Process Improvement – C&E and C&L Quick Success Project to Improve Your ITAM Program

By Dr. Barbara Rembiesa

This month’s QSP (Quick Success Project) will be a little different. I am addressing 2 Key Process Areas from the IAITAM Best Practice Library that greatly affect the success of an ITAM Program:

  • Communication & Education
  • Compliance & Legislation

The first I wish to address is Communication & Education. As stated in the IBPL, Communication & Education is one of the core processes that build the foundation for all other process areas. Without effective communication and education within the environment and throughout the external relationships an organization’s ITAM policies and enforcement of those policies are doomed to fail.

This first part of the column will feature the Quick Success Project, Policy Communication Process and how it will bring about change and ease policy enforcement efforts within the organization.

As stated on many occasions, the primary business drivers for an organization are Financial, Efficiency and Risk. Effective communication does not directly impact the bottom line and reap an easily calculated financial reward for the organization, but after careful review, through efficiencies due to comprehension, an understanding of the policy throughout the organization and avoidance of risk because all parties understand the policy, indirect financial gains can be realized in terms of time savings alone! This and other soft dollar savings due to effective communications and proper education can avert project failure, missed deadlines and additional delays down the road.

Organizations Depend on Communication & Education

Communication & Education will require many people directly supporting the ITAM program and impacts the entire organization when it comes to awareness and understanding of policy. Proactive change management requires planning and communicating for change, followed by the necessary training to ensure that the adoption of these new policies are successful and that employees truly understand how to adhere to the new policies.

Departments within the organization in the past have been able to operate rather autonomously, each dependent on the other for the success of the overall business strategy but not dependent on one another for the function of the individual department. Information Technology changed that business model forever. The good news is that managing those interdependencies is possible with a strategic plan for communication and education of the organization’s policies as they pertain to IT assets.

Quick Success Project for Defining the Policy Communication Process

The Policy Communication Process is imperative for effective ITAM Program Management. Employees that don’t comprehend the meaning of and necessity of the policy can cause devastating effects to the success of the ITAM Program. Exercising a clear, concise way of communicating existing and new policies will help employees understand what is expected of them and the impact of noncompliance actions. This will also help to protect the organization by acting in accordance with regulatory matters in maintaining compliance.

Impacts, benefits, and outcomes of this project to the ITAM Program and to the organization
  • Ensures that your employees understand policies
    • Following the guidelines of making policies easily understood so each employee is clear to the meaning in a consistent manner.
  • Ensures that employees are regularly updated on existing and new policies
    • New policies are mainstreamed quickly and accurately and existing policies are refreshed on a regular basis
  • Promotes adherence to policies
    • With the understanding that policies must be equally enforced, procedures can be put into place to ensure adherence by all

The more an employee knows, the greater an asset that employee is to the organization. This is the same thought process that is used when discussing the tenure an employee has with an organization. Why should an employee’s education level be any different? By increasing the professional development for an employee, and ease of access to that education, the quality of employees working within an organization will be much higher.

By instituting a Policy Communication Process, there is a set standard established that will dictate how the various policies, both existing and new, will be communicated to the employees. This will ensure continuity and establish an educational baseline for each employee.

To best achieve this, try instituting a checking process by having employees sign off on various education courses they have previously received, and continue to maintain those records for the employee. By having a sign off process in place, the organization will be able to understand which employees have had what forms of education and when the instruction was completed. This will facilitate the organization’s ability to maintain a matrix of educational deadlines, compliance mandates, and keep employees operating in a well-informed manner which helps grow the value the employees provides back to the organization.

What is Compliance & Legislation

Simply put, Compliance & Legislation Management (“C&L”) is the focal point for risk avoidance and audit response within an organization. As part of this Key Process Area, the organization prepares to respond, responds to compliance events, performs periodic internal asset discoveries, and ultimately settles non-compliance matters.

The second QSP, Defining an Audit Process, is crucial to Compliance & Legislation Management. Why is an audit process necessary within an organization? Why should ITAMs conduct internal audits? The answers are numerous and all refer back to the Compliance & Legislation Key Process Areas. By conducting and internal audit, you can accomplish several tasks necessary for maintaining legislative and vendor compliance which contributes to a successful ITAM Program. One of those key accomplishments is that by implementing an audit process, it enables the ITAM team to establish a baseline inventory for Software and Hardware assets within the organization and delivers details of those assets that can be used for budgeting purposes, license tracking and proactive compliance adherence – all of which if not managed can seriously impact the organization financially.

Quick Success Project for Defining an Audit Process

A defined audit process will enable an organization to perform audits in a controlled manner, mitigating the chaotic responses normally associated with an externally initiated or forced audit. This process will deliver defined responsibility associated with duties, communications, and authorities.

Impacts, benefits, and outcomes of this project to the ITAM Program and to the organization
  • Reduces reactive responses
    • By proactively planning for events that are normally handled reactively
  • Defines responsibilities
    • Ensuring that all tasks are completed in a timely, orderly, and accurate fashion
  • Mitigates risk
    • By communicating the information only specifically required during an audit and promotes proper communications

An organization with a defined audit process in place will be prepared to respond in a controlled, proactive manner whether the audit is external or internal. External audits pose greater risk by costing the organization both unbudgeted time and dollars. The organization can mitigate this risk by enacting a defined audit process which would allow each team member to have defined responsibilities while allowing for a proactive response to the external audit.

Defining an audit process within an organization will enable that organization to be proactive in the event of an audit. An organization that is unprepared and reactive will have an increased settlement amount and incidences of noncompliance. Defining the audit process will allow the organization to fashion an audit response team and define the responsibilities of each team member. The audit response team would be responsible for all facets of the audit and would be activated either when the audit letter is received or when the internal audit was scheduled to begin. Defining the audit process will reduce the risk of noncompliance issues for the organization.

About the Author

Before founding IAITAM, Barbara held key positions in both the financial and consulting sectors. Barbara has implemented and supervised asset tracking projects, discovery tool implementations and has been brought in as an industry expert to consult major savings and loans, universities, manufacturers and high tech industries throughout the United States. Barbara has also, successfully represented corporations in negotiations with compliance agencies for software violations. Barbara has implemented and designed disaster recovery programs for professional software testing and storage facilities including, but not limited to, off-site storage facilities, and has helped over 200 companies before forming IAITAM and successfully implemented improved software and hardware acquisition programs. As President and Co-founder of IAITAM, Barbara brings over a quarter century of industry knowledge and experience to the management of IAITAM, and provides key guidance and the entrepreneurial spirit to its staff and members.