IT Asset Management

Report
IT Asset Management
Asset Management Strategies
in a Changing World
Norman Pugh-Newby, CPPA
September 2013
IT Asset Management – Definition & Objectives
IT Asset Management (ITAM)
• The integrated management of an organization’s IT asset inventory, policies, processes,
tools, and resources in order to support life cycle management of Information Technology
assets
Objectives:
• Establish and maintain physical accountability of IT assets
• Allocate assets as efficiently and productively as possible
• Provide accurate configuration status of assets in accordance with defined standards
• Maintain full compliance with software licensing agreements
• Establish a centralized and complete asset information repository to support day-today IT operations and maintenance functions, plus IT asset life cycle management
ITAM provides visibility of IT assets and how they relate to mission needs.
1
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
IT Assets – What are They?
• IT Assets include all elements of hardware and software found in an enterprise
environment
• Consist of 6 asset categories with discrete asset contents:
2
- Facilities Cable Plant
- Server
- Facilities LHI
- Storage
- Network
- End User Devices
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
IT Asset Management – Conceptual Model
• 2 core processes (Accountability Management and Asset Operational Management)
• 4 interfacing processes (Financial Management, Procurement, Configuration
Management and Assurance Management)
• The interfacing processes collaborate with each of the core processes
• Each of these core and interfacing processes are supported by a number of subprocesses described in the diagram above
3
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Core Process: IT Accountability Management
Accountability Management
•
•
•
•
4
Discovery
Inventory Operations
Supply Discipline
Asset Database Audit
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
IT Asset Accountability Management
• IT Asset accountability management is the process of establishing and maintaining
accurate accountability records of the IT assets under your control
- Managing IT asset costs requires tracking IT assets across the entire asset lifecycle
until they are no longer of capital or regulatory value.
• Effective asset accountability management requires the support of automated tools
- 3 distinct types of automated tools are typically used to support an effective asset
accountability program:
1. Auto-discovery
2. Repository
3. Usage
5
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
IT Asset Discovery
Discovery is the process of identifying all the IT assets that are in the network
• Assets are typically comprised of servers, network equipment, storage devices,
computers, printers, monitors, external peripherals, cable, and leasehold improvements
• The discovery of IT assets can be automated via the use of auto discovery tools which
generally work in two distinct methods:
- Agentless Tools: Agentless tools discover network devices automatically by scanning
an Internet Protocol (IP) address range
- Agent-based Tools: Agent-based tools require the installation of an agent on the
networked device
• One pitfall of auto discovery tools is that they are often encumbered by firewalls or
governing security policies
6
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Inventory Operations
• Inventory is the periodic and systematic counting and verification of the total assets on
hand. Some key business management benefits of the inventory function include:
- Maximizing use of existing assets resulting in a lower overall inventory cost
- Minimizing operating support costs
- Maintaining compliancy with regulatory guidance
• The inventory is housed in a repository tool which consolidates the physical IUID, serial
number, model number, financial (e.g., purchase price, depreciation and book value) and
contract (e.g., terms and conditions, warranties, service levels and entitlements)
information associated with enterprise IT assets
• Inventory repositories facilitate a full-service approach to IT asset life cycle planning,
including implementation, management processes, retirement, and disposal
• Discovery tools feed information into the repository tool
• Repository tool typically integrated with Software Usage Tool (SUT) which maintains an
inventory of software usage
7
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Supply Discipline / Asset Database Audit
Supply Discipline is a process by which IT asset managers hand receipt property down to
the lowest level user to establish responsibility and then manually inventory the assets
periodically to confirm and sustain accountability. Key roles and responsibilities should
include the following:
• Asset Managers
- Asset Managers have responsibility for ensuring that all personal property is properly
maintained, safeguarded, accounted for and accurately reported
• Accountable Property Officers
- Individuals who, based on their training, knowledge, and experience in property
management, accountability and control procedures, are appointed by proper authority
to establish and maintain an organization’s accountable property records, systems,
and/or financial records
• Property Custodians
- Individuals who are appointed by the Accountable Property Officer who accepts
custodial responsibility for property, typically by signing a hand receipt
• Asset Database Audit Process
- On a regular basis, an audit of the assets in the repository tool data base should be
conducted via reconciliation with the Accountable Property Officer records
8
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Core Process: IT Operational Management
Operational Management
•
•
•
•
9
IT Operations Management
Service Desk Management
Technical Management
Vendor Management
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Asset Operational Management
• The purpose of Asset Operations Management is to coordinate and carry out the day to
day activities associated with IT Asset Management
• High level activities include functional management of the following elements involved in
making the system in its entirety work together:
- People
- Processes and procedures
- Technology
- Data elements
10
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
IT Operations Management / Service Desk Management
• IT Operations Management is responsible for the execution of operational processes
that are necessary to manage the IT asset lifecycle.
