Why IT Asset Management should lead a post-Covid assessment of supplier and contract risk

The pandemic forced organizations to source and ‘stand up’ new technologies (products and services) at a record pace. This was especially true at the start, when organizations needed to quickly implement remote and online capabilities for employees, as well as customers, service providers and others – whether they wanted to or not. Understandably, the standard ‘due diligence’ process as to both suppliers and contracts was reduced, or in some cases it was bypassed altogether. While this was the appropriate course of action at the time, now is the time to look back at the decisions that were made and address any potentially excessive commitments (financial or otherwise) or supplier risk that might have been introduced during the rush.

IT Asset Management (ITAM) has a leadership role in every aspect of a business, particularly when it comes to underpinning its digital transformation goals. With ITAM now poised to deliver significant value as we look towards the post-Covid recovery, now is the time for companies to address this oversight.

What risks?

Due to time constraints/urgency, organizations will have likely assumed risks and costs, possibly unwittingly, during the pandemic. Now is the time to identify these, and develop a plan to address.

  • Associated contracts: Contracts may not have gone through the typical assessment/analysis, and comparison against the organization’s standard and mandatory terms (business and legal) – particularly for new suppliers; and, may have been accepted rather than negotiated, without the customary reviews and approvals.  Additionally, contracts may have been established independent of existing contracts with the supplier – i.e., without consideration for the contract portfolio and overall supplier relationship. This may have been exacerbated if dealing with different processes and individuals on the supplier side, also affected by the pandemic.
  • Supplier viability: Customary evaluation against standard criteria may have been missed or done on a limited basis for new suppliers, such that not all risks were identified, let alone mitigated, with indeterminate consequences. A similar situation may exist for additional business with existing suppliers, particularly if also impacted by the pandemic. Additionally, the onboarding process may have been skipped or compromised, such that the supplier is not properly briefed on relevant policies and processes, again with indeterminate consequences.
  • Overspend: The organization may be paying too much for software, hardware or services purchased in a rush at the start of the pandemic, possibly without the benefit of available or negotiated discounts; or, which may not be needed post-pandemic.
  • Overcommitment: Many organizations purchased excess software, hardware or services, uncertain of future demand or supply; in some cases, that excess proved unnecessary, with the result that the organization has unused (and unusable) inventory. ViacomCBS for example recently saved over 32 percent on Zoom licenses after an internal ITAM audit found many licenses were being unused. That is just one piece of software. What other savings could be out there?

The post-Covid assessment

Organizations must conduct an assessment of all their contracts and suppliers now to identify and reduce unnecessary costs and risks. While a particular focus should be paid to new contracts that were awarded during the period of reduced due-diligence, the viability of existing suppliers should also be (re)evaluated, to identify new or changed risks caused by the pandemic.

Suggested actions include:

  • Inventory contracts (and associated products and services) established during the pandemic; identify which assessments were conducted (if any) and approvals obtained, and any deviations from standard practices.
  • Identify realized and future commitments, update applicable budgets as necessary.
  • Compare contract terms to the organization’s standard and mandatory terms; identify and address material variances.
  • Review or conduct supplier viability assessments; identify and address missing information or areas of concern.
  • Review supplier performance during the pandemic and against the contract; identify and address areas for improvement.
  • Assess usage of products and services against contract commitments and future plans, as well as value; identify and address instances of over/under usage or questionable value; if warranted, consider other options.
  • For audit purposes, obtain required approvals (legal, financial, other), albeit after the fact.

Note that it may be necessary to engage with suppliers for any or most of the above (at the appropriate time); and, recognizing that they too are (or should be) conducting a post-pandemic business assessment with potential impact to the customer organization.

Bottom line: IT Asset Management is the function best positioned to conduct (or lead) those assessments due to its reach across all organizational departments and oversight of the entire IT portfolio (estate). In cooperation with its corporate and IT partners, ITAM oversees the business aspects of IT investments, including contracts, suppliers and financials, with consideration for the entire lifecycle, as well as total-cost-of ownership. And, with the overall objectives of controlling cost, reducing risks and maximizing value/return. 

Looking beyond the post-Covid assessment

ITAM is a business-critical function which manages and optimizes an organization’s technology investments and risks. While a post-Covid assessment is an excellent place to start – especially for organizations that have yet to invest in a strategic ITAM function – this is only one aspect of ITAM’s overall value to an organization. Beyond risk management, good ITAM brings many other benefits, in particular:

  • Cost savings: If you consider that roughly a third of software is wasted or unused, regardless of whether it is desktop software, SaaS subscriptions or cloud infrastructure, ITAM typically justifies its existence by the cost savings it can deliver alone.
  • License Compliance: If a company doesn’t already have an ITAM function, they usually start one as a result of a software license compliance audit. This is where ITAM’s “bean counting” reputation stems from, since it is the one that can defend the organization against an unexpected bill resulting from a vendor audit. With The ITAM Review recently reporting that just under one third (31 percent) of IT asset managers reported an increase in software audits since the start of the Covid-19 pandemic; clearly this need hasn’t gone away.
  • Service Management: ITAM is a valuable resource in planning, costing, configuring and delivering IT services. Services are comprised of IT assets, and must consider IT asset costs, contract terms, supplier ability and risks, and more – all of which fall within ITAM’s purview.
  • Infosecurity: Historically ITAM and information security (InfoSec) have had limited cooperation and integration. By partnering with InfoSec, ITAM can help to bring much greater visibility and control over data exposures and security breaches.
  • Business agility. The more visibility you have of your assets (e.g., location, configuration, usage), the faster you can change (subject to terms in applicable contracts), and the more quickly a business can transform.

It is my view (and one of the goals of the ITAM Forum) that IT Asset Management should become a de facto business practice within every organization, in the same vein as other common disciplines such as marketing, HR, accounting etc. ITAM is an essential prerequisite for a modern, digitally-enabled business. If organizations only look to ITAM to conduct a post-Covid audit of their supplier risks, they would miss out on so much more. However, I am confident that any organization that embarks on an ITAM journey would not stop there.

Sherry Irwin, owner, Technology Asset Management

Source link