The Bank of the Philippine Islands (BPI) provides its more than 3 million depositors with consumer and corporate banking services. In 2005, as an initial step in defining a standard operating environment, BPI worked with Microsoft® Services consultants and Microsoft partner Ports & Packets to inventory its software and to profile its computer users. Results revealed that different BPI departments used a variety of purchasing procedures, which contributed to a mixed IT environment and made tracking software and licenses difficult. In response, Microsoft and Ports & Packets helped BPI develop a comprehensive Software Asset Management (SAM) program. Still a work in progress, SAM is already improving IT security and efficiency and reducing costs through centralized volume purchasing. BPI also expects to cut costs through ongoing improvements in IT performance, reliability, and manageability.
Founded in 1851, the Bank of the Philippine Islands (BPI) was the first private commercial bank in the Philippines and Southeast Asia. It provides consumer, trust, and corporate banking services to more than 3 million depositors through its 700 branch offices. International publications and ratings agencies have consistently cited BPI for maintaining above-average profitability, sufficient liquid capital and assets, a low-cost funding base, and a manageable number of non-performing loans, compared to other banks operating in its regional marketplace.
||With volume licensing, which is part of our SAM program, we can transfer software license assets to different employees as needed. We believe this kind of flexibility will be an ongoing financial benefit.
IT and SAM Manager
Bank of the Philippine Islands
Over the years, BPI has expanded operations partly by acquiring smaller banks and other financial services companies. Prior to their acquisition, these businesses operated a variety of computer systems and software and followed very different and independent procedures for purchasing and tracking IT assets. As a result, the IT infrastructure of BPI consisted of many dissimilar and sometimes incompatible components.
In mid-2005, BPI executives, led by the Chief Information Officer (CIO) and Senior Vice President Manuel C. Tagaza, and Chief Risk Officer (CRO) and Senior Vice President Cesareo A. de Leon III, determined that the company should define a standard operating environment. They also wanted to centralize the purchasing and monitoring of IT software assets to support risk and security compliance and an overall corporate governance initiative. These changes would help improve the bank’s IT infrastructure, which in turn would help internal business groups respond better to the growing requirements of their customers.
With an invitation from BPI, Microsoft® Services consultants worked with the bank for several weeks to understand its business needs and processes. Microsoft Services is the consulting, technical support, and customer service arm of the world’s leading software company. An important early step in assessing the bank’s situation was to conduct an inventory of current IT systems and software. “The BPI IT department did not have consolidated visibility into what software license assets the bank, its subsidiaries, and affiliates actually owned,” explains Rolly Mariano, a Solution Specialist at Microsoft Philippines. “Different departments ordered a variety of software through multiple resellers and kept their own records. There was neither standardization in the software applications used nor in the manner that they were requisitioned, purchased, deployed, and tracked.”
In October 2005, BPI and Microsoft invited Microsoft partner Ports & Packets to assist in the software portion of the IT inventory. Based in Makati City, Philippines, Ports & Packets is an IT consulting and training services firm that specializes in helping companies deploy and manage Microsoft technology.
The workstations in many BPI branch offices were not controlled by a centralized IT department, so the inventory could not be conducted remotely. Instead, over a one-month period, a team of department representatives, consultants, and technicians from BPI and Microsoft Large Account Reseller (LAR) Nexus Technologies manually inspected hundreds of computers in the bank’s four largest offices. Specifically, on each computer, Ports & Packets ran SAMLite, a software tool that helps IT administrators track, manage, and report on software usage. Additionally, Ports & Packets together with BPI, Nexus, and Microsoft, conducted surveys, interviewing BPI employees to identify critical tasks and business processes and to compile a list of the software titles that employees used (or wanted to use) in their day-to-day work.
After analyzing the results of the interviews, surveys, and the data from the SAMLite tool, Microsoft and Ports & Packets submitted a consolidated report to BPI. The report identified the several productivity software applications used by employees in specific roles, how employees used their software, and the purchasing and record-keeping practices of different departments. The report noted productivity tools were not standardized and that inconsistencies existed between the distribution of software titles and their associated licenses on record. BPI managers were concerned that the lack of centralized monitoring and control of software assets conflicted with the bank’s existing usage policies and corporate governance directives.
Before proceeding with any broad plan to upgrade its IT infrastructure, BPI first wanted expert advice and guidance on how to better manage its software assets.
Over the next two weeks, Ports & Packets and Microsoft consultants worked with BPI to develop a comprehensive Software Asset Management (SAM) program. “BPI already had policies in support of a SAM program,” says Jay Paloma, Managing Consultant at Ports & Packets. “The bank just needed a more structured approach to software purchase requisitioning and approval, distribution, deployment, and asset monitoring.”
