Despite common perception, compliance is only a small part of SAM, however it is also the most talked about. Vendor audits and compliance reviews do happen, and it is not a question of if, but when. If the compliance risk is not known, then it’s a risk. Very few organizations are compliant, but many don’t know what that risk looks like and even fewer report the risk any further than the IT department. The ultimate responsibility for software compliance falls to the CEO. Regardless of the size of the organization, SAM needs to be a consideration for the highest levels of the business.