At the start of the COVID-19 pandemic, organizations rushed to buy and deploy new technology (both products and services) at an all-time high to enable working from home. Given the urgency of the moment, the usual due diligence process has been reduced, or in some cases, bypassed altogether.
While that was the appropriate course of action at the time, now that we are starting to envision a return to some form of normalcy, companies now have to reverse decisions that have been made and deal with any potentially excessive commitments. or supplier risk that could have been introduced early in the pandemic.
IT Asset Management (ITAM), an IT division that focuses solely on the management and optimization of an organization’s IT assets, is one of the business functions that is poised to play a big role in this post-COVID audit, and therefore, in our post-COVID recovery. With its role in IT spend due diligence both pre-purchase and throughout its lifecycle, ITAM is uniquely positioned to help supply chain managers expose and mitigate business chain risks. ‘inadvertent supply.
Where are the risks?
Due to time constraints and the urgency of the situation, organizations will have assumed a range of risks and costs to their supply chain, perhaps unintentionally, during the pandemic.
• Associated contracts: Contracts may not have undergone typical evaluation / analysis and comparison with the organization’s standard and binding conditions (business and legal) – especially for new suppliers; and may have been accepted rather than negotiated, without the usual reviews and approvals.
• Supplier viability: The usual assessment against standard criteria may have been missed or carried out on a limited basis for new suppliers, so that all risks have not been identified, let alone mitigated, with undetermined consequences. A similar situation may exist for additional business with existing suppliers, particularly if they are also affected by the pandemic.
• Spend too much: The organization may be overpaying for software, hardware or services purchased on an emergency basis at the onset of the pandemic, possibly without benefiting from available or negotiated discounts; or, which may not be needed after the pandemic.
• Overcommitment: Many organizations have purchased excess software, hardware or services, uncertain of future demand or supply; in some cases this excess has proven to be unnecessary, with the result that the organization has unused (and unusable) inventory. ViacomCBS, for example, recently saved over 32% on Zoom licenses after an ITAM internal audit found that many licenses were not being used. It’s just software. What other savings could be there?
The post-COVID assessment
Organizations should conduct an assessment of all their contracts and suppliers now to identify and reduce unnecessary costs and risks. While special attention should be paid to new contracts that have been awarded during the reduced due diligence period, the viability of existing suppliers should also be (re) assessed, in order to identify new or altered risks caused by the pandemic. . Suggested actions include:
• Make an inventory of all contracts established during the pandemic
• Identify completed and future commitments, update applicable budgets if necessary
• Compare the terms of the contract with the standard terms of the organization; identify and deal with significant deviations
• Review or conduct vendor viability assessments
• Review supplier performance during the pandemic and against contract
• Evaluate the use of products and services against contractual commitments and future plans
• Obtain required approvals (legal, financial, other) for audit purposes, even after the fact
Since ITAM’s overall goals are to control costs, reduce risk, and maximize the value / return on IT investments, ITAM is in the best position to conduct or lead these assessments. In cooperation with its business and IT partners, ITAM oversees the business aspects of IT investments, including contracts, vendors and finance, taking into account the entire lifecycle, as well as the total cost of ownership. As a result, it is one of the only organizational functions that already has the necessary reach across all other organizational departments, combined with its oversight of the entire IT portfolio (heritage), to manage these assessments.
Using the post-COVID assessment to establish ITAM
Organizations that have never reviewed ITAM before may find that the post-COVID assessment is also a stepping stone from which to establish a more formal ITAM function in the future. While the post-COVID assessment in itself will provide significant value in terms of cost and risk mitigation, I urge organizations to view ITAM as an ongoing exercise, not a one-time activity.
Beyond the post-COVID audit, a good ITAM will bring many other long-term benefits, including:
• Cost savings: Since about a third of software is wasted or unused, ITAM usually justifies its existence by the cost savings it can generate on its own.
• License compliance: If a company does not already have an ITAM feature, it usually starts one following a software license compliance audit. According to ITAM magazine, 31% of IT asset managers reported an increase in software audits since the start of the COVID-19 pandemic; clearly this need has not disappeared.
• Service management: ITAM is a valuable resource for planning, costing, configuring, and delivering IT services. Services are comprised of IT assets and should consider IT asset costs, contract terms, vendor capacity and risks, etc., all of which are within ITAM’s purview.
• Safety Info: Historically, ITAM and Information Security (InfoSec) have had limited cooperation and integration. By partnering with InfoSec, ITAM can help bring much greater visibility and control over data exposure and security vulnerabilities.
• Business agility. The more visibility you have into your assets (e.g. location, configuration, usage), the faster you can change (subject to applicable contract terms) and the faster a business can transform.
One of the goals of the ITAM Forum is for IT asset management to become a de facto business practice within every organization. One day, ITAM will be as common and essential to any business as its marketing, HR or IT departments. ITAM is an essential prerequisite for a modern, digital business. If organizations turned only to ITAM to perform a post-COVID audit of their supplier risks, they would miss out on much more.