Specifically, Ports & Packets and Microsoft recommended the following actions as part of a robust SAM program:
- Educate and involve department heads and senior managers across the organization on the importance and value of having a standard operating environment and supporting a corporate-wide SAM program.
- Update and clarify written policies for software usage, distribution, and compliance.
- Authorize the appropriate departments and personnel to reinforce SAM policies and practices.
- Appoint a SAM manager or designate an expert to oversee and administer the SAM program.
- Centralize the bank’s software purchasing authority, making only one department responsible for all software licensing acquisition and distribution.
- Standardize client computer operating systems and applications enterprisewide.
- Enter into a Microsoft Enterprise Agreement (EA) to simplify license acquisition for all Microsoft applications and operating systems.
- Enroll in the Microsoft Software Assurance (SA) maintenance program to qualify for a variety of additional benefits including new software version rights, split payment options, additional training, and expanded support.
Although the role of Ports & Packets was only to examine and report on client computers, the company provided additional recommendations regarding the bank’s IT infrastructure, including standardizing on the Windows Server® 2003 operating system and implementing a centralized corporate IT network. When client computers are running on the Windows® XP operating system, the Active Directory® service in Windows Server supports SAM by providing a central location for managing and securing user accounts, computers, and applications. Group Policy further enhances the security of an Active Directory environment because IT staff can use it to manage users and computers in a convenient hierarchical manner.
Putting SAM to Work
BPI executives enthusiastically embraced the new initiative, and the company began right away to lay the policy foundations and administrative infrastructure to support the SAM program. The CIO and CRO issued a series of memos educating department heads on procedures to comply with BPI policies on software licensing. BPI President Aurelio R. Montinola III also gave final approval to an EA with Microsoft that covered critical Microsoft software, including the Microsoft Office System. And Microsoft and Ports & Packets provided the initial templates for formalizing SAM regulations and procedures around software requisitioning, approval, and deployment.
Next, BPI formalized the process for approving software requests and gave the Information Systems Group (ISG, the internal name of the IT department) sole responsibility for making software purchases. Now, all other departments place their orders through ISG, and this department tracks where and by whom the software is used.
ISG installs all software using its own support personnel or remote tools. The IT department also regulates the usage of installation media and licenses, offering enhanced administrative control compared to the previous practice of allowing other departments to do these tasks themselves. A BPI IT manager, Joselito R. Mariano, now also serves as SAM manager and the internal expert to contact when SAM issues arise.
While the recommended changes to the IT infrastructure will require considerable planning before they can be deployed, the administrative components of the new SAM program are well underway and are already offering several key benefits. By making its IT department the centralized software purchasing and installation authority, the bank now has better visibility into and control over its IT systems and applications. This practice also minimizes risk, improves IT efficiency, reduces operational costs, and strengthens security. Plus, the split-payment option of the EA volume licensing program has opened savings opportunities through volume discounts and simplified licensing.
Lower Operational Costs and Enhanced Security
In the past, other departments or even individual employees could purchase and install software without guidance from ISG. This practice introduced unnecessary risk and complexity into the IT
||With SAM and our EA, we will be able to establish a standard operating environment—a set of specifications for our computer hardware, operating systems, security and risk management, and application software.
IT and SAM Manager
Bank of the Philippine Islands
environment. Now, as part of the SAM program, the IT department not only purchases but also installs all software itself, so it can ensure that only approved applications are used and that they are configured correctly and more securely.
“With SAM and our EA, we will be able to establish a standard operating environment—a set of specifications for our computer hardware, operating systems, security and risk management, and application software,” says Joselito R. Mariano, IT and SAM Manager at BPI. “Our SAM program further minimizes operational and deployment risks by supporting higher levels of security through configuration policy enforcement, advanced Windows security features, and best practice security-threat modeling and patching.”
Many of the practices that enhance security will also help BPI lower its operating costs and improve customer service. “We expect SAM to improve IT operational productivity and efficiency in three ways,” adds Mariano. “First, using standardized software reduces deployment and support costs. Second, we are adopting better platform management technologies and processes. And third, the software we’re choosing supports a highly flexible and interoperable operating environment. We also expect our SAM program to improve customer satisfaction through optimal performance, reliability, availability, and scalability of our production systems.”
Minimized Risk and Better Corporate Governance
BPI takes pride in running its business according to high standards. This includes managing risks and governing itself with policies and procedures that instill confidence in customers, business partners, and investors. SAM contributes to these goals by giving the bank visibility into and better control over its IT systems. SAM also helps ensure that these systems run only software that complies with all legal, policy, and quality standards. “Having an Enterprise Agreement with Microsoft has significantly reduced the administration effort that is required to show compliance on enrolled enterprise products, thereby mitigating the associated legal risk,” says Mariano. “SAM helps us comply with industry governance standards through IT policy enforcement and better auditing and reporting capabilities.”
