The need for financial leadership in IT asset management.

• Author: Meehan, Robert

How often do we face a problem where the solution offers an opportunity to save more money than the cost of the solution? A ticking time bomb lies in every business and government that does not maintain precise control of IT assets. The environment for managing IT assets has changed, presenting increased financial and regulatory risks. You can no longer assume that your processes for managing IT assets are adequate. However, actual experience demonstrates that improving processes for managing IT assets can result in major cost savings. This article explores the nature of the threats and cost saving opportunities, why the finance officer should take the lead, options for addressing the threats, and the benefits and savings that can be achieved.

FINANCIAL AND REGULATORY RISKS TO AN ORGANIZATION

The very nature of IT assets makes them difficult to manage, introducing substantial risks. Let's examine the risks associated with inadequately executed IT asset management (ITAM).

Non-Compliance with Regulations and Standards

The business world faces legislation, including Sarbanes-Oxley and HIPAA, that demands controls to assure that IT assets be precisely managed to assure the privacy and security of information. While governments do not generally face all of the regulations businesses do, they increasingly face many of them. Consider OMB Circular A-123, which requires federal agencies to implement a subset of Sarbanes Oxley requirements. Even without formal regulation, good governance demands precise management of IT assets. Precise management means being in full control and optimizing the return on investment of assets, both hardware and software, throughout their lifecycles. IT assets are notoriously difficult to track and manage. Hardware is widely dispersed and frequently reconfigured, often resulting in inaccurate asset records. Software is even more difficult, existing in non-physical form as computer files.

Under-Licensed Software

Software can be easily copied, intentionally or unintentionally, and used in excess of licenses purchased, creating substantial risk. Employees can install their own personal software, music, and videos on government computers without the knowledge of management. Such activity became a genuine risk factor when the Business Software Alliance (BSA) instituted aggressive actions to investigate and enforce software license compliance. BSA was formed by leading software vendors to protect their property rights. Those same software vendors empowered the BSA to perform audits in businesses and governments believed to be non-compliant. BSA now offers $50,000 incentives to report non-compliant organizations. What organization does not have employees and others who will search for and potentially find non-compliance for $50,000?

Many organizations find themselves in this situation unintentionally. Their procurement, tracking, and deployment controls may not have been adequate; or non-compliant software use took place in separate departments where organization-wide communications on permitted usage was inadequate. Intentional or not, the organization will suffer public embarrassment as well as a significant financial penalty. If you think government is immune or your government is too small, just ask officials of a small city in Washington State. The city settled with BSA for $80,000, nearly $5 for every man, woman, and child living in the city. What's more, their story...