In IT operations you are exposed to risks in many ways and need to manage them wisely.
In project management world risks are typically categorized into 3 domains: Time, Cost and Quality.
For a service oriented delivery model these same categories can be applied to IT operations and risks.
For example: What license compliance method do you use?
Having insufficient licenses in some solutions impacts service delivery, solutions stop working, hence impacting your service quality. To correct that will use time and typically generate cost for the additional licenses, or SLA penalties you’ll get.
You can “buy time” by not setting up an efficient method that ensures you stay compliant and are fully licensed, simply buy more than enough and have unused licenses consuming money (impacts costs), or do not yet buy licenses although you need them and risk an audit with a penalty (impacting costs and time consuming auditing process).
What is the cost of doing nothing? As indicated above it can flip into multiple directions, and basically comes down to generating additional cost and/or consuming additional time, and risking service degradation.
So maybe wiser to work on setting up a method to ensure you stay compliant, or at least informed about the risk that you are exposed to.