A well-designed ITAM Management System will lay the foundation, defining the roles of people, processes and data in IT Asset Management, delivering outcomes and supporting departmental, executive, and organizational goals aligned to a Control Framework. This ITAM Management System drives business value through agile forecasting, elimination of waste, and enablement of strategic business outcomes such as improved security and bottom-line financial savings. It can be tangibly tracked against a regulatory framework to demonstrate how the ITAM operating model effectively satisfies control objectives. In our recent eBook, ‘ITAM Program Transformation’, we walk you through the process of assessing and defining the desired outcomes for your ITAM program. This eBook addresses the essential steps of garnering stakeholder buy-in to secure program approval and provides an operating model and RACI.
Once the program has been defined, it is not uncommon for the rollout and implementation to stall and stagnate. In this blog, we will discuss how to prevent this and roll out your ITAM Program successfully, keeping both your executives as well as the Governance, Risk, and Compliance executives happy.
Common Challenges Leading to ITAM Program Delays
Many factors can prevent an ITAM program from rolling out efficiently and effectively. Often, there is a lack of buy-in across the business, not just C-Level, which is crucial to driving lasting and impactful change. When different areas of the business do not understand how the change will positively impact them, or what they are being asked for, they have no incentive to support the program. The SAM/ITAM team may be perceived as a blocker to getting work done by putting new processes in place that slow or prevent business-as-usual activities. Software requests may not be completed in the required time frames and SAM may not even be consulted during software implementations, or software negotiations may be carried out late, without strong internal (deployment and usage info) and external (vendor incentives and behavior) intelligence. There may be misalignment between internal departments and outsourcers. The purpose of a SAM team isn’t only to create point-in-time compliance positions, but to drive business value from this intelligence.
Misalignment can also occur on a departmental and organizational level. When initially planning and designing the Management System it is critical to foster a broad-based, cross-functional stakeholder group. One way to naturally align these sometimes disparate interests is to involve the Governance Risk and Compliance (GRC) function and understand their requirements relative to regulatory control and reporting. A mature IT Asset Management program can be adapted and aligned to any number of Risk Control Frameworks (CIS, NIST, ISO 27001, FBA/FFIEC, NYDFS, etc). This way, the trustworthy data proactively managed to create value in the IT Asset Management space can also be used to demonstrate regulatory compliance. Involving GRC and aligning the ITAM Management System with your organization’s Risk Control Framework requirements is essentially killing two birds with one stone.
Visibility and transparency of value creation often pose challenges for ITAM departments. There will also be business-as-usual activities that need to be carried out by the SAM/ITAM team and this may mean that, despite a plan being in place to make the changes to drive greater program maturity and regulatory compliance, there is a lack of resources to deliver the program implementation, and a lack of effective communication to shift the mindset from reactive event-driven support (e.g. an audit) to proactive growing of business value over time. Anglepoint’s experts have seen organizations scale back to their pre-COVID size, trying to deliver unclear profit and growth targets without the justification and support for the resources required to make meaningful changes. Effective management of regular audit activities is critical to proactively address potential commercial, reputational and regulatory risks. This constant firefighting approach can result in software asset management (SAM) not being perceived as a strategic value-added partner.
You may find that some or all of these challenges resonate with your situation. Addressing these issues is vital for achieving the organizational change outlined in your plan.
Getting your ITAM Program Back on Track
Getting your ITAM Program back on track will require ensuring that all stakeholders across the business take accountability and understand clearly how the program aligns with their specific business objectives and requirements. Through rolling out an awareness and plan (or playbook), you will be able to demonstrate how the ITAM program will meet all these objectives and ensure that the value can be recognized and easily understood by stakeholders in various functions and departments. It is also recommended to engage key cross-functional stakeholders via focused 1-1 interviews to gain a deeper understanding of their insights, perspectives, and expectations of the Program. This approach will help secure the necessary support and internal resources for the implementation of your ITAM program. This plan’s successful implementation must also encompass all the processes, policies, procedures, controls, and tests of effectiveness that have been defined, including each department’s expectation (e.g., procurement to provide structured spend information). Clearly outlining these aspects, along with the resources, systems, data points, and technology required to measure the business changes, will align the different teams and allow them to better understand the reasoning behind what has been deemed as SAM ‘blocking’ or ‘slowing down’ necessary business activities.
