What Happens When IT No Longer Governs ITAM? – Policy Management

By IAITAM

Policies are a critical success factor for the IT Asset Management program, providing controls to behavior, influence during periods of change and support for asset education and enforcement. To achieve these results, policies must be clearly defined, understandable, and enforceable. Employees should be able to readily access the policies and understand what is required of them as an employee. Ideally, policies also explain why compliance with a policy is important to the organization so that cooperation is built through that understanding.

Despite this importance, IT Asset Management has been relying on the strong coat tails of the IT department to drive the development and awareness of policies. With centralized IT, the budgetary and security policy-supported controls for all of IT make it easier for IT Asset Management to be successful. Typically, IT policies address sufficient aspects of the IT asset lifecycle and how end users interact with them to give IT Asset Management a launching pad for putting processes in place that are followed.

A New Power Distribution

However, organizations are now embracing a new set of distributed options such as end departments contracting directly with cloud vendors for applications and hardware. While IT operations are still present, their overall management of the IT solutions offered is slipping away. Without that management, IT Asset Management suddenly has a significant portfolio of assets that are not supported by the IT department. IT Asset Management must learn to stand on its own or risk not being able to maintain compliance and governance.

Policy documents differ from other documentation in that enforcement is a major element of the language and the authority for that enforcement comes from the Legal and Human Resources departments. While that authority remains intact without centralized IT, the knowledge about policies and the ability to execute enforcement transfers to the end user departments. It is unrealistic to expect overall IT to remain responsible for technology enforcement if they have not even been informed about that usage. Without an overall perspective, policies are likely to fragment and lose impact; i.e. a marketing policy about assets could be different from a procurement policy intended to govern the same action for the same device types.

With so many different policies and policy versions that are attributed to the governance of IT assets within different business units, which set is HR and Legal supposed to enforce? Which policy is the correct policy? Disjointed policy creation begets disjointed policy enforcement.

The IT Asset Manager cannot be complaisant during this shift outwards from IT and must accept the responsibility to directly support business units. This action will maintain and build the uniformity of policy language that the organization relies upon. To achieve this transition, buy-in is going to be absolutely essential. How do you build it? You have to beat the drum. Instead of relying on IT, ITAM must take action to raise awareness within departments including educating and providing services to support initiatives.

Beating the Drum

As cloud options are sold directly to departmental management, ITAM needs to step in and take responsibility for financial and contractual management. This step separates ITAM from IT in the minds of end users and establishes ITAM as a core business practice with governance over all IT assets across the organization. With this approach, buy-in and acceptance remains strong, and it is “business as usual” for the IT Asset Manager.

The changing role of IT may not yet be evident, but the possibility for this shift to happen soon is strong. With Software-as-a-Service (SaaS), Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS), cloud computing is a growing option for the organization. Business managers feel empowered to make IT decisions without considering the implications to the organization’s structure such as policies. While dedicated IT may be shrinking, ITAM needs to grow. Consider the following ideas:

  • Maintain current buy-in (communication and education) efforts: This needs to be maintained so that people see the value that the ITAM program offers to the successful use of software and hardware
  • Focus on the road less travelled: Do not rely on current processes and communication pathways. Individuals in business units may soon be contemplating handling their IT assets independently. With open conversations, you may find that this risky behavior is already underway. IT Asset Managers need to take a leadership role to protect the organization

Without a doubt, the consequences of IT no longer being the sole source of business IT have not been considered as part of the shift in solution choices. The advantages gained in reducing risk, building efficiencies and saving money are at risk if the transition happens without the guidance of those experienced in the management of IT assets. Policy confusion and proliferation is a good example of the possible consequences. Policies are foundational to controlling employee behavior and if policies fracture along departmental lines, the entire organization loses.

You have to beat the drum.

About the Author

The International Association of IT Asset Managers (IAITAM) is the largest organization providing education, certification and thought leadership to the management of IT as a business. IT Asset Management is the management of hardware, software, mobile and other technology to maximize the value to the organization.