• The processes below are responsible for monitoring business requirements and
coordinating the appropriate resources to meet organizational needs:
- Software License Management
- Change Management
- Problem Management
- Capacity Management
- Availability Management
• Service Desk management is the primary point of contact for users when there is a
disruption in the operation of an IT asset
• The Service Desk also serves as a point of coordination between different IT groups in an
organization when the need arises
11
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Technical Management / Vendor Management
Technical Management
• Responsible for making sure IT assets ate placed into service with the most resilient and
cost effective technology available
• Diagnose and resolve complex technical issues beyond the capability of the service desk
• Serve as guardian of technical knowledge for design, testing, operation and optimization
of IT assets
Vendor Management
• Responsible for making sure that appropriate access is available to contract support for all
IT assets to include replacement equipment for assets reaching end of life
• Responsible for ensuring that contractual performance requirements are met
12
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Interfacing Process: IT Financial Management
Financial Management
•
•
•
•
13
Expense Forecasting
Investment Decisions
Charge-back
Policy Compliance
•
•
•
Cost Allocation/Tracking
Depreciation
Business Case Analysis
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Financial Management
Financial Management
• The process used to plan and manage cost allocations across departments for asset
procurement, maintenance, and related services
• It enables control and accountability for spending at the organizational and
departmental levels, based on actual need
• Aids in reducing waste and increasing efficiencies in spending and usage associated
with assets and services
Financial Management includes:
• Expense Forecasting – labor and asset resources needed for baseline plan
• Investment Decisions – based on framework of costs vs. benefits
• Charge-back – charging IT costs back to the using departments
• Policy Compliance – e.g., DoD FMR Vol 4, Ch 6, Accounting for PP&E
• Cost Allocation/Tracking – Supports cost control and governance.
• Depreciation – Allocates cost over useful life of assets
• Business Case Analysis – Foundational analysis for justifying IT investment $$$
14
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Interfacing Process: IT Procurement Management
Procurement Management
•
•
•
15
Requirements Determination
Acquisition Process
Ordering
•
•
•
Contract Management
Strategic Sourcing
Software License Management
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Procurement
Procurement
• The procurement function involves the acquisition of network components and services
with the following considerations to benefit the network operators and customers:
- Best possible total cost of ownership
- Right quantity and quality
- Right time
- Right place
- Right source
• The procurement process typically involves risk in either the cost or benefits and is a good
business practice to make use of economic analysis methods such as cost-benefitanalysis or cost-utility analysis
• An Information Services Procurement Library is a best practice library for the
management of IT related acquisition processes which enables:
- The customer and supplier organization to achieve the desired quality
- Constructing the request for proposal
- Constructing the contract and delivery plan
- Monitoring the delivery phase
16
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Requirements Determination
• Requirements determination is the process of determining the business justification,
requirements, specifications and approvals needed to proceed with the procurement
process
• Key processes include requirements specification, support team identification, using costbenefit analysis or other analytic techniques to justify alternatives, assessing relative risk
and benefits, and obtaining necessary approvals to proceed with the procurement process
• Key requirements planning issues that need to be addressed include:
- What are the important costs versus budget considerations?
- What will be your process for separating requirements from wants?
- How should support teams be configured and sourced for validated requirements (e.g.,
internal and external resources)?
-
17
How will you capture performance specifications and other outputs for use in later
phases such as quality management?
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Acquisition Process
• The acquisition process involves evaluating and selecting appropriate suppliers and
completing procurement arrangements for the required products and services
• The acquisition process includes identifying sourcing alternatives, generating
communications (such as RFPs and RFQs) to suppliers, evaluating supplier proposals,
and negotiating contracts with suppliers
• Key considerations for the IT Asset Manager include:
- Provide input to the contract language to require vendors to provide key information
needed to help create complete records for the assets when they arrive, for example:
Purchase price; Complete asset description; Manufacturer; Model; Serial number; and
Warranty expiration date.
