If your organization is looking to reduce its costs with IT assets, you should consider implementing an IT asset management (ITAM) system. Tracking your organization's IT assets is an effective way to reduce unnecessary spending on software licenses and IT infrastructure. This can eliminate the purchase of assets your organization already owns, utilize your organization's current assets more efficiently, and be better prepared for the replacement of old devices or expiration of software licenses.
Building your organization's IT asset management goals
Before implementing an ITAM system within your organization, you should first determine your organization's goals. It is critical to identify specific objectives and desired outcomes to assist you in developing a system of measurement to align with these objectives. Take a moment to list what you would like to achieve with your ITAM system and rate these achievements to determine what is most critical to your organization.
Determining your system of IT asset measurement
Once you have established your desired IT asset management goals, it is important to choose key performance indicators (KPIs) that measure the progress toward achieving your goals. This will help your organization evaluate the adequacy of its ITAM system. For instance, if your organization would like to emphasize software license compliance, your organization could track licenses by expiration date or the ratio of used purchased licenses to unused purchased licenses.
Using an effective measurement system not only assists in tracking assets but also provides beneficial information for future decision-making. As you strategize your ITAM system, be mindful of choosing logical metrics that correlate with your goals. Consider the following ways an ITAM system could provide value to your organization and the potential metrics that could be used for:
- Defining an IT budget by tracking asset costs
- Reducing discrepancies to the IT environment by identifying assets that cause service failures
- Optimally employing existing resources by identifying users with multiple workstations.
Establishing an IT asset repository
If there is uncertainty with where to begin in implementing your ITAM system, start by establishing a full IT asset repository. No matter the size of your organization, it is best practice to track your organization's IT assets to reduce the risk of not discovering lost or stolen assets. When deciding how your organization will maintain a repository, acknowledge who will be responsible for updating the listing, as well as how the process can be integrated into your existing IT service support management and change management systems. Be sure your organization's repository incorporates all relevant IT assets, including:
- Hardware and software
- Network and communication infrastructure, servers, and applications
- Mobile devices
- Cloud assets
For each item in the repository, be sure to include the following relevant information as well as any additional critical metrics you identified previously to measure the progress toward achieving your organization's goals.
Model and serial numbers
Maintenance, repair, change, and upgrade information
If your organization must comply with industry regulatory requirements such as HIPAA and PCI, it may be useful to record where critical or sensitive data is stored to increase the efficiency of audits.
ITAM throughout the IT Asset Life Cycle
ITAM is more than just maintaining a listing of assets; it extends to processes in each step of an asset's life cycle. The IT asset life cycle is a series of stages that an asset goes through during an organization's ownership, from requisition to retirement/disposal. In order to establish and maintain a robust ITAM system, your organization should consider the processes and controls in place surrounding each stage in the cycle.
- IT Asset Requisition
During the asset requisition stage, controls should focus on the proper authorization of asset purchases. The authorizing person or group should reference the asset repository to check if a requested item is actually available to avoid unnecessary purchases and confirm that the requested item is compatible with company policies.
- IT Asset Procurement and Receipt
In the procurement and receipt stage, orders should be placed only to approved vendors, and vendor lists should be reviewed periodically to avoid purchases from unauthorized vendors. The IT asset manager should anticipate delivery times and verify that new assets are logged either upon delivery or before releasing to the user.
The receiving department’s manager is responsible for reconciling received assets with original requests to ensure that delivered equipment that is faulty or that does not match the purchase order is returned to the supplier and not added to the asset repository. The receiver should also assign a unique identifier for the asset as communicated by the asset manager. At this point, the asset should be recorded in the asset repository with relevant information covered in the previous section. The IT technician then schedules installation, as needed.
- IT Asset Deployment
The deployment stage puts the asset to use. The asset repository should be correct prior to the deployment of equipment to users. The IT technician is responsible for installing IT equipment for the user and making sure it is configured and ready for use. The user should receive training on how to use the asset, with additional training available, if needed. Employees should sign an acceptance form for the equipment once it is delivered. This form should be recorded or kept in the user's personal HR record so that equipment can be retrieved if the individual leaves the organization. If an asset was previously deployed to a different user, a process should be in place to wipe information from that asset before cascading to the new user.
- IT Asset Maintenance
Asset management is a continual process. As such, ensure that your organization consistently follows its ITAM policy as your assets go through maintenance, repairs, and changes. A clear policy should be documented to cover what changes are acceptable, who is responsible for authorizing changes, and what action will be taken if the organization's procedures are not followed. Significant maintenance, repairs, or changes surrounding IT assets should be recorded in the asset repository prior to releasing equipment.
Your organization should have regular audits of its databases and workstations, as well as regular reviews of systems and procedures with recommendations for improvements, where necessary. Consider the legal and regulatory requirements in terms of software licenses and contractual issues, such as maintenance contracts, insurance contracts, and lease contracts.
- IT Asset Retirement/Disposal
Eventually, it will be time to dispose of or retire your assets. Ideally, the replacement of assets is planned and not as a consequence of an item suddenly ceasing to function. Any addition to your asset repository leads old equipment out. A process should be in place to wipe company information from an asset prior to disposal using a professional third-party.
When equipment is re-issued to a user, old equipment should be removed at the time of issuing new equipment. A return form should be completed, with a copy sent to HR for the employee's record. The employee's manager is typically responsible for the return of equipment.
ITAM can seem like a daunting process. It is important to initiate the process with a plan based on the needs of your organization. Avoid getting bogged down by too many details by only tracking information that will be most useful to decision-making in your organization.
Connect with a Freed Maxick IT Asset Management Consultant
If you are interested in establishing an ITAM system for your organization, or improving your organization’s controls surrounding the IT asset life cycle, our Risk Advisory Services team can work with you. Our internal control consultants will conduct an examination of your organization's ITAM system to identify weak areas. We can recommend the appropriate level of control for your organization and develop systems to monitor, assess and update those controls.
For more information regarding how Freed Maxick can help, please call 716.847.2651 or contact us here.