I’ll be hosting a panel session at our conferences later this year entitled “The ITAM department of the future – from administration to leadership”. In preparation for our panel I sought the advice of the ITAM industries leading experts. For full details of our conferences and to book your place please see our events page here.
Thinking ahead as ITAM develops as a discipline and progresses from administrative function to central business intelligence for IT decision making – where should it sit ideally within the business and how should it be resourced?
“Because ITAM and SAM is a shared service that crosses many different IT and non-IT domains, where it sits within an organization is highly dependent upon the business drivers for the program and what functions the program controls.
In larger organizations, there will be overlapping teams that share processes and data, but have very different objectives and functions. For example, a separate team that specializes in IT financial management might do chargeback. In smaller organizations, chargeback or its complement, show back, might not be done at all. If we look at the business drivers, when the focus is on total cost of ownership, ITAM/SAM is typically an objective for procurement or sourcing teams.
If the focus is on operational efficiency and effectiveness then the program might be based in IT Operations. In large organizations, it might reside within shared services because they are focused on service delivery. This is an important question for organizations to figure out early on, because in my experience at Gartner, this is where I saw ITAM and SAM programs fail when the mission wasn’t clearly articulated.
In summary, there is no one correct answer for where ITAM and SAM function should reside, it is very business and function specific.” Patricia Adams, ITAM Evangelist, LANDESK
“Should it sit in ITSM? Should it sit in Datacentre or even Desktop or both? Or should it sit in Procurement, Finance or Compliance/Governance? My experience so far is that it errs on the side of procurement but I don’t think that’s the natural home for it either.
Furthermore each organisation interprets the requirement and placement of ITAM differently than the next organisation. All of the departments named have a vested interest as they are all affected by ITAM and have a requirement from ITAM as either supplier of BI or requester of data.
Perhaps this might help you decide where it sits (if it at all does sit somewhere)
- If you have an inventory tool for license optimisation the support and delivery sits with your datacentre/application support team.
- The responsibility of the deployment of agents / gathering of inventory is with D/c and or desktop teams
- The entitlements in your tool are the responsibility of Procurement to manage and maintain.
- You are responsible for the reporting output of the tool and license analysis for your stakeholders in Procurement/Finance, Desktop and Datacentre.
But that still hasn’t given you a natural home, maybe because there isn’t and maybe because ITAM in it’s own right is a newly created department that needs to act as the glue to all of the above stakeholders.” Djuror on The ITAM Review Forum
“I’m not yet convinced that ITAM *is* progressing into a centralized business intelligence for IT. It should be…. but the increase in license complexity and subscription models are certainly vectors that inhibit the progress.
In many cases, customers should consider outsourcing ITAM in order to bring in process experts to work with the internal crew who operate the process. This changes the model from Management to ‘Governance’ and allows the cost of ITAM to be quantified and evolves the benefits of ITAM.” Steve O’Halloran, AssetLabs
“I agree in that the function stands alone but integrates into several other parts of the business. How you align the function will also depend on where your focus is. Desktop licence management sits well alongside IT Ops and service desk, however licence optimisation in the datacentre requires much closer collaboration with technical architecture, ensuring optimisation, cost and compliance are factored into the original design and then into on-going change management processes.
The introduction of subscription licencing and of licence mobility to public cloud makes licence management and optimisation more complex and increases the need for in house expertise in these areas.
I do agree with Steve that ITAM is a long way from becoming “central business intelligence for IT decision making”. In many organisations it is still somewhat of an afterthought… something that can be cleaned up later or negotiated away.
As to your question on how to resource it, In my experience you need internal knowledge to run and manage the day to day and to create a core knowledge base across your most important products/vendors. Ideally these people would come from a technical background with good troubleshooting skills. The licencing knowledge can be taught; troubleshooting, communication skills and initiative are things you gain only from first hand experience.
To compliment this you may require one or more SAM partners you can call upon when required who can provide detailed knowledge in specific areas to fill the gaps or to sanity check some more complex or niche activity.” IanFischer on The ITAM Review Forum
“It’s often not a business level requirement for smaller organisations to dedicate an entire department to ITAM and we have commonly seen this form just part of a person’s role. Generally, these people will be aligned to IT, but it’s also been seen that the people are aligned to Procurement, Finance or Operations. Whilst these departments should absolutely have a view of the outputs being produced, the knowledge around other more technical areas such as discovery, recognition, installation, removal, patching etc. is not core to these departments and so in smaller organisations; this should still be regarded as a function that IT departments are responsible for.
For larger organisations, it is common to have more than a few dedicated resources to managing ITAM and therefore department alignment could potentially be changed dependent on the maturity level of the organisation. For example, an organisation starting/renewing an ITAM implementation may decide that internal audit alignment is best in the earlier days to ensure a feed of the outputs being driven to the exec team through an already established channel. This approach may also help to keep the outputs impartial since the internal audit team does not own the assets. This may, however, not suit organisations with an established ITAM department where ITAM is already BAU and more around keeping things under control than tracking remedial progress. In these cases, we believe that an ITAM function would be best either within the IT department, or potentially an Operations department if the business has also established other general asset management processes and ITAM is just an extension of these.