- Use available information from the acquisition documents to prepare skeletal records
for the assets to facilitate tracking of the acquisition process and rapid completion of
the asset records when the assets arrive.
18
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Ordering
• IT Asset managers should understand the ordering process and be able to use the
ordering system to validate that the right number and type of components were
ordered
• The ordering system should offer certain capabilities:
– Deliver requisition, quotation, vendor, purchase order, and contract information to
allow ordering personnel to proactively plan work and systems delivery
– Streamline the ordering, payment, and invoicing process and utilize a common data
model so that data can be shared among order and invoice tools and applications
– Provide a process for working and updating Order Modifications
19
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Contract Management
• Contract management can be summarized as the process of systematically and efficiently
managing contract creation, execution, and analysis for the purpose of maximizing
financial and operational performance and minimizing risk
• Contract management should ensure that products and services covered under the
contract are provided in the required quality and quality, and within the prescribed
timeframes
• Understanding, predicting and being able to effectively mitigate risk are critical to
effective contract management
• Help yourself to mitigate risk by creating a historical database with details of critical
issues associated with previous contracts such as:
- Real costs and duration versus budget and planning schedule
- Problems/solutions to include contract decision point challenges
- Effectiveness of suppliers and delivery plans
- Quality of supplies and services
20
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Strategic Sourcing
• Strategic sourcing is an objective-driven procurement process that can systematically
improve and evaluate purchasing activities
• A strategic sourcing methodology contributes to optimization of the procurement
process by taking the following steps:
- Analyzing current spends (what is procured and where)
- Identifying internal requirements (quality requirements, product specifications,
service expectations)
- Analyzing the market (market conditions, supply base, emerging products)
- Develop/Implement strategy (best suppliers given supply/demand/risk factors,
managed negotiations, contract award, track performance metrics)
•
21
The IT Asset Manager plays a key role in the strategic sourcing methodology by
leveraging information used in the ITAM process
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Software License Management
• The effective procurement and management of software licenses is an important special
area of procurement management
• The IT Asset Manager has the critical information required to support effective
procurement and management of software licenses
• Software license management requires an understanding of where licenses are
consumed (Software Usage Tool), identifying potential savings, and aggregating costs
• An important goal of Software License Management is to eliminate software
overbuying and illegal use
• Failure to harvest licenses for reuse or to ensure license compliancy leads to software
overbuy and/or illegal deployment
• Reports available in the IT Asset Management repository tool should include software
compliance
22
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Interfacing Process: IT Configuration Management
Configuration Management
•
•
•
23
Software Deployment
Monitoring
Install/Move/Add/Change
•
•
CMDB Maintenance
Support Operations
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Configuration Management
•
Centralized configuration management provides IT system managers with control over
the operating system and application settings of each end-point system and is a key
element of network security and compliance
Key sub-processes include:
Configuration Management Database (CMDB)
•
•
Center piece of effective configuration
management.
Provides centralized asset and configuration
information to support the configuration
management process
Software Deployment Management
•
•
Monitoring
•
•
24
As IT assets become incorporated into an IT
infrastructure, IT operations systems
continually monitor the health of these
systems, support problem root cause
identification, initiate service and support
activities as needed, and validate their
effective implementation
Monitoring continues over assets’ lifecycle
Involves transmitting the right software
applications, updates and patches to the right
devises
Application dependencies should be tracked
and managed in a CMDB to determine the risk
of any software change being proposed
Install/Move/Add/Change (IMAC)
•
•
•
IT assets are sometimes moved, upgraded,
changed, and even repurposed over their
lifecycle
These changes have a configuration impact
and a cost impact
Accurate and up-to-date information in
the CMDC facilitates financial optimization
of IMAC activities
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Interfacing Process: IT Assurance Management
Assurance Management
•
•
•
25
Security Management
Information Assurance
Compliance
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
IT Assurance Management
• The purpose of all assurance functions and activities is to instill confidence in the
infrastructure that it is securely employed for all computerized transactions and
exchanges of data
• Each function within assurance seeks to accomplish this by putting in place a series of
checks, audits, process, and procedures in order to safeguard the confidentiality, integrity,
and availability of information
Security Management
•
•
•
26
Ensure any and all
security risks that have
been identified are
managed effectively, to
include resistance and
recovery from hacker
attacks
Ensure any and all
enterprise information
resources are used
appropriately.
