Peter Drucker, a famous management consultant, was often quoted as saying, “You can’t manage what you can’t measure”. Proper management of ITAM processes are no exception. Sound ITAM processes must deliver on stakeholder requirements, but must also include elements that can be used to manage the process. Managing a process involves embedding into the process checkpoints that can be used to test the function, quality, efficiency and risk of the process. A brief discussion of the importance of each of these process management elements is the purpose of this article.
Function. Every process has the express charge of being functional, meaning that the process output, at the least, must meet agreed-upon stakeholder requirement(s). Function basically asks the question, “Does this process deliver on its purpose?” Before the formation of a process, there must be an agreed upon determined output and the proposed methods that will be used to gauge whether or not the process will deliver on its purpose. Of course, initially a process need not be perfect, but it must produce the agreed-upon output; over time, the process functionality can be optimized and its quality improved by the use of continual process improvement.
Quality. Quality addresses specifically to the quality of the data generated by a given process. Since ITAM processes result in the lifecycle management of assets and the creation and maintenance of asset records, the quality of the process data is a direct reflection of the quality of the process itself. In most all ITAM processes, the data produced is the primary purpose of the process, and where data is not the primary purpose, as is with purchasing a product or service, the data generated becomes key data and input for other uses. For example, an IT procurement process uses procurement data and activities to acquire goods or services; this is the primary purpose of the process. The key purpose of the process is the data generated, which is the financial, delivery and receiving data, which is used for other processes or activities. The process quality metric therefore tests for the completeness and accuracy of the procurement and asset record data generated by the procurement process.
Efficiency. Every process, whether automated or manual requires expenditures of resources, whether these are human activities or machine capacity (cycles) to execute; therefore, metrics extracted from processes should be geared toward determining if there is waste. The discipline of Lean IT focuses on weeding out waste and making processes efficient, at least as efficient as possible given the known requirements and resources for execution. Waste may not always be apparent from the start, but as time goes on and process metrics are examined, waste will become evident; therefore, it is important to always conduct process improvement.
Risk. Every activity within an organization carries with it some level of risk. Risk is a part of everything that we do in ITAM, from shopping for a vendor to disposing of an asset, there is inherent risk, whether obvious or obscured. It is the job of every process designer to identify the inherent risks associated with their process(s), build controls to mitigate the risk(s) and then measure whether or not the controls are actually working to curtail risk. Risk appetite is determined by the organizational leaders and should be clearly defined by policy and standards. The ITAM process designer must understand what an acceptable risk within their process is and determine how best to mitigate it; the only way to determine mitigation is to measure the effectiveness of the control. If there is a collision between a stakeholder requirement that the process was designed to meet and a level of acceptable risk that is not acceptable, then it is the duty of the process owner to consult with authority to waive risk.
Function, quality, efficiency and risk are the four guideposts required for the construction of sound processes and therefore must be measured to ensure that the process not only delivers on stakeholder requirements (output), but also is efficient, delivers usable and reliable data and does not violate established risk guidelines. As ITAM professionals, we owe it to our organizations to construct sound ITAM processes that can be measured to gauge the four guideposts explained.