VA Software Inventory: The Foundation for AI-Ready Gov

AI in Government & Public Sector••By 3L3C

VA’s push for a software inventory isn’t just cost control—it’s AI readiness. See what public sector leaders can copy to cut waste and strengthen governance.

Veterans AffairsSoftware Asset ManagementFederal ITAI GovernanceSaaS ManagementIT Procurement
Share:

Featured image for VA Software Inventory: The Foundation for AI-Ready Gov

VA Software Inventory: The Foundation for AI-Ready Gov

VA’s software bill is roughly $1 billion a year—and lawmakers are now saying the quiet part out loud: you can’t manage (or secure, or modernize) what you can’t fully see.

That’s why a new House proposal aimed at the Department of Veterans Affairs’ software asset management is more than a budgeting story. It’s a signal of where federal tech governance is heading next: inventory first, optimization second, AI-enabled modernization third. If your agency is trying to scale AI in government services while your software environment is a patchwork of overlapping tools and unclear entitlements, you’re building on sand.

I’ve seen this pattern across the public sector: leaders want faster digital delivery, better citizen experiences, and practical AI in the workflow. But when software licensing, contracts, and usage data are fragmented, every AI initiative inherits the mess—cost, risk, and delays included.

The real story: software management is AI readiness

Software governance is the prerequisite for trustworthy AI in government. The proposed VA reforms—departmentwide inventory, removing duplicative tools, CIO-coordinated major acquisitions, cost-effective licensing, and annual reporting—aren’t glamorous. They’re operational. And they’re exactly what serious AI programs require.

Here’s the cause-and-effect that many agencies learn the hard way:

  • No reliable software inventory → unclear data flows and unmanaged access paths
  • Overlapping SaaS tools → inconsistent records, duplicate data, and policy confusion
  • Unknown license usage → spending you can’t defend and systems you can’t rationalize
  • Weak procurement controls → AI pilots multiply tools instead of improving outcomes

When a department is trying to introduce AI assistants, automate claims processing, or apply analytics for fraud detection, every model and workflow depends on clean integration points and predictable system ownership. That’s impossible if the software ecosystem is opaque.

The VA’s situation has been publicly described as serious enough that tens of millions of dollars in license usage and quantities were reportedly “unknown” earlier this year, even as the department later stated it had achieved “100% visibility” into its software license inventory—covering 4,433 commercial off-the-shelf products and 224 SaaS offerings.

Whether visibility is truly end-to-end or still uneven in pockets, the direction is clear: Congress wants repeatable governance rather than one-time cleanups.

What the proposed VA changes actually do (and why they matter)

The proposal targets the biggest failure mode in public sector IT: decentralized purchasing without centralized accountability. Agencies often end up with dozens of teams buying similar tools for collaboration, analytics, ticketing, identity, or document management—each with different contract terms and security configurations.

The bill’s key mechanisms—translated into operational impact—look like this:

Departmentwide software inventory

A departmentwide inventory creates a single source of truth: what you own, who uses it, what it costs, and what risk it carries.

Done well, a software inventory also becomes a map of your digital operations. It identifies where key processes live (case management, call centers, scheduling, benefits delivery), where sensitive data is stored, and where third parties touch core systems.

Removing duplicative or inefficient services

This isn’t just cost savings. Duplication is a major driver of:

  • inconsistent user experiences across offices
  • fragmented data governance
  • uneven cybersecurity posture
  • brittle integrations

Cutting duplicates makes modernization easier because you’re not trying to integrate AI into five overlapping tools that do 80% of the same thing.

CIO-coordinated “major software acquisitions”

Centralizing major acquisitions under the CIO is a governance decision: it pushes the organization toward shared platforms, fewer exceptions, and enforceable standards.

It’s also one of the cleanest ways to reduce “pilot sprawl,” where innovation funds unintentionally create long-term operational debt.

Enterprise licensing strategies

Enterprise agreements can reduce unit costs, but the bigger win is control:

  • consistent contract language
  • standardized security requirements
  • better telemetry and usage reporting
  • fewer surprise renewals

Enterprise licensing only pays off when paired with real usage management—otherwise it becomes a larger, more expensive bundle of underused tools.

Annual training and annual reporting

Training and reporting are the guardrails that keep asset management from becoming a one-off compliance exercise.

Annual reporting also changes incentives. When leaders know they’ll be measured on progress, you see more serious attention to renewals, rationalization, and lifecycle ownership.

Snippet-worthy truth: Software asset management is where budgeting discipline, cybersecurity, and AI governance meet.

Why agencies keep losing track of software (and how to stop it)

Most agencies don’t have a “software problem.” They have an operating model problem. Software sprawl is usually the predictable result of three structural issues:

1) Procurement and IT operations aren’t sharing the same facts

Contract data lives in one system. Identity and access data lives in another. Usage telemetry might be in a vendor portal no one checks. Security assessments live in a spreadsheet. Nobody has the full picture.

