The Department of Veterans Affairs (VA) recently launched a program that it hopes will help improve its management of software licenses – an issue that has drawn recent scrutiny from the Government Accountability Office (GAO).
The VA Office of Information and Technology (OIT) established the Enterprise Software Asset Management (SAM) program last year in response to a January 2024 GAO report. The report revealed that many agencies – including VA – need better data on software licenses to maximize cost savings and not over-purchase licenses.
During a hearing on Monday afternoon before the House VA Subcommittee on Technology Modernization, one VA official explained how the SAM program is helping OIT to identify existing capability gaps in software asset visibility.
“The SAM program is building a centralized software repository to streamline software management and stakeholder communication,” Jeff VanBemmel, the executive director of end user operations within VA OIT, told lawmakers.
“OIT is also working to automate tasks within the SAM lifecycle framework where feasible and leveraging existing tools and systems for efficient implementation, integration, and reporting,” VanBemmel said.
This approach allows the VA to plan for future software needs and properly dispose of outdated software, according to VanBemmel. He also noted that the program has realized “significant software license cost avoidance across its top 15 most widely used titles.”
“OIT is also establishing ways to measure the effectiveness of the SAM program, including capturing our cost savings, assessing compliance rates, utilization efficiency, and resolving audit findings,” VanBemmel said.
The VA official also said that OIT is issuing guidance for all relevant staff to help train them on SAM processes and policy compliance.
In addition to addressing the January 2024 GAO report recommendations, GAO is also waiting on the VA to take action to address a similar November 2024 report. The November report highlighted restrictive software licensing practices that adversely impact agencies’ cloud computing efforts, including those at VA.
“VA officials reported that the restrictive licensing practices generally impacted the cost of cloud computing and the choice of cloud service provider,” Carol Harris, a director of information technology and cybersecurity at GAO, told lawmakers.
“However, the department had not established guidance for effectively managing the impacts from these restrictive licensing practices. Further, VA had not assigned responsibility for managing such practices,” Harris said.
GAO made recommendations to address these gaps, and the VA concurred with those.
For both the January and November reports, Harris said GAO is still waiting on some information from the VA as to how it will implement GAO’s recommendations.
“But, you know, to Mr. VanBemmel’s point, I think he did a really good job of laying down the groundwork for the culture at VA of the decentralization of these software licenses,” Harris said. “So now, this movement to centralize is a very positive step that’s essential to effective software license management.”
“All the key things that they’re doing all sound good. We’re going to have more dialogue with VA and verify those activities and then come back to [Congress] with what we think that looks like,” she explained.
Nevertheless, Harris stressed the criticality of the VA implementing GAO’s recommendations “as soon as possible.”
“Doing so will present VA with opportunities to reduce costs on duplicate or unnecessary licenses and also take action to mitigate the impact of restricted licensing practices,” she said. “The cost savings potential is tremendous.”