Acquisition – The Foundation for Software Compliancy – Take a Good Look at Asset Acquisition

By Rodney Penny, Health Care Service

ITAK V9 I11

Good software compliancy and IT service asset tracking begin with knowing your entitlement numbers and knowing what hardware assets you have and where they are.  The foundation for this information comes from a sound process that is followed without deviation.  The first process that truly affects the ITAM department is the acquisition process, which can be different for each organization.  There are perhaps some fundamental elements that should be common to most every organization.  This article examines the basic steps that any IT acquisition process should have in order to prove entitlement and keep track of hardware assets.   Proving proper entitlement of the defined scope is paramount when an organization is served with an audit.  Proper entitlement, along with location and usage data can also be used to help lessen an organization’s tax liability.  By properly acquiring IT assets, which includes receiving them, ITAM can play a critical role in protecting an organization from the financial implications associated with software over deployment and give the tax department the information that it needs to combat a tax audit, and to structure assets correctly to avoid paying undue taxes, ultimately saving your organization millions in taxes and potential fines.

Acquisition Management KPA

The ITAM Acquisition Key Process Area (KPA) is comprised of several steps; the request, the approval, the contract or purchase negotiation, the PO dispatch and finally the receipt of items.  The size and complexity of your organization will in large part determine whether or not all of these steps are included, but for most medium and large-sized organizations, all of the steps either should be or are part of their acquisition policy.  Therefore, a good portion of ITAM data (assets and their attributes) is gathered during the acquisition stage and is fundamental to the lifecycle tracking of IT assets.

The planning phase for IT asset acquisition is the best place to consider the importance of tracking where software will be installed or utilized.  If you belong to a company that has facilities or customers in various states, then there are considerable tax implications to where software is either purchased for installation or accessed.  Consider talking to your tax department to explore the possibility that ITAM data and processes could be used to create a better tax situation for your company.  By properly housing software, tax liability can be decreased or eliminated, based on certain state specific tax rules.  The ITAM database can be used to track locations of installed or accessed hardware and software that then can be used to provide proof for taxation purposes; along with your enterprise resource planning (ERP) platform, ITAM data can provide proof of purchase, deployment location and usage data.

The ITAM Acquisition KPA has several sub-process areas that contribute their individual work procedures to the overall acquisition management workflow process.  Going forward, this article will examine each stage in the acquisition workflow and point out the importance of each step to the gathering of ITAM data.  Keep in mind in organizations that have a very refined and mature ITAM data policy, asset data starts in the planning stages, but this article will focus on the actual acquisition of an IT asset and where in the workflow ITAM data is gathered and for what reason.  By using an IT service Management (ITSM) tool (e.g. IBM Smart Cloud Control Desk, BMC Remedy ITSM Suite, etc.), because they include an asset management database; asset attributes are collected along the acquisition process needed for the lifecycle management of IT assets once they are received.

Request

Supply management best practices teach that the more the inputs for requisitions, the greater chance for problems.  Various inputs and methods will decrease the organization’s ability to manage requests efficiently and often require multiple processes that eventually will have to be merged into one payment system.  It is far better to limit the ways that IT items can be requested; if possible a single input source is best, as long as it addresses the needs of the organization.  There is no ITAM data to be collected at this step, but the ITAM department should be consulted before an approval is gained for a software purchase.  The ITAM department can make sure that there is a need to make a purchase for more licenses by checking entitlement availability against the request, and in organizations with a mature ITAM program, application rationalization and optimization can be conducted to see if there is a close-enough product match with sufficient licenses to address the request or a license that is underutilized that can fulfill the request.

Approval

Approvals provide the authority to purchase and ensure that funding is available and/or allocated (especially for projects).  Typically, this step is done before an invoice, but after a quote.  Before a contract is signed or a negotiation is conducted funding must be in place.   An approval process should be a part of any organization, no matter the size.    There is no ITAM data to be collected at this stage, so no ITAM participation is needed in this step.

Negotiation/Contract

Every organization has an acquisition department, even if it is only one person.  The procurement or acquisition department is usually responsible for conducting contract negotiations, like licensing agreements, hardware purchasing and so forth.  This department should also be responsible for the Vendor Management KPA, vendor selection, negotiation and managing the approval process.  In this step the information necessary to generate a purchase order (PO) is captured.  ITAM data that needs to be collected here is everything that needs to go into a PO.  PO information varies by organization, but for the most part consists of everything necessary for the vendor to produce an invoice.  Everything that will spell out the pricing, quantity or the license entitlement, the unit of measure and the shipping location, amongst other important data needs to be collected and stored so that it can make its way into the asset attributes upon receiving.

Purchase Order (PO) Creation

This is the step where the asset management database or ITSM tool being integrated with the company ERP system is so important.   In this step, purchase requests (PR) are created that can be passed to the ERP system turning them into purchase orders (PO).  ERP systems like PeopleSoft and SAP do not capture the ITAM data needed for lifecycle management; therefore, if at all possible, use the asset management database to create the PR, because this data with integration can then be passed on to the ERP system for PO creation, approvals and dispatch to the vendor.  It is very important that vendors provide quotes and invoices that are alike and that these mirror the company’s POs.  This will make for easier payment processing and avoid issues that are associated with missing information that often happens during this stage of the acquisition process.  Both the previous step and this step are critical for capturing the purchasing information (asset attributes) of each asset that will populate the asset database.

 

Receiving

The receiving process is critical to IT asset tracking.  If the IT assets are received using the IT asset management database, then the assets will automatically be created and the necessary PO information will self-populate.   If not, then the PO information will have to be manually entered as part of the asset attributes necessary for lifecycle management.  The ITAM data needed here is simply that the items were received; beyond that the rest of the attributes should be entered by the administrators who, depending upon equipment type will update the asset database accordingly.  For example, a server that was received may be for the pantry, and sit on a shelf for a few weeks.  Therefore the status is something akin to “non-deployed.”  In other processes asset attributes are updated both through automation (e.g. discovery) and manual entry.

Conclusion

An IT acquisition process that is based on best practices and properly adapted to your specific organization will ensure that the proper asset attributes are captured from the approval to the receiving stage.  Every lifecycle management stage produces critical ITAM data that needs to be aggregated into the ITAM database by asset type.  Some data can be populated by discovery; the rest will have to be entered manually, which will require ITAM governance to ensure proper procedures are followed.  Either way, the more attributes that can be systematically populated gives ITAM stakeholders the information they need to make both tactical and strategic decisions.

About Novant Health AP

Rodney Penny is the IT ASSET Manager for Sun Trust Banks, Inc.