Recently I published the draft IT Asset Governance Framework and asked folks to take a look at it. Much of the discussion that followed kept returning to the key component missing from the ISO standard: The value loop. This article is my expansion on that topic.
An ITAM function can pass every audit, satisfy every control, and file every report the standard asks for, and still lose its seat at the table. I have watched it happen. The work was solid, what was missing was anyone in positions of power to understand the value of what it delivered.
- Article: https://itassetmanagement.net/2026/06/17/a-new-it-asset-governance-framework/
- LinkedIn Discussion: https://www.linkedin.com/feed/update/urn:li:activity:7472940892417495040/
Value, for whom
The sharpest challenge came from David Mathias: “Someone says ‘value.’ I say, ‘for whom?'” Rob Froelich and Rory Canavan made the same point in different words: value is subjective, it depends on the observer. They are right, so let me be precise.
Value here is not an abstract metric you calculate for an asset. It is how the ITAM function is valued by the people who fund it and sponsor it. That is the “whom.” And it puts two different jobs on a team. The first is to deliver value: savings made, risk averted, decisions improved. The second, the one most teams neglect, is to articulate that value and communicate it to the people who matter. A function can be excellent at the first and invisible on the second, and invisible functions drift off the radar and lose their seat at the table.
The loop the standard already gives you
A management standard is a GPS. It does not eliminate risk any more than a satnav eliminates traffic; it gives you a system for managing it. ISO 9000, ISO/IEC 27001 and ISO/IEC 19770-1 all work this way. The governance loop is already built in: identify a risk, assess it, escalate it, record what happened and adjust accordingly. Run it and you will have a controlled, defensible function. Auditors will be satisfied.
The loop it leaves out
What the standard does not give you is a reason for anyone above you to care. There is no clause that says “keep proving you are worth the budget.” That is the gap the value loop fills. The governance loop keeps you safe. It does not keep you funded.
The value loop is selling
The value loop is the discipline of continually revisiting who you sold the ITAM function to in the first place, what they bought into, and then selling that value back to them. It is closer to the work of a business analyst or an internal salesperson than to governance.
This is not new ground. In Practical ITAM I argued the business plan had to be a living document, continually updated and communicated. The value loop is that idea grown up: not one document kept current, but a standing discipline of proving the function’s worth and selling it back to the people who fund it.
Translating ITAM into Business terms
Ryan Stefani made the fair point that value management still feels opaque, and asked the right question: quantify value how, and at what level? Not as a per-asset bill of materials. Value itemised asset by asset is value no executive will read. It has to be rolled up into the language the business already uses: money saved, risk reduced, P&L impact, efficiency gained.
The practical mechanism is a portfolio. Take a bank. Its ITAM function may have been stood up to survive software audits, and that is real, defensible value. But the same function should also keep a running portfolio of cost saved: renewals renegotiated, licences reharvested, surplus reclaimed.
Rory Canavan raised the apples-to-apples problem: the value of an e-commerce platform and an HR system are not measured on the same scale. True. The value loop does not need a single universal unit. It needs each contribution expressed in terms the relevant stakeholder recognises, with the running total kept in front of them.
Valuing the audit that never happened
The hardest value to show is the value of things that did not happen. A savings portfolio captures money recovered. It does not capture the seven-figure audit settlement you avoided, or the unsupported software you retired before it was breached.
It can still be quantified. Borrow the method security teams use: estimate the likelihood of the event and its likely cost, and the avoided expected loss is your number. The FAIR model does exactly this for risk. State the assumptions, keep them conservative, and present risk averted alongside cash saved rather than instead of it. A log of audits that have been thwarted, for example.
Selling upward when you are buried
Most ITAM functions do not report to the people who decide their fate. Dhakshayani Rajendran put it well in the thread: most organisations invest in delivering value but never close the loop back to those who need to see it. When you sit three layers below the C-suite, closing that loop means handing your own management the portfolio in a form they can carry upward: a single page, in their language, that makes you easy to champion. The value loop is not only your job; it is the thing you equip your sponsor to do on your behalf. Julia Veall, Vodafone, speaking at previous conferences commonly referred to selling upwards.
Thriving takes advocacy
A standard can make you control your assets. It cannot make anyone value you for doing so. The ITAM functions that thrive treat advocacy as part of the work: they evangelise what they deliver and sell it back, again and again, to the people who fund them. Maturity earns you the right to be heard; advocacy is how you are heard.
This is still a draft, and the thread has already sharpened it. Keep it coming.
