This article is the first of a four part series by AJ Witt of ITAM Review written in collaboration with ServiceNow’s Ryan Wood-Taylor & Peter Beruk. The series outlines how a strategic ITAM practice will deliver enhanced business value through creation of strategic stakeholder relationships.
to be followed by;
The full article series is also available as a whitepaper, downloadable here (no registration required)
A key finding from our recent user survey is that ITAM is in the ascendency. We’re gaining traction with senior leaders and increasingly seen as an essential function for enabling digital transformation. Here at The ITAM Review we’ve advocated for many years how ITAM teams are uniquely placed to provide a holistic view of the IT landscape through our people, processes, and tools. This holistic view improves strategic decision-making, helps break down silos, and identifies opportunities for innovation and service improvement.
This article series will provide a roadmap for enabling your ITAM team to gain seniority and convince your leaders that you are so much more than a team focused on records-keeping, audit defence, and cost management. In this article we’re going to look at the importance of stakeholder management to strategic ITAM. The rest of the series will look at engaging key functions and teams across your organisation to deliver a world-class practice to transform the value delivered by your IT investments. At the end you’ll be equipped to shift your team focus from reactive defence to being a proactive, strategic, and most of all essential business function.
Let’s start by reviewing some of the key trends in IT Management, as this will help us strategically align our activities with the priorities IT senior leadership are focused on.
The recently-released ITIL 4 standard has a strong focus on understanding and quantifying the value chain delivered by a business process, system, or investment, as does the IT4IT standard. This builds on ISO standards for ITAM (ISO 19770) and also ISO27001 (Information Security Management). With so many organisations now standing on digital foundations, looking at value creation as well as cost & risk is an important shift in mindset for IT Management teams.
For ITAM teams, a pure cost focus is short-termist and self-limiting. There are only so many contracts you can optimise, even in a large estate. Once processes are in place to improve contract negotiations your opportunities to make a difference on cost dry up. By turning outwards and focusing on value you’re immediately aligned with overall business objectives. Costs tend to zero whilst value is limited only by the success of the company’s products and services.
Digital Transformation is putting technology at the heart of everything your organisation sells – be that a physical device or a customer service AI bot. The technology we manage is closer than ever to the end consumer. It has become the means of production & value generation. Digital assets critical to value creation require the same level of continuous improvement, governance, and protection as a physical factory production line or supply chain. ITAM teams are well-placed to make a difference here and the proximity of technology to the customer makes Asset Management a strategic priority.
If technology is the means of production and value creation then you’d better ensure that it’s safe and secure. And if value generation depends on customers providing you with sensitive personal data then you’d better make sure you’re complying with regulatory requirements such as GDPR, and the upcoming California Consumer Privacy Act. Without that focus customers may choose to go elsewhere, or consumer protection authorities may even ban the sale of your product. We’ll see in this article series how ITAM teams can engage with Security Operations teams and leverage this management focus to mutual advantage.
CIOs continue to battle against the hodge-podge of legacy systems, a veritable Gordian Knot of interconnected systems creaking under the strain of years of under-investment. For a case study of what happens when the hens finally come home to roost, look at the travails of UK bank TSB as they tried to implement a new banking system. Two weeks downtime, 80,000 customers lost to rivals, and a total charge of $450m. As with the Equifax hack, imperfect knowledge of interconnected systems and the steps required to restore service directly contributed to this failure, resulting in senior leadership resignations and a grilling from legislative committees.
A traditional ITAM team may have been tasked with reducing technical debt, or ensuring a value chain runs smoothly by being asked the question “What are we running where?” Something that probably your tool could answer authoritatively, but leaves you as a bit-part player in a Broadway show.
The type of questions a Strategic ITAM team could answer are “How should we approach delivering this service for our customers?”, or “How can we increase capacity across our datacenter whilst cutting costs?”. You won’t find the answer to that inside your team, or your ITAM tool, or even your processes. To answer that sort of question you also need to bring together stakeholders from across your technology function. How do you do that?
