Getting Started: How to Build an Effective ITAM Program
Identifying your priorities
IT Asset Management (ITAM) involves gathering the information you need to make effective use of and run your digital technology. The first step towards building effective ITAM within your organization is understanding what you want to achieve. To identify that, it’s useful to look at some of the reasons why companies have ITAM capabilities in the first place. For the most part, these fall into three main categories:
- Risk management: With a rise in global cybersecurity attacks, protecting customer and company data is top-of-mind for IT leaders. They also need to protect themselves from risk associated with unanticipated and unaccounted for software, cloud, SaaS or hardware spend.
- Cost management: Cost reduction is always a key to an organization’s success, especially during times of global economic uncertainty. Organizations need to spend wisely, so they can allocate more of their funds to innovation and be more competitive in a tough market.
- Growth and innovation: Quickly delivering new innovations and responding to employee and customer requirements are now fundamental to surviving in today’s economy. Fostering innovation starts by optimizing your current technology stack.
Some other event-based priorities can drive ITAM programs, including a large merger & acquisition (M&A), an audit or compliance event (sometimes triggered by an M&A), or the need to report on technology ROI to a board or C-suite.
Building a governance framework for your ITAM program
If ITAM’s role is to allow the organization to maximize the value from their technology assets while minimizing risk, then it is important to provide a framework within which this should happen. There is little value on reporting on opportunities to save, or compliance issues, if the business implications are not understood and the mechanisms for resolving issues, or taking advantage of opportunities, are not in place and accessible.
Every ITAM practice should include these elements:
- Mission statement: This statement articulates the goal of ITAM and should show a clear link between ITAM and your organization’s goals.
- Charter: The charter or roadmap sets out roles, responsibilities, accountabilities and reporting mechanisms. It also provides the ITAM function with a mandate.
- Policy: The policy will make it clear to everyone in the organization what the basic rules are around the way in which technology assets are managed throughout their lifecycle and why. This document should be accessible to everyone in the organization, not just ITAM or IT teams, so it needs to be clear, concise, easy to translate (if in a multilingual organization) and free from jargon. The policy does not dictate the details of how people work but what they need to take into account when dealing with technology assets.
- Standards: These are the mandatory standards or any relevant regulation (whether financial, industry-specific, environmental etc.), as well as standards the organization is aligned or compliant with (e.g. ISO 27001, ISO 14001, GDPR, HIPAA, etc.).
- Processes: This is where many people get ITAM wrong and try to include all the processes that touch on the IT Asset Lifecycle within ITAM’s scope. Most of these processes are owned elsewhere. ITAM is concerned with the oversight of the asset lifecycle and as such, ITAM processes are those that gather the relevant data about the assets and investigate and analyze it to identify where exceptions to policy are occurring and why. Processes should be documented at a high level, and need to be generic as they should apply to the full range of technology assets across the organization, and all the various data sources required to support the data analysis.
- Procedures: These are the more detailed activities that ITAM practitioners will undertake on a daily basis to support the processes and may be asset, vendor or system specific. They tend to be more technical in nature and are not designed for general distribution.
- Reporting: Provide evidence that your policies and processes are achieving expected results.
Selecting your supporting cast of people
In order to achieve successful outcomes, ITAM functions need people and technology to support the governance framework and carry out the supporting activities. One of the biggest mistakes we see is when organizations unrealistically put their ITAM program on one person’s shoulders. The size of your eventual organization will be dependent on the scope of services you provide and the size of the larger organization you are supporting.
While there is no easy answer to ‘how many people do I need’, as this will vary based on the size and complexity of the organization and the technology that is in use within it, it is important that there is someone accountable for the success of ITAM, and that the activities associated with ITAM are assigned to appropriate individuals either as their primary role or as a key part of their wider responsibilities.
Here are a few checkpoints as you select people to assist in your ITAM program:
- Estimate the number of resources it will take to develop and manage your ITAM tool along with your policies and processes.
- Decide if you’re supporting one geography or one department at the onset, or if this will be an organization-wide operation.
- Identify your realistic staffing costs and evaluate your current team’s internal expertise to choose one of these options:
— In-house staff and software
— Extended staff with partners for specific projects/expertise
— In-house staff with partner-hosted software
— Partner-based managed services
There is no magic formula for successful ITAM, but by starting with clear goals and objectives and putting in place the supporting governance, processes, people and technology, it is possible to build an effective ITAM capability that has real relevance to your business stakeholders.