With respect to resources, organisations should aim to collect skills through a number of stakeholders from different departments to form a virtual team, or hire a number of resources that between them can cover the key aspect required. We believe these to be technical, licensing, management, negotiation, financial/risk reporting, process definition & implementation and vendor management skills.” Barry Johnson, Brainware Technologies ltd
“ITAM has no natural home because ITAM has operational (‘should we buy a license? Where are my laptops?) and governance aspects (what processes, people, tools and partners do we need in place to answer these questions and manage our risks). It is very difficult to do both well within a single function, particularly in large organisations, and the profession is not developed enough to articulate clearly that both aspects exist and that perhaps the two functions should be split.
This combination of operational and governance aspects is no different to either Information Security (operational = access control; governance = assurance processes) and Procurement (operational = procure to pay; governance = vendor and relationship management). Even where the operational aspects are separated from the governance aspects, both of these functions either report directly to the CIO or at one remove because the risks they manage are so significant for the business.
Why does ITAM struggle to find a home? Because the priority organisations place on risks drive organisational structure decisions, and ITAM risks, in addition to being quite small and low priority in the scheme of things (yes, they really are, despite the sound and fury!!) are actually a subset of Info Sec (the concern is not the lost laptop but the data ON the laptop) or Procurement (software non-compliance is essentially breach of contract) or IT operational risks (making sure assets are available and fit for use when required) and financial risks (making sure hardware and licensing lifecycles are optimised)… So the natural home for ITAM actually depends on the priority organisations place on the risks they face.
If they are concerned about tightly controlling costs it may sit with finance, if the concern is compliance risk it may sit with procurement (when all is said and done, a software audit is really a vendor negotiation), or if they are really worried about the data on their laptops, it may sit with Info Sec (although these days Info Sec would just insist on hard drive encryption and stop worrying), if Service Delivery is a priority it will sit in IT Service Management and will likely be called ‘Service Asset and Configuration Management’.
So ITAM has no natural home, and the decision as to where it sits is dependent on business and IT strategy, and, me personal view is that a lot of the issues ITAM faces being heard are related to the fact that we aren’t aligning ourselves properly to the business and IT strategy and are banging our heads against a brick wall escalating risks that the business or organisation is actually willing to accept rather than focusing on the ones the business wants us to do something about.
Note I’m not saying ignore the other risks…. ITAMs should implement a formal risk management process where you identify and escalate all ITAM risks, but let management decide which ones to mitigate and which ones to accept.” Kylie Fowler, ITAM Review Forum
“IT Asset Management (ITAM) is normally directed by the IT department, and should remain under IT control in the future. Resources vary based on organization size, but is typically 1 to 3 employees. Of course, IT assets may be handled by people outside the IT department, i.e.: financial department may work with IT assets while managing procurement, depreciation, etc. Due to its integrative nature, ITAM systems typically have an interface with ERP systems.
When it comes to Software Asset Management (SAM), we find that SAM responsibilities typically also fall within the IT realm, as most of our customers align IT to ITIL, and operate SAM as a subtask of IT Asset Management. Since technical and financial benefits often initiate a SAM deployment, SAM may be managed by Procurement in some cases as well. This may occur if SAM activities originated from the license perspective.
As a SAM program matures, we see a natural evolution in hierarchy, when successful SAM begins to impact larger areas such as legal, and risk management. This is a terrific opportunity to move from reactive, to accountable SAM.
Ideally, the most successful SAM structure integrates a variety of competent, educated stakeholders who can execute decisions, while reporting to C-Level management. This foundation ensures the vital companywide collaboration needed for truly strategic SAM.”
Hans-Peter Kozica, Managing Director, Aspera
“IT Asset Management is a function that adds value to a number of different stakeholders and the business as a whole. I see ITAM as a being the hub of all good things related to IT data – a spider if you will – that collaborates with the likes of HR, IT Security, IT Ops, Legal, Finance and Procurement.
Due to those reasons, ITAM does not have a natural home as yet. It is also because the overall ITAM strategy differs between organizations. The objectives and overall goals of IT Asset Management may be purely software licensing in one organization – but a focus on hardware assets in another.
In terms of resources an ITAM Team will always need a combination of people, processes and technology in order to effectively manage assets. That is the case for today, and will be the case for tomorrow.” David Foxen, Software Asset Management Evangelist, Snow Software
“The influx of IoT (Internet of Things) and connected devices will continue to introduce new demands on IT departments globally. Challenges will evolve as security and new compliancy rules continue to challenge the landscape. SAM, ITSM and GRC (Governance, Risk Management, and Compliance) have already emerged as key components of ITAM today.
CIOs of the largest Fortune 500 enterprises are quickly realizing how the alignment and management of an enterprise’s assets have helped to become the backbone of the modern day business. ITAM has provided them with a proactive approach to streamlining business processes. Many of them have quickly realized instituting a common IT language enriched with valuable asset data is the most reliable way to ensure alignment, mitigate risk and reduce unnecessary spending across an enterprise.
A common language can break the cycle of costly reactions, putting the power of a proactive approach back in an organization’s hands. Those benefits can quickly transcend to other business lines and departments. However, ultimately, the discovery and maintenance will continue to be at the forefront of the management of devices and that will continue to remain in the hands of the IT department.” Cathy Won, BDNA
What is your view? Join the conversation and add your opinion in The ITAM Review forum here. Learn more about the ITAM Review conferences including our ITAM department of the future panel session here.