ITAM is no longer about compliance

As ITAM emerges as a C-level imperative, it is important for ITAM practitioners to demonstrate their value beyond software licence compliance.

  • Thursday, 13th August 2020 Posted 4 years ago in by Phil Alsop

While software licence compliance is typically the main justification for establishing an IT Asset Management (ITAM) function, organizations should expect much broader benefits from their ITAM team. This is according to the first white paper published by the ITAM Forum, the new independent, not-for-profit professional body for the advancement of the global IT Asset Management industry.

In the new paper, titled “IT Asset Management in the 2020s”, the ITAM Forum makes the case for multiple benefits of ITAM beyond compliance, namely:

  • Cost savings: While compliance was often the reason to establish an ITAM function, cost savings are typically the main justification for maintaining one today. This is because roughly a third of software is wasted or unused, regardless of whether it is desktop software, SaaS subscriptions or cloud infrastructure.
  • Enhanced security: ITAM and InfoSec will become much more closely intertwined over the next few years as their roles overlap and areas like hardware asset management, managing ephemeral assets (e.g., containers, serverless computing, and FaaS) becomes more important.
  • Business agility and digital transformation: You cannot transform if you don’t know where you’re starting from. The better the visibility of what you have, where it’s located, how it’s configured, and how it’s being used, the faster you can change, and the more quickly a business can transform.
  • Risk management: ITAM mitigates a number of risks to the organization, from financial to operational, regulatory compliance and reputational (e.g. by avoiding/minimising the financial impact of an audit, minimising disruption caused by poor IT execution, loss of reputation due to an operational breakdown etc.).
  • Secondary benefits: In addition to the above, there are numerous indirect benefits to ITAM, such as facilitating mergers/acquisitions/demergers, improving interoperability between systems (particularly relevant for organizations that are integrating legacy and cloud systems) and an overall improvement in the management of the business due to the abundance of detailed and trustworthy data.

 

Melody Ayeli, the recently-elected chair of the ITAM Forum, has provided her commentary at the end of the paper, “In my 15 years within the industry, the majority of leaders and executives I’ve met have agreed that two of their key goals are to reduce costs and minimize risks in IT. Often these goals lead to initiatives that prompt significant investments in consulting services, proposed headcount reductions, and decreased funding for innovative and strategic projects. This approach may pressure the IT department to take a step backward, which ultimately can affect the entire business.

 

Proper IT Asset Management practices can support cost and risk reduction efforts without the typical methods to hold back on strategic projects, reduce personnel, and invest heavily in consulting services.

 

To achieve the collaboration needed to make ITAM a success, executives and stakeholders need to champion ITAM programs and recognize teams for cross-functional efforts to improve asset visibility in a centralized repository. By doing so, ITAM teams will be enabled to analyze and share back the information in a manner that helps other groups in IT and the business as a whole.  This is the trend we expect to see in the 2020s as ITAM becomes increasingly important to organizations.”

 

Martin Thompson, founder of the ITAM Forum and author of the report comments, “One of the objectives of the ITAM Forum is to help ITAM professionals better communicate the value of their craft to the wider business, particularly the C-suite. This paper is the first step in meeting this objective. As we continue our campaign to improve the reputation, awareness and professionalism of ITAM, it is important that we address common misperceptions about the ITAM industry. The first of these misperceptions is that ITAM is nothing more than a compliance function, and since cloud software reduces the risk of non-compliance (since you cannot deploy un-licenced cloud software), the role for ITAM is diminishing. This could not be further from the truth, especially in light of the changing way software is procured today, with many of it now purchased from outside of the IT function.

ITAM remains more relevant than ever for two reasons; 1., the majority of software within organizations is still traditionally licenced and thus remains subject to non-compliance (i.e. audit) risk e.g. ERP systems. 2., as cloud becomes more prevalent, the role of ITAM is shifting from licence compliance/audit defence to cost control, a process that becomes much more challenging when the majority of cloud software is bought from outside of IT. Our research has shown that a third of software is either wasted or unused, regardless of whether it is traditionally licenced desktop software, SaaS subscriptions or cloud. So far from diminishing ITAM’s role, cloud software simply demands more from it.”

 

Making the case for an organizational certification for ITAM

The ITAM Forum believes that an ITAM function stands the best chance of achieving the benefits outlined in the paper by using the ISO ITAM standard (ISO/IEC 19770-1:2017) as its foundation. This is why the ITAM Forum is working towards an organization certification against the ISO ITAM standard. The benefits of such a certification are laid out in the paper:

  1. Demonstrating good governance: With a globally recognized certification, ITAM professionals can demonstrate their competence to those who are less familiar with ITAM, such as top management and end users.
  2. Enforcing trustworthy data: Management can have more trust in the data provided by ITAM when they know it meets agreed standards, so they can make more confident decisions.
  3. Enforced linking into corporate objectives: In common with all other ISO Management System Standards – the objectives for an ITAM ISO system must be clearly linked into corporate objectives.
  4. Coordination with other ISO systems: Many organizations will have implemented other ISO Management System Standards, such as for Information Security Management (ISO/IEC 27001), Service Management (ISO/IEC 20000-1), or Quality Management (ISO 9001). With similar designs with make it comparatively easy for them to interrelate and integrate.

 

Concluding with why an ITAM certification is important, Melody Ayeli comments, “An ITAM certification will make it more worthwhile for organizations to invest in ITAM so that they can demonstrate to their peers and stakeholders that they meet the highest working practices in the industry. This in turn will drive further adoption of the standard, raising up the ITAM maturity of all companies and the value they get from their IT assets.”