Fix: establish a minimum viable “license truth set” across finance, procurement, CIO, and CISO:

  • product name and vendor
  • contract vehicle and renewal date
  • license metric (seat, consumption, enterprise)
  • assigned users / groups
  • actual usage
  • system owner (human, not a mailbox)

2) SaaS makes it easy to buy—and hard to govern

SaaS accelerates adoption, but it also accelerates fragmentation. Teams can solve local problems quickly, then leave the organization with:

  • multiple tools doing the same job
  • unplanned data duplication
  • inconsistent retention policies
  • unclear export and portability rights

Fix: create a lightweight intake for new SaaS purchases that answers one question: Is there already an approved tool for this outcome? If yes, default to reuse.

3) No one “owns” the lifecycle

If your agency can’t name a responsible owner for each major software platform, you’ll never consistently control renewals, configurations, and integrations.

Fix: assign product owners and require an annual lifecycle review:

  • keep and optimize
  • consolidate
  • retire
  • replace

Where AI fits: from inventory to smarter decisions

AI can dramatically improve software management—but only after the basics exist. The VA focus on inventory and oversight is the part many organizations want to skip. They shouldn’t.

Once you have reliable inventory data, AI becomes practical in ways that directly support waste reduction and governance modernization.

AI use case #1: license optimization and anomaly detection

If you can combine identity data (who has access) with usage data (who actually uses the tool), you can flag:

  • inactive accounts that still hold paid seats
  • unusually high consumption patterns
  • duplicate entitlements across overlapping tools

This is the kind of automation that yields savings without breaking mission delivery.

AI use case #2: contract intelligence at scale

Large agencies manage hundreds or thousands of software-related contract actions.

AI-supported review can help teams extract structured terms from contract language—renewal windows, audit clauses, data rights, security obligations—then compare them across vendors. That’s not a replacement for lawyers or contracting officers. It’s a way to stop humans from doing repetitive extraction work.

AI use case #3: cybersecurity risk prioritization

Security teams are overloaded. A strong inventory lets you connect software assets to:

  • business criticality
  • exposure (internet-facing, integrated, privileged)
  • vulnerability and patch status
  • vendor risk indicators

AI can then help triage what to fix first based on mission impact, not just technical severity.

AI use case #4: rationalization recommendations that people can act on

Tool rationalization fails when recommendations are abstract.

With solid inventory and usage signals, AI can produce actionable outputs:

  • “These three tools overlap in document workflows; consolidate to the approved platform.”
  • “This product is used by 14 people across two offices; move to pay-per-use or retire.”
  • “This contract renews in 90 days; usage is down 38% quarter-over-quarter; renegotiate tier.”

These are governance decisions, not science projects.

A practical blueprint: what to do in the next 90 days

You don’t need a multi-year program to get traction. Agencies that make fast progress treat software management like a product, not a spreadsheet.

Step 1: build the “audit-ready” inventory baseline

Minimum bar:

  1. top 25 software vendors by annual spend
  2. all major enterprise platforms (identity, endpoint, collaboration, ITSM, analytics)
  3. every SaaS app with sensitive data access

If you can’t cover everything quickly, cover what matters most.

Step 2: pick three measurable outcomes (not ten)

Good outcome examples:

  • reduce paid-but-unused licenses by 15% in two quarters
  • consolidate to one approved tool in a high-duplication category (e.g., e-sign, survey tools)
  • cut renewal “surprises” to near zero with a 120-day renewal calendar

Step 3: formalize who approves what

Define thresholds:

  • what offices can buy independently
  • what requires CIO review
  • what requires CISO sign-off

Then enforce it consistently. Exceptions are fine. Untracked exceptions aren’t.

Step 4: connect software governance to AI governance

If your agency has an AI governance board (or is forming one), put software asset management on the agenda. Here’s why: AI systems depend on secure platforms, clear data ownership, and predictable tooling.

If software sprawl continues, AI sprawl follows.

What this signals for public sector leaders in 2026

Congressional attention to software waste is rising because budgets are tight and cyber risk is high. Going into 2026, agencies are under pressure to show they can modernize responsibly—especially as AI in government moves from pilot programs to scaled services.

The VA proposal is a useful marker for every CIO, CISO, and acquisition leader: future modernization conversations won’t start with models or chatbots. They’ll start with the basics—inventory, contracts, identity, and governance.

If you’re building smarter services for citizens and veterans, software management isn’t “overhead.” It’s how you create room—financially and operationally—for the work that actually improves outcomes.

What would change in your agency if, by this time next year, every major software renewal came with verified usage, clear ownership, and an AI-ready security posture?