Prove strategic direction
for all security related
activities.
Information Assurance
•
•
•
Various organizations
have their own Information
Assurance Certification &
Accreditation processes
Ensure the IT systems
meets security
requirements necessary to
connect to the
organizations network
“Authority to Operate”
provided by an
“Operational Designated
Approval Authority”
(ODAA)
Compliance
ITAM systems are required to
be compliant with a variety of
directives, regulations and
orders. Examples of these
include:
• Federal Information
Processions Standards
(FIPS)
• National Institute of
Standards & Technology
(NIST)
• Defense Information
Systems Agency (DISA)
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
IT Asset Management - Review
• 2 core processes (Accountability Management and Asset Operational Management)
• 4 interfacing processes (Financial Management, Procurement, Configuration
Management and Assurance Management)
• The interfacing processes collaborate with each of the core processes
• Effective IT Asset Management is a multifaceted inter-related process performed by
a knowledgeable and integrated ITAM team
2013 National Education Seminar / Orlando, FL
27
Copyright © 2013 Deloitte Development LLC. All rights reserved.
How Effective is Your ITAM Program?
• ITAM effectiveness normally correlated to ITAM maturity
• ITAM maturity measured using Gartner ITAM Maturity Model
• Maturity model defines five levels of ITAM maturity
- Basic
- Reactive
- Proactive
- Service
- Value Creation
• Gartner facilitate an understanding of each level by defining the characteristics of each
level with regard to people, processes, and technology.
• Reaching the Value Creation maturity level requires an iterative approach of continuous
improvement over the course of many years
• The proper planning and considerations need to be in place to leverage the requisite
ITAM tools and strategies
28
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
How Effective is Your ITAM Program?
Maturity Level
0: Basic
Notional
Starting Position
People
•
•
Process
2: Proactive
3: Service
4: Value Creation
Mature ITAM
•
•
•
Technology
1: Reactive
•
•
Estimated
Current State
Few control
•
mechanisms,
significant gaps in
•
responsibility and
accountability
•
Limited
understanding of the
scope of ITAM
ITAM team beginning to •
form
Low ITAM team
headcount
•
Focus on core
processes
(Accountability and
operations)
Little process
•
maturity and no
knowledge of what
assets are owned or
where they are
•
No centralized
configuration
tracking
ITAM processes
maturing with focus on
annual physical
inventory
Procurement functions
loosely integrated with
rest of process
•
Spreadsheets or
databases are created
to track assets
Limited use of autodiscovery tool to
supplement this data.
Basic reporting with
little detail
•
Lack of adequate
tools to track and
manage assets
Available tools
loosely integrated
Limited reporting
capabilities
•
•
•
•
ITAM team members
gaining understanding of
the full scope of ITAM
ITAM team headcount
stable and growing
•
•
ITAM lifecycle management •
processes defined and
implemented
Configuration management
stabilized
•
•
•
Software usage tool and
auto-discovery tools are
integrated with the asset
repository tool
CMDB in place
•
•
Property managers and IT
managers beginning to
understand the critical
interdependencies of their
roles on the ITAM team.
Increased level of
cooperation and
collaboration among ITAM
team members
Metrics are in place to
measure value and service
levels have been created to
meet business/ IT goals
Close integration between
processes
Inventory levels are tracked
to prevent overbuying
•
IT Assurance systems fully
operational
Reports are run frequently,
cost savings identified
•
•
•
•
•
ITAM team knowledgeable
and integrated.
Some team members have
CITAM certification.
Audits are conducted to
review the efficiency and
effectiveness of established
ITAM business processes
Quantifiable monetary value
provided to the enterprise
All operational and
accountability systems in
place and appropriately
integrated
Sophisticated monitoring
and reporting
Modified Gartner ITAM Maturity Model
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Questions?
Please Contact:
Norman Pugh-Newby, CPPA, PMP
Manager, Deloitte
(M) 240-460-4499
[email protected]
30
2013 National Education Seminar / Orlando, FL
Copyright © 2013 Deloitte Development LLC. All rights reserved.
About Deloitte
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of
member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed
description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about
for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest
clients under the rules and regulations of public accounting.
Copyright © 2013 Deloitte Development LLC. All rights reserved.
Member of Deloitte Touche Tohmatsu Limited

similar documents