For ITAM to thrive, it must sell itself

Value here is not an abstract metric you calculate for an asset. It is how the ITAM function is valued by the people who fund it and sponsor it.

Written by: Martin Thompson

Published on: June 24, 2026

Recently I published the draft IT Asset Governance Framework and asked folks to take a look at it. Much of the discussion that followed kept returning to the key component missing from the ISO standard: The value loop. This article is my expansion on that topic.

An ITAM function can pass every audit, satisfy every control, and file every report the standard asks for, and still lose its seat at the table. I have watched it happen. The work was solid, what was missing was anyone in positions of power to understand the value of what it delivered.

Value, for whom

The sharpest challenge came from David Mathias: “Someone says ‘value.’ I say, ‘for whom?'” Rob Froelich and Rory Canavan made the same point in different words: value is subjective, it depends on the observer. They are right, so let me be precise.

Value here is not an abstract metric you calculate for an asset. It is how the ITAM function is valued by the people who fund it and sponsor it. That is the “whom.” And it puts two different jobs on a team. The first is to deliver value: savings made, risk averted, decisions improved. The second, the one most teams neglect, is to articulate that value and communicate it to the people who matter. A function can be excellent at the first and invisible on the second, and invisible functions drift off the radar and lose their seat at the table.

The loop the standard already gives you

A management standard is a GPS. It does not eliminate risk any more than a satnav eliminates traffic; it gives you a system for managing it. ISO 9000, ISO/IEC 27001 and ISO/IEC 19770-1 all work this way. The governance loop is already built in: identify a risk, assess it, escalate it, record what happened and adjust accordingly. Run it and you will have a controlled, defensible function. Auditors will be satisfied.

The loop it leaves out

What the standard does not give you is a reason for anyone above you to care. There is no clause that says “keep proving you are worth the budget.” That is the gap the value loop fills. The governance loop keeps you safe. It does not keep you funded.

Great score, no audience. For ITAM to thrive, it must sell.
Great score, no audience. For ITAM to thrive, it must sell.

The value loop is selling

The value loop is the discipline of continually revisiting who you sold the ITAM function to in the first place, what they bought into, and then selling that value back to them. It is closer to the work of a business analyst or an internal salesperson than to governance.

This is not new ground. In Practical ITAM I argued the business plan had to be a living document, continually updated and communicated. The value loop is that idea grown up: not one document kept current, but a standing discipline of proving the function’s worth and selling it back to the people who fund it.

Translating ITAM into Business terms

Ryan Stefani made the fair point that value management still feels opaque, and asked the right question: quantify value how, and at what level? Not as a per-asset bill of materials. Value itemised asset by asset is value no executive will read. It has to be rolled up into the language the business already uses: money saved, risk reduced, P&L impact, efficiency gained.

The practical mechanism is a portfolio. Take a bank. Its ITAM function may have been stood up to survive software audits, and that is real, defensible value. But the same function should also keep a running portfolio of cost saved: renewals renegotiated, licences reharvested, surplus reclaimed.

Rory Canavan raised the apples-to-apples problem: the value of an e-commerce platform and an HR system are not measured on the same scale. True. The value loop does not need a single universal unit. It needs each contribution expressed in terms the relevant stakeholder recognises, with the running total kept in front of them.

Valuing the audit that never happened

The hardest value to show is the value of things that did not happen. A savings portfolio captures money recovered. It does not capture the seven-figure audit settlement you avoided, or the unsupported software you retired before it was breached.

It can still be quantified. Borrow the method security teams use: estimate the likelihood of the event and its likely cost, and the avoided expected loss is your number. The FAIR model does exactly this for risk. State the assumptions, keep them conservative, and present risk averted alongside cash saved rather than instead of it. A log of audits that have been thwarted, for example.

Selling upward when you are buried

Most ITAM functions do not report to the people who decide their fate. Dhakshayani Rajendran put it well in the thread: most organisations invest in delivering value but never close the loop back to those who need to see it. When you sit three layers below the C-suite, closing that loop means handing your own management the portfolio in a form they can carry upward: a single page, in their language, that makes you easy to champion. The value loop is not only your job; it is the thing you equip your sponsor to do on your behalf. Julia Veall, Vodafone, speaking at previous conferences commonly referred to selling upwards.

Thriving takes advocacy

A standard can make you control your assets. It cannot make anyone value you for doing so. The ITAM functions that thrive treat advocacy as part of the work: they evangelise what they deliver and sell it back, again and again, to the people who fund them. Maturity earns you the right to be heard; advocacy is how you are heard.

This is still a draft, and the thread has already sharpened it. Keep it coming.

1 thought on “For ITAM to thrive, it must sell itself”

  1. While there is something very tangible and understandable about communicating up to those who are sponsoring ITAM (and, perhaps, an ISO initiative) that feels incomplete to me. Does one want ITAM to live and die on the basis of the career prospects of one or more executives? I’m not intentionally creating a straw man argument, but it feels like that is where this argument heads.

    Your elaboration clearly calls out there are other stakeholders, and that “advocacy” plays a role in your framework. So, I feel like there are two types of value at play here: aligned value (or sponsored value(?) which comports with top-down, ISO or framework guidance/mandates) and a more unaligned value which is professional competency or even “goodwill.”

    While “silos” get a lot of bad press these days from the ITIL and Agile crews, I think horizontal partnerships and alliances are critical as well. If we agree that ITAM is foundational as a “good thing” in itself as well as a facilitator of other disciplines and practices that rely upon truthful data, then the ITAM practice should aim to institutionalize itself. (Yes, I realize the current vibe is that institutions are unaccountable; and that’s part of the psychology of needing to constantly justify the value of their contributions to the firm.)

    I think this is likely a case where maybe I’m just misunderstanding the relevant weights of value in your model. In an ITIL or SACM sense, the “value” that a well-funded ITAM practice provides is not limited to what is delivered up, but rather what is delivered around and throughout the organization. That’s the multidisciplinary part that we all talk about in terms of having too many “masters”: finance, procurement, infra, disposition, strategy, compliance, etc. The fact that everyone gets a pound of flesh builds the constituency for the practice and reflects the horse-trading involved in the “little p” politics of institution building. Those other functions are your advocates to senior leadership when your voice alone is insufficient to sway an argument in your favor.

    Now, I will again call out that MSP practitioners are probably not your typical audience for these discussions and models. They have less reach into their customer organizations, and less independence of communications and operation. They can be grafted on or quasi-parasitical in some contracts. And there may be additional layers of bureaucracy to penetrate where they are managed as vendors rather than partners. Still, by making themselves valued and essential partners to their customers they can still normalize the concept of ITAM function as an “institution.”

    Some (names unmentioned) ITAM certifying bodies clearly lay out that among the various practice areas that support ITAM, some are more essential than others. If I recall correctly, the communications practice area is considered absolutely core. In that respect, I sense no discrepancies in your recommendations from a best practices perspective.

Leave a Comment

Previous

A new IT Asset Governance Framework

Next

Would you like AI with that?