The intelligence and business context required to make informed decisions and achieve business goals comes from information provided by the ITAM outputs. Having a clear view of accurate and trustworthy data, understanding the data requirements, and translating this into actionable insights in the stakeholder’s language is what will help to deliver on the business and GRC stakeholder requirements. Configuring tools and closing data gaps will provide information that drives this intelligence and provides visibility of cost and risks along with forecasting, tracking of optimization opportunities, as well as potential areas of regulatory non-conformance that can be flagged for remediation. Normalizing visibility of your inventory and consumption data in a consumable format mapped to an aligned set of controls and tests of effectiveness will prove a vital component in the delivery of this intelligence and risk remediation management.
Following the key areas and processes defined in the ISO 19770-1 standard will help the program track all activities that have been undertaken, building a log of risks and blockers that will feed regular executive reporting to summarize program progress and highlight key risks/escalations. This will ensure stakeholders are continuously informed, satisfied with progress and able to identify and manage risks and blockers proactively. If you do not clearly define these, and bring the stakeholders on during planning and design, then the program is doomed for failure when you get to this stage, as all relevance will be lost. This is especially true if there exists a very proscriptive risk or regulatory framework with detailed reporting requirements to demonstrate compliance.
Our recent article, “What is ISO 19770 and Why is it so Important – How do I get started” explores the ISO 19770 accreditation and educates the reader on what the ISO assessment includes, the benefits it offers, and why this is important to an organization and its stakeholders.
If you would like to receive a customized report to discover if your organization is ISO/IEC 19770-1 ready, you can take Anglepoint’s Readiness Assessment Quiz. You will receive a personalized report with tailored feedback that includes needed improvements.
The Deming Cycle (plan-do-check-act), on which this standard is based, will help you ensure that the rollout of your ITAM program moves forward, but more importantly that it goes through a cycle of continuous improvement. As every aspect of your ITAM program is implemented, this framework scrutinizes the changes and highlights improvements based on your defined outcomes or KPIs. This allows adjustments in your ITAM Management System to be considered and implemented on an ongoing basis to facilitate continuous improvement as well as closer alignment to ISO 19770 Framework best practices. Just as the business grows and evolves, so too must your ITAM program to meet the ever-changing requirements of stakeholders.
Scaling up the Expert Resources
As we discussed earlier in this article, for most organizations, embarking on a substantial project like this can be hampered by a lack of skilled resources, and programs can struggle to understand where to start. Transformation projects can be expedited by seeking outsourced support from a provider that is aligned with ISO/IEC 19770-1. This foundation ensures the people, processes, and data in IT Asset Management come together to drive agile forecasting, eliminate waste, and enable strategic business outcomes. Your chosen partner will help you manage this process and, if desired, put you on course to achieve the ISO 19770-1 accreditation for your organization.
Anglepoint recently participated in an on-demand webinar with The ITAM Forum, “How to implement an ISO/IEC 19770-1 Management System”. This webinar addresses what is (and isn’t) a management system, how to create and implement a management system, and what steps to take next. Our Director of ITAM Program Transformation Service Delivery, Brian White joined the panel answering questions about the importance of ISO 19770 and how to implement it effectively in your organization. Join the ITAM Forum to view the webinar.
Anglepoint’s ITAM Program Operation Service has been designed to support the process of standing up, running and continuously improving your ITAM Program. If you would like to discuss how we can help you implement, manage, and improve your ITAM program, please contact us.