a vendor management office to improve its IT, including 
the establishment of policies and processes for management of all 
enterprise software licenses. The agency also reported it has 
developed a baseline inventory of all IT contracts based on fiscal 
year 2013 that is being updated and validated to reflect fiscal year 
2014 IT contracts. The agency further stated that the asset tracking 
of all existing licenses will be implemented on a quarterly basis. 
Additionally, the enterprise license repository will be published and 
marketed across the agency to foster better reutilization. 

* The Department of Justice stated that it plans to contact the 
agencies we rated as having comprehensive software management policies 
and having well-defined centralized software license management 
processes to assist the agency in implementing the leading practices 
we identified. By the second quarter of fiscal year 2015, the 
department plans to conduct a survey to identify additional software 
licenses that should be centrally managed across the department. 
Additionally, during fiscal year 2016, it plans to acquire, configure, 
and implement an automated software license management solution to 
include all enterprise-wide licenses. This solution is intended to 
also identify the top ten most widely used software licenses across 
the department. 

* The Department of Veterans Affairs reported a comprehensive draft 
enterprise software license management policy is currently going 
through a review processes and as of July 2014, is on track to be 
finalized within 120 days. Also, the department stated that it is 
currently implementing a structured approach to economic evaluation 
and requirements validation for the majority of software enterprise 
license agreements. 

* The National Science Foundation stated that by October 2015, it 
plans to (1) develop an agency-wide policy addressing the management 
of software licenses, (2) regularly track and maintain a comprehensive 
inventory of agency software licenses using automated tools and 
metrics, (3) analyze agency-wide software license data and identify 
opportunities to reduce costs and better inform investment decision-
making, and (4) provide software license management training to 
appropriate agency personnel. 

* The Small Business Administration stated that it will create and 
maintain a centralized document repository relating to purchases of 
software, including license agreements, cost, and expiration dates, 
among other things. Additionally, the agency stated it will implement 
an annual review of software that is uninstalled, unused, or redundant 
to reduce licensing costs and improve functionality across the 
enterprise. 

Three of the 25 agencies reported mixed results on their efforts to 
address our recommendations. For example, the Environmental Protection 
Agency stated that it plans to begin assessing its existing automated 
tools, governance structures, and other federal agencies processes and 
policies in its efforts to begin developing a comprehensive software 
license management program. However, no additional actions are planned 
to provide software license management training to appropriate agency 
personnel. 

Finally, OMB continues to disagree with our recommendation to issue a 
directive to help guide how agencies manage their software licenses. 
In June 2014, an official from OMB's Office of E-Government and 
Information Technology stated that OMB does not have plans to issue 
guidance and therefore has no plans yet to address this 
recommendation. As previously reported, until the agencies have 
sufficient direction from OMB, opportunities to systematically 
identify software license related cost savings across the federal 
government will likely continue to be missed. 

Agency Comments and Our Evaluation: 

In e-mail comments on a draft of this report, an official from OMB's 
Office of General Counsel stated that OMB has not changed their 
position on our recommendation, but we believe the directive is 
needed, as previously discussed in the report. Additionally, to verify 
accuracy, we provided agency-specific information from a draft of this 
report to each of the 24 Chief Financial Officers Act agencies. Twenty 
of the 24 agencies responded via email that the information was 
accurate or provided additional information, which we incorporated, as 
appropriate. The other 4 agencies--Department of Agriculture, National 
Aeronautics and Space Administration, Office of Personnel Management, 
and U.S. Agency for International Development--did not respond to our 
request. 

We are sending copies of this report to interested congressional 
committees. We will also send copies to the Secretaries of the 
Departments of Agriculture, Commerce, Defense, Education, Energy, 
Health and Human Services, Homeland Security, Housing and Urban 
Development, the Interior, Labor, State, Transportation, the Treasury, 
and Veterans Affairs; the Attorney General; the Administrator of the 
Environmental Protection Agency; the Administrator of the General 
Services Administration; the Administrator of the National Aeronautics 
and Space Administration; the Director of the National Science 
Foundation; the Chairman of the Nuclear Regulatory Commission; the 
Director of the Office of Management and Budget; the Director of the 
Office of Personnel Management; the Administrator of the Small 
Business Administration; the Commissioner of the Social Security 
Administration; and the Administrator of the U.S. Agency for 
International Development; and other interested parties. In addition, 
this report will be available at no charge on the GAO web site at 
[hyperlink, http://www.gao.gov]. 