Firstly, Foundational ITAM is still about People, Processes, and Tools, but critical to enabling this shift to Strategic ITAM is the ability to build strong stakeholder relationships both within and outside IT. Strong stakeholder relationships help ensure tools are implemented and running smoothly, that ITAM processes are integrated as part of business-as-usual, and that the right people are doing the right things across the IT organisation and beyond. In doing this technology teams are enabled to deliver the right services and products to our internal and external customers. The starting point for this activity is the same ITAM lifecycle we’re already familiar with; the difference comes in understanding the stakeholder requirements & benefits for each stage of the lifecycle.
An approach to the ITAM lifecycle many will be familiar with is as follows1
Each lifecycle stage will see an ITAM team working with different stakeholders. For example, HR will be a key stakeholder in the Joiners, Movers, Leavers (JML) process that forms part of Specify & Retire. Application Support teams will be key to Deploy & Operate, as will Security Operations. Acquire stakeholders will be Procurement & IT Financial Management, and so on.
ITAM is at the centre of all of this, and with our new focus on the value chain we must remember that the goal is that these activities create optimal value for our organisation and its external customers. It is our job as strategic ITAM teams to co-ordinate this lifecycle; to generate optimal value the best approach is to engage the required stakeholders, rather than try to do it all ourselves.
Taking a broader view, strategic, modern ITAM is more of a governance function than it is a day-to-day BAU function. Automation, Integration and AI is already handling BAU tasks for ITAM teams. This is mirrored by the ongoing transition of IT as a whole from being a predominately hands-on technical department to a strategic value generator and centre of governance. IT departments respond to business demand and become as much of a production line for business value as a physical factory does. With technology becoming increasingly decentralized, the need to manage and govern it centrally has never been more important.
Key to becoming a strategic governance function is the ability to engage stakeholders in your mission. There is simply too much to do to deliver everything with a single team. Furthermore, doing so simply doesn’t fit culturally with the rapidly evolving IT landscape of DevOps and Departmental (Shadow) IT. For the rest of this article series I’m going to focus on key stakeholders internal to the IT function. These are your building blocks for strategic ITAM – with strong relationships in place at this level you can begin to extend your reach and impact.
Our key internal relationships are;
These map in to the ITAM lifecycle as follows (N.B. for the purposes of this series we’re not considering Develop/Release – ITAM for DevOps is a subject in itself for a future article series).
N.B. The stakeholder list above is not exhaustive – it merely illustrates where the stakeholders we’ll cover in the rest of the series sit in the lifecycle
By getting ITAM embedded in IT delivery from the start – at the Specify stage – you’re getting off on the right foot. Architects & Business Analysts are faced with many approaches to solving the same problem, and ITAM has a big role to play in modelling different solutions from a cost, risk, and value perspective. Your estate-wide view will considerably enrich decision-making at this lifecycle stage.
The Deploy stage provides ITAM with the opportunity to deliver improvements in employee experience. By helping End User Computing & Service Desk meet their SLAs we can ensure license compliance, conduct license harvesting, and get employees the tools they need to do their job, when they need them.
The Operate stage has many stakeholders, but we’ll focus on engaging Security Operations teams for mutual benefit. There is an increasing focus on the power of ITAM, and particularly Discovery and Inventory, from Security Operations teams as they operate with the mindset of “you can only secure what you know about”.
For Retire our main internal stakeholders are those we’ve covered in Deploy & Operate – Security Ops, EUC, and Service Desk. Increasingly, this area will be influenced by external stakeholders too – HR for offboarding, and employees – who are, in a world of SaaS, important decision-makers at this lifecycle stage.
This article has outlined how shifts in the priorities of modern IT Departments delivering Digital Transformation projects provide an opportunity for ITAM teams to build seniority and participate in strategic decision-making. In order to do this ITAM teams will need strong foundations in People, Processes, and Tools along with the ability to build stakeholder engagement with “fellow travellers” in IT – Architects, Business Analysts, Service Desk, End User Computing (EUC), and Security Ops. With this in mind, the next article in the series will look at practical stakeholder engagement for Service Desk & EUC.
1 ISO197700-1 Annex A
ITIL v3 Overview Library – https://www.servicenow.com/success/champion/itil-overview-ebooks.html