There are many different maturity models for both ITAM and SAM, developed by different organisations and vendors and Snow is no different (see fig. 1 for what Snow has developed over the last year). These models are often structured in terms of number of levels, descriptions and terminology but the general principle is that they provide a way to help organizations increase their level of maturity. They are often used to identify the current state and take the organization from that point (whether it’s right at the bottom with no real idea of what’s going on and what they do or don’t have – and thus susceptible to a lot of fear, uncertainty and doubt about what the consequences might be) to the nirvana of everything being visible, under control and manageable.
Not only does a maturity model provide organizations with a way to assess their current state, but it also allows them to plot their progress as their capabilities improve.
At least that’s the theory.
So Where Does It All Go Wrong?
Well… that’s complicated. Or rather, it’s because it’s complicated. You see, these maturity models LOOK simple when you have a nice high level diagram. Some of them are just a single page with short descriptions attached to each level. However, when it comes to assessing maturity there are many areas to consider, and the gut reaction of ‘I think we’re here’ is usually partially right, but often comes with a lot of caveats.
One of the assumptions made in most maturity models is that less is more. And it is in some ways. But a three or four level model presents us with the problem of having to fit too much variation into one box. However, add too many levels and it starts to become a strategy document or implementation plan.
Where Do We Begin and End?
You’ll notice that in the model above, the line extends below ‘Level 1’ (License Compliance & Audit Management’ and above ‘Level 5’ (Digital Technology Governance).
The starting point is important because in discussions with hundreds of organizations over the years around maturity, one of the questions frequently asked about models that start with ‘Level 1’ is ‘but how do I get us ON to the maturity curve?’. While the creators of the model believe that their basic/chaos level is the start of the journey, the reality is that many organizations are starting with nothing. Or at least with nothing coherent – their starting point is trying to pull together what they have elsewhere that can help them build something that could one day form that first level of a maturity for a SAM or ITAM function.
Where we end is also important because the world around us is constantly growing and changing. When we built this new maturity model, we were thinking about why we felt a need to do something new (come along to my presentation at IAITAM ACE in San Diego on May 23rd to find out more), and were aware that this model may need to change. In fact, we’ve been tweaking it in response to customer feedback since we first shared it in March of 2018 – and the upward extension is in response to discussions about what comes next once the current top level has been achieved.
Within these parameters, users of any model need to be able to do two key things from the outset:
- Work out where they currently sit on the curve and
- Work out where they want to be.
This is what is going to inform their SAM or ITAM strategy, help them set their goals and create their plan, and guide them on their journey. But how do they do that?
Maturity assessment needs to consider several factors. Traditionally we’ve talked about ‘people, process and technology’. I’d add to that, and suggest by separating out governance and data. When most people look at maturity level descriptors their answer is that they fit into a given level of maturity in some areas (whether people, process or technology; for specific asset types; for certain vendors or even for specific products; for certain geographies; for certain legal entities) however, what’s absolutely guaranteed is that they will have different components that fit into other points on the maturity scale. This is what really complicates matters.
So maybe a more detailed assessment methodology would help? A number of these have been developed and have provided their customers with a great deal of value. Detailed maturity assessments are traditionally delivered by consultants who are able to ask questions in different ways and spend time working out what’s going on – but this is often expensive and time-consuming as they need to be on-site and carry out interviews. There has been a growth in self-assessment offerings in recent years which allow organizations to provide the information via an online tool – and while these may be less intrusive, they are often left partially completed for long periods of time as the answers are tracked down or busy people are distracted by the day-to-day demands of their role.
There probably is a happy medium between not enough questions and too many questions, but that will also depend on the organization. This needs to be balanced with asking the right type of questions. What is clear is that spending time on carrying out a comprehensive assessment of current state pays dividends well in excess of the time spend on the assessment. The more detail you have about what capabilities you have at what level and where the dependencies are, the more effective your strategy and planning will be. Having a true assessment of current state also makes it easier to articulate progress and identify issues that are preventing you from achieving your goals.
Setting Yourself Up for Success
So how do you go about setting those goals? It’s not just a case of looking at the top level of the maturity model you’ve chosen and saying, ‘I want to be there’. After all, do you NEED to be there? Nor is it relevant to look at the maturity model and think you must complete each stage sequentially to make your way to the top of the maturity scale as this may not be relevant to certain organizations. If you’re currently struggling to get on to the bottom of the curve, is that goal really realistic?
When I’ve talked and written about business cases for SAM and ITAM, I’ve emphasized the need to link the business case for investment to business goals and projects. SAM and ITAM don’t exist purely for the sake of doing SAM and ITAM. And the same goes for planning your progress along the maturity curve. What did you commit to in the business case? Where do those capabilities sit within your chosen maturity model (and they may belong in different levels)?
Map what you are committed to deliver (and if you have staged deliverables, ensure that your mapping includes dates) against your model and plot your dependencies clearly. Working out what your organisations needs from you and mapping this against a maturity model can help you to plan the journey more effectively by taking into account all the factors (people, process, technology, governance and data) that you need to get there, and provide clarification around how you do so by making the dependencies more obvious.
Why Do Organizations Struggle to Mature Their ITAM and SAM Capabilities?
Using a maturity model to plot your journey from current to future state should mean you can set realistic targets that you can deliver on in a timely manner. And more importantly, deliver outcomes in response to business need.