The Roles of Governance and Management – Positioning ITAM to Support the Business

By Rodney Penny, HCSC

The maturity and permanency of any organization’s IT Asset Management (ITAM) program is highly dependent upon how well it is governed and managed. Where proper governance is in place, the ITAM program will mature and ultimately provide the organization with immense business value; in other words, the ITAM program will mature to the point that it provides the organization with the data and reporting necessary for both tactical and strategic IT decision-making.

On the other hand, when there is poor governance and/or management, or a lack of one or both, ITAM program maturity will be stymied. It will make it irrelevant and a drag an organization’s bottom line, thus making it a target for elimination, at worst; or at best, ITAM will be known simply a program that “counts” stuff.  The focus of this article is to introduce how governance and management can work together to mature an organization’s ITAM program, helping it to become the core business function that it is designed to be. This is the first of a series of articles that will be focused on governance and management functions that will create, support and mature ITAM within or without IT service management.


The main role of governance is making sure that what is being governed has a set of policies and standards from which it can operate. The object definition of a policy or standard includes “enforceable.”  Policy is worthless unless it is uniformly and consistently enforced. With this in mind, an organization’s ITAM program should be integrated into its IT service management (ITSM) governance (see ISO 2000 and ITIL Framework). Organizations that have stand-alone ITAM programs that are not integrated into ITSM will not be able to deliver on the full value that an integrated ITAM program can bring to an organization. This is where IT governance can step in and make sure that the ITAM program is connected to all of the other ITSM areas within an organization; that way, the ITAM program will be enshrined within the ITSM policies and standards, which will only need to be updated with ITAM specific policies and standards.

The role of proper IT governance cannot be understated; without proper governance, an organization’s ITAM program will not have the support that it needs to accomplish its business function. It must be remembered that ITAM is not a project or just one group of people that do ITAM “stuff,” but rather it is a core business operation that requires the cooperation of multiple areas within the IT area, finance, procurement, license management, etc. (For more information, consult the International Association of IT Asset Managers’ manuals and online resources to learn more about the twelve key process areas (KPA) that the ITAM program is based on.) Because ITAM is a program that involves many areas and multiple functions, it is important that these business areas are connected by business processes; this is the role of IT governance, to bring together the needed disparate functions that contribute to the make up the ITAM program.


ITAM programs will vary depending upon the organization’s needs, but every organization’s implementation should be recognizable to the best-practices endorsed by IAITAM for IT asset management. Good IT governance will ensure that the ITAM program connects to the rest of the business and provides said business with the value it seeks from the program. After governance of the ITAM program has been established, the next step is to operationalize it. The operationalizing of the ITAM program will involve a multifaceted approach that balances the needs of the business for IT asset data with the feasibility of achieving that data. Data, though important, is only the first step in the process of delivering what a business needs from the ITAM program. ITAM program data needs to be interpreted and analyzed in order for it to be able to support tactical and strategic decision-making. This is the role of management, collect (centralized), normalize, interpret and report on processes that generate or collect IT asset data. As well, management needs to ensure that the process areas are working together, ensuring the highest level of quality of data possible. This is done by monitoring the procedures of each of the process areas that collect IT asset data.

Proper ITAM process management is dependent upon well-defined procedures that are designed to make sure that the outputs of ITAM program addresses the organization’s ITSM and business needs. This is the difference between governance and management. IT Governance sets the guidance and framework for things to function and management sets the specific procedures that need to be followed to achieve the required business outputs. Management gets into the details of how things are accomplished within a process or workflow.

ITAM Supports the Business

So to review, IT governance determines how the ITAM program will support the business, which drives the asset data that will be collected, which then in turn drives what processes are needed to support that data requirement; this is where both governance and management of the ITAM program come together. For its part, governance should, at minimum, determine the business outputs for the ITAM program, establish the key process indicators, ratify the operational-level agreements (OLA) between process areas and provide overall program oversight. The procedures for each ITAM process are the responsibility of the management to create, build in controls, monitor and improve.

Collecting IT asset data for business functions both inside and outside of the IT department requires both proper governance and management. Governance provides the policies and standards that ITSM/ITAM should operate under. An organization’s ITAM program should not only be managed, but also governed. The next article on this subject will take a deeper dive into the role of IT governance and how it connects the ITAM program to the rest of the organization.

About the Author