If you or your staff has any questions about this report, please 
contact me at (202) 512-4456 or ChaC@gao.gov. Contact points for our 
Offices of Congressional Relations and Public Affairs may be found on 
the last page of this report. Key contributors to this report were 
Eric Winter, Assistant Director, and Eric Costello, Rebecca Eyler, and 
Niti Tandon. 

Sincerely yours, 

Signed by: 

Carol R. Cha: 
Director, Information Technology Acquisition Management Issues: 

[End of section] 

Footnotes: 

[1] GAO, Federal Software Licenses: Better Management Needed to 
Achieve Significant Savings Government-Wide, [hyperlink, 
http://www.gao.gov/products/GAO-14-413] (Washington, D.C.: May 22, 
2014). 

[2] The 24 major federal agencies covered by the Chief Financial 
Officers Act of 1990 are the Departments of Agriculture, Commerce, 
Defense, Education, Energy, Health and Human Services, Homeland 
Security, Housing and Urban Development, the Interior, Justice, Labor, 
State, Transportation, the Treasury, and Veterans Affairs; 
Environmental Protection Agency; General Services Administration; 
National Aeronautics and Space Administration; National Science 
Foundation; Nuclear Regulatory Commission; Office of Personnel 
Management; Small Business Administration; Social Security 
Administration; and U.S. Agency for International Development. 

[3] 31 U.S.C. §720 requires federal agencies to submit to specified 
congressional committees a written statement of actions taken on our 
recommendations. 

[4] According to the Information Technology Infrastructure Library's 
Guide to Software Asset Management, software licenses are legal rights 
to use software in accordance with terms and conditions specified by 
the software copyright owner. 

[5] We identified five leading practices for software license 
management by interviewing six recognized software license management 
experts from the private and federal sectors and then comparing and 
synthesizing the practices that were identified. 

[6] The seven elements that a comprehensive software license policy 
should specify are (1) identify clear roles, responsibilities, and 
central oversight authority within the department for managing 
enterprise software license agreements and commercial software 
licenses; (2) establish a comprehensive inventory (80 percent of 
software license spending and/or enterprise licenses in the 
department) by identifying and collecting information about software 
license agreements using automated discovery and inventory tools; (3) 
regularly track and maintain software licenses to assist the agency in 
implementing decisions throughout the software license management life 
cycle; (4) analyze software usage and other data to make cost-
effective decisions; (5) provide training relevant to software license 
management; (6) establish goals and objectives of the software license 
management program; and (7) consider the software license management 
life-cycle phases (i.e., requisition, reception, deployment and 
maintenance, retirement, and disposal phases) to implement effective 
decision making. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation, and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the 
performance and accountability of the federal government for the 
American people. GAO examines the use of public funds; evaluates 
federal programs and policies; and provides analyses, recommendations, 
and other assistance to help Congress make informed oversight, policy, 
and funding decisions. GAO's commitment to good government is 
reflected in its core values of accountability, integrity, and 
reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's website [hyperlink, http://www.gao.gov]. Each 
weekday afternoon, GAO posts on its website newly released reports, 
testimony, and correspondence. To have GAO e-mail you a list of newly 
posted products, go to [hyperlink, http://www.gao.gov] and select 
"E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO's actual cost of 
production and distribution and depends on the number of pages in the 
publication and whether the publication is printed in color or black 
and white. Pricing and ordering information is posted on GAO's 
website, [hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or 
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card, 
MasterCard, Visa, check, or money order. Call for additional 
information. 

Connect with GAO: 

Connect with GAO on facebook, flickr, twitter, and YouTube.
Subscribe to our RSS Feeds or E mail Updates. Listen to our Podcasts.
Visit GAO on the web at [hyperlink, http://www.gao.gov]. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 
Website: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]; 
E-mail: fraudnet@gao.gov; 
Automated answering system: (800) 424-5454 or (202) 512-7470. 

Congressional Relations: 

Katherine Siggerud, Managing Director, siggerudk@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, DC 20548. 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, DC 20548. 

[End of document]