These two functions often get confused or combined, but defining them clearly is essential to minimise financial risks, unnecessary costs, and cyber-attack, and to seize opportunities to add greater value to the business.
The functions of Information Technology Asset Management (ITAM) and Information Technology Service Management (ITSM) are often confused, or rolled into one.
It is easy to see why, as both are dealing with software and hardware, and sometimes it can be unclear if a responsibility should sit with one or the other. For example, Configuration Items (CIs) (pieces of software or code built in-house with no vendor licence implications) are treated as a software asset within ITAM, but as a CI within ITSM.
As organisations speed into the digital future, embrace more software, tap into the cloud, and use endless devices, the potential for IT malfunctions, licence non-compliance, financial ramifications, unnecessary spend, and cyber-attack increases.
Therefore, it is important to clearly distinguish the roles and responsibilities of ITAM vs ITSM, to help to mitigate these risks.
At a high level, an ITAM function focuses on accurate inventory management – in particular Software Asset Management (SAM). SAM helps organisations to identify and track the software they are using throughout the lifecycle of the software. A good SAM function ensures licences are effectively managed, costs are controlled, and risks are identified and mitigated.
For ITSM, the key responsibility is to provide IT services to an organisation. It carries expectations of being responsive to the business, of up-keeping the IT systems and hardware, managing daily IT incidents, and deciding on a plan of attack for any critical incidents.
For example, if the system ‘goes down’, how can they minimise impact to the productivity of staff or the experience of customers?
Managing organisational risk is important to both roles – but the nature of the risks are different.
For ITAM or SAM, the focus is on the assets themselves and their associated risks. For example, compliance, licence audits, cost blowouts, privacy and cyber vulnerabilities. ITAM and SAM is also expanding into asset valuation and condition.
For ITSM the risks are largely around service delivery, such as ensuring devices and software applications are functioning, and any issues can be resolved quickly to avoid impact to productivity or sales.
Each function is uniquely valuable, and organisations that don’t have a clear distinction between the two can miss significant opportunities and potentially increase costs of operations through duplicating roles and siloed processes.
In most organisations, service management is more developed than asset management, as the direct impact on the end user is more visible.
However, as the task of effectively managing assets becomes more complex, developing it as a separate function is increasingly necessary. ITSM must focus on servicing the organisation’s IT needs, while ITAM/SAM must focus on asset inventories to ensure value is extracted from software, license compliance requirements are met, and risks are identified and mitigated.
Having clearly defined functions means each function is better placed to offer deeper insights and value to the business.
Of course, the two functions must also be aligned and have clearly defined interfaces. For example, SAM can inform ITSM if a group of assets is being underutilised, and can help it to maintain a clear audit trail. Likewise, ITSM can advise SAM when it retires hardware and the software implications of that change, to ensure the SAM data is trustworthy.
At KPMG we offer organisations support with ITAM/SAM and ITSM. We see them as separate but complementary services that work in alignment to service the business overall.
Our advisory services focus on helping organisation establish an effective ITAM/SAM or ITSM operating model that are aligned to their business objectives and uplifting their capabilities so that they can be self-sufficient.
Alternatively, we also offer a managed service for SAM – Software Asset Management as-a-Service (SAMaaS) – for organisations that just want their SAM risks and opportunities managed.
With our SAMaaS, we set up a baseline of data on an organisation’s software licenses and usage and provide ongoing oversight. We look for risks and help with risk mitigation strategies. Drawing on the data, we can assist with cost optimisation around licences, or to seize opportunities for improvement. We can also help SAM functions to embrace the data to offer much more strategic insights to the broader business.
A key starting point is to look at the overall IT operating model, and to separate ITAM/SAM from ITSM, so each function can focus on what it does best, while supporting each other, and the organisation.
You can learn about setting up a strategy for a SAM operating model, in The power of a Software Asset Management operating model.