Larger Discounts and More Efficient Purchasing
Before implementing the SAM program, multiple BPI departments ordered software in small quantities at irregular intervals from several vendors. Now, by consolidating the purchases of all departments into one, the bank benefits from procurement efficiencies. As a result, software orders can be filled by a single Microsoft Large Account Reseller (LAR), so BPI qualifies for the benefits that LARs can provide. “Through our EA, the bank realizes higher discount levels and significant savings, compared to individual or departmental purchases,” says Mariano. “Plus, an individual’s purchase would not be covered by free upgrades and training. With volume licensing, which is part of our SAM program, we can transfer software license assets to different employees as needed. We believe this kind of flexibility will be an ongoing financial benefit.”
In addition to saving money, the IT department’s centralized purchasing authority helps to better plan and manage software expenditures. “ISG facilitates the process of purchasing,” adds Mariano. “Each department still owns the budget for its software, but now it can take advantage of amortized payments that can be incorporated into yearly budgets.”
To further enhance the value of its purchases, BPI joined the Microsoft Software Assurance maintenance program. With the program’s added benefits, BPI can use its Microsoft software more effectively. Some of the benefits are:
- Eligibility to use new releases of Microsoft software as soon as they become available.
- Flexible payment options.
- Access to planning and solution services.
- Additional training through vouchers and e-learning programs.
- Expanded technical support.
- Enterprise licensing options.
“With Software Assurance, BPI is entitled to an upgrade of any upcoming version releases,” says Mariano. “Especially for the Microsoft Office suites and Windows operating system, that means no additional cost for the duration of the contract. That’s a great value proposition for our organization.”
Increased Employee Productivity
During the SAM inventory, in most cases employees reported that they are or prefer using Microsoft Office programs instead of other programs that the bank had previously installed. Now, with an EA that includes the Microsoft Office System, BPI has a cost-effective way to provide its employees with the productivity software that helps them get their jobs done more efficiently. “After implementing the SAM program, we saw an increase in requests for Microsoft Office licenses from the different departments,” says Mariano. “Based on feedback from these departments, our preference now is to use Microsoft Office suites over other software for word processing, spreadsheets, and presentations.” BPI has also decided to standardize on Microsoft Office Project Standard 2003 for project management and on Microsoft Office Visio® Standard 2003 drawing and diagramming software. “Microsoft Office programs have better usability features and make it easier for us to communicate with other parties, including regulatory institutions and BPI customers who are already standardized on Microsoft Office System applications.”
Stronger Foundation for IT Operations
As the SAM program matures, and particularly after upgrading the IT infrastructure, BPI will be able to lock down client computers with robust security policies and to distribute and configure software remotely. Specifically, the bank is evaluating Windows Vista™ under the Microsoft Technical Adoption Program for Rapid Deployment. Together with Active Directory, Windows Vista will support the bank’s efforts to make the bank’s IT environment more secure. BPI is also looking at using Microsoft SharePoint® Products and Technologies to provide an IT asset accountability tracking system that will enable more employees to participate in the bank’s SAM program through a convenient Web-based interface.
For BPI, Software Asset Management is not just a static stand-alone program, nor is it a set of add-on IT tasks. Instead, it is an integral part of an overall strategy of corporate governance—mitigating risks, ensuring secure operations, and simplifying and streamlining IT administration. “The future direction of the bank is to use Active Directory and Group Policy in managing users and enforcing SAM policies,” says Mariano. “This work has already begun, and BPI expects to gain IT operational productivity and efficiency by following this strategy.”
For More Information
For more information about Microsoft products and services, call the Microsoft Sales Information Center at (800) 426-9400. In Canada, call the Microsoft Canada Information Centre at (877) 568-2495. Customers who are deaf or hard-of-hearing can reach Microsoft text telephone (TTY/TDD) services at (800) 892-5234 in the United States or (905) 568-9641 in Canada. Outside the 50 United States and Canada, please contact your local Microsoft subsidiary. To access information using the World Wide Web, go to:
For more information about Ports & Packets products and services, call (63) (2) 892-8478 (Philippines) or visit the Web site at:
For more information about Bank of the Philippine Islands products and services, call (63) (2) 89-10000 (Philippines) or visit the Web site at:
Microsoft Software Asset Management
Software Asset Management (SAM) is a process to help your company optimize your technology investments. The benefits of SAM are real and widespread. Knowing what you have, acquiring only what you need, and using your software assets effectively at every stage of their life cycle are strategic business practices that businesses of all sizes should employ to realize benefits. These benefits include cost savings, enhanced security, enhanced employee productivity and satisfaction, and more.
For additional information, including free tools and resources, visit:
This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Document published November 2006