5 Steps to IT Asset Management Success

5 Steps to IT Asset Management Success

With increasingly complex IT environments, IT asset management has never been more important.

By Phara E. McLachlan, Natheava LLC

Why do so many IT asset management (ITAM) programs fail? The short answer is simple: human error!

It may be more useful to ask why ITAM programs succeed. The answer: 20 percent technology, 80 percent effective policy and process, which boils down to communications, buy-in, accountability and teamwork. Policy and process are the foundations that keep ITAM programs from failing, but the key to success is almost always effective process management.

Why Is IT Asset Management Important?

IT asset management is increasingly complex, with intensified public information access through cloud computing, social networking, mobile data and free software combined with intensified security and regulatory requirements. Failure to communicate and enforce policies can spell disaster for any organization. Risk management factors alone are reason enough for establishing, communicating and enforcing effective ITAM policies and procedures.

Wandering off the ITAM Reservation

It's simply too easy for employees - and managers - to wander off the IT asset management policy reservation, often without realizing it. This human error boils down to two primary behavioral factors that can easily doom any ITAM program:

Awareness and understanding. Employees may consider policies against downloading free software or apps or even the trial versions onto their enterprise devices as silly and irrelevant. Why is it an issue? Most free software downloads are intended for consumer use and not commercial use. And it's likely those trial versions are not intended for commercial use or the trial version "never" ends. Any of these scenarios result in one true statement: You're out of compliance and, if you're using company equipment, your enterprise is out of compliance.

Employees may not understand how dangerous this "harmless" practice can be, despite warnings about software audits, compliance and piracy. Organizations must make employees deeply aware of these dangers.

Willingness to comply. Once people understand the reasons behind IT asset management policies, they should be more willing (if not always eager) to comply. Holding them accountable for IATM violations, whether they plead "ignorance" or not, should make them both willing and likely to comply. There will always be outliers who break rules, but prompt, fair enforcement should raise ITAM compliance to a higher and more manageable level.

There are five steps toward ensuring IT asset management program success, but let's start with a friendly warning.

Do Not Overreact

You just suffered a costly audit and your first reaction is to go nuclear: blow up the existing IT asset management program and start from scratch. Understandable, but unnecessary if you already have a strong foundational asset management practice in place for hardware, software and general IT. Don't reinvent the wheel. Instead:

  • Preserve the ITAM policies/processes that did work.
  • Determine why the ITAM policies/processes that did not work failed. If it was simply lack of enforcement, maybe the policy should be preserved and enforced. If the problem is deeper, consider changing it or scrapping it.

Now, what are the five steps for ensuring IT asset management program success?

Step One: Create High-level Ownership

ITAM policies and procedures must be aligned with specific organizational and departmental needs and strategies. They should also be practical, adaptable and effective. Getting the buy-in of your managers is critical.

How? Create an ITAM policy task force comprised of key executives from every group impacted. This creates accountable executive ownership of the ITAM policy management function. The task force is responsible for creating, communicating, monitoring, changing and enforcing IT asset management policy. The first job is creation of policies based on systematic rationalization of what the organization needs and establishment of processes and procedures for everything from software procurement and information security to compliance and disaster recovery.

Step Two: Centralize ITAM Policies

Decentralization may be a good business strategy for larger companies, but IT asset management policy should not be included. There may be policy exceptions for certain situations and groups, but even they need to be centralized in order to control costs, optimize IT assets and productivity, simplify IT processes and remain organized and compliant over time.

Step Three: Communicate, Communicate, Communicate

Then keep on communicating! Internal communication is critical. If employees don't understand ITAM policies or follow the prescribed processes and procedures, failure is only a matter of time. Effective communication occurs in four stages.

Get Employee Input: Gathering input using surveys and meetings informs the entire organization change is needed, and that management wants their help. More importantly, it gives employees at least a small sense of ownership when the policies are finally established. It is important to communicate expectations of the employee input process clearly including:

  • Employees are the backbone of the company, which is why we are asking for input.
  • Not all changes will be made or made right away, but we are listening. In order to do it right, we have to look at what will make the biggest impact on the entire company as opposed to an exception for one individual or one group.
  • We should all listen with an open mind. Employee input sessions  -- whether in-person, during a meeting or even online -- are meant for us to get some raw feedback and ideas.

It works especially well if a group manager or divisional head can gather feedback for his/her group and share it with the IT strategists.

Build Awareness: Once new IT asset management policies, process and procedures are established, they should be communicated frequently in multiple venues: dashboards, email notifications, login prompts, newsletters. Make sure policies are accessible at all times to employees on the company intranet and/or printed employee handouts. There should be no excuses for not being aware of ITAM policies, processes and procedures.

Create and Maintain Employee Buy-In: Even if employees provided input during the early stages of planning, it is important to build support by explaining how ITAM policies and procedures benefit them. People generally resist change and they despise red tape, no matter how logical or important. But they generally support changes they perceive as beneficial to them. So explain what's in it for them through such means as internal newsletters, town hall meetings, bulletin boards and one-on-one meetings with supervisors.

Provide Ongoing Education and Training: Aggressively build and maintain employee support for ITAM policies and processes as they change and evolve using the venues listed above.

Step Four: Evolve ITAM Policies and Processes as Needed

The work of the IT asset management policy task force is never complete. Once ITAM policies are established, the task force needs to meet on a regular basis - at minimum, twice a year - to assess efficacy and compliance, making adjustments as necessary.

Remember, the task force owns the entire IT policy management process, from start to ongoing maintenance. It's their responsibility to make sure ITAM policies, process and procedures remain aligned with all the changes occurring inside and outside the organization's doors. It is also important to note that all processes and procedures should be repeatable.

Unfortunately, while the policy task force needs to take ownership, their corporate responsibilities often get in the way of re-assessing ITAM policies and processes or it becomes just a check list. Often, we see that companies are more worried about SOX compliance or software audits than IT compliance, but the problem is that it all feeds into one another.

Comprehensive quarterly audits on policies and processes are a way to quickly identify gaps. For example, when a company changes hardware, there is a need to move applications, licensing is likely to change, and even data management and security are factors. This affects software compliance, IT security and potentially SOX compliance.

Step Five: Enforce IT Asset Management Policies

There is nothing more pathetic or useless than a toothless lion. Without teeth, ITAM policies and procedures will gradually be compromised and put your entire organization at risk. Deliberate breaches should result in fair, clearly communicated, unambiguous punitive consequences. Swift, early enforcement won't put an end to occasional grumbling, but it will eliminate most of the deliberate rule-breaking.

On the Same ITAM Team

From the highest executive to the newest rookie employee, ITAM program success requires one team marching in the same direction with awareness, understanding and willingness to comply. If managers break ITAM policies and processes due to a time crunch or an "emergency," employees will follow suit. If "minor" transgressions go unpunished, the word will spread quickly -- along with more transgressions. It's really not so different from parenting; if executives and managers set a good, consistent example, employees will follow their lead.

Phara McLachlan is the CEO of Natheava LLC, a management consulting firm specializing in IT and software asset management and advisory services.

  This article was originally published on Thursday Feb 11th 2016
Mobile Site | Full Site