Safeguarding Information Technology Assets
Business case:
In large corporations, there are strong governance and controls around Information technology assets. However, we can't generalize the statement. In certain companies, the system around handling of assets may be very weak resulting in losses of IT assets in terms $ value and also important information.
The IT assets, can be broadly segmented into the following categories,
Non physical assets such as enterprise license keys, user licenses, and host of others
Intellectual assets like programme coding, secured information assets, patents, copyrights and related assets
Physical assets such as laptops, mobile phones, Telecommunication devices, personal devices given to managers
What we confronted?
When we did a Business process review of a large shared services organization - IT infrastructure area, an informal conversation led us to know, 100+ laptops are being lost every year and we could not trace them.
Apart from these, there were licenses which were bought regularly, but there is no centralized tracking of enterprise & user licenses.
These process weaknesses, resulted in repeated order of valuable license keys on Enterprise applications, Project management, statistical, citrix and other licenses.
Whenever, a business requirement arises, it was again ordered without checking the past inventory - here in this case - no such inventory exists!
Case Capsule:
An organization's objective is not only to generate new revenue but also to protect from losses due to seepages. For this purpose, there should be strong governance and control over balance sheet items including Technology as well as other assets. Nowadays, technology assets are one of the key investments in service based organizations.
In this case study, the lack of governance and control of IT assets results in potential loss of intellectual properties as well as monetary loss due to missing assets, and suggests roadmap for fool proof control over Technology assets for better IT assets management.
Key issues:
Loss of $s because of loss of physical assets in the large organization
Deteriorating controls over management of assets over a long period of time
Loss of critical/Secret organizational information, which could do a long term damage to the organization's standing
Poor tracking of employee exits - No satisfactory exit information flowing between Human resources & IT infrastructure departments
The Senior Management has no information about this losses since, it is managed within the user departments and IT infrastructure area
The Questions?
Do managers are failing in their agency duties?
Is there a learning for a decentralized and large organizations?
How the finances/spend analysis does not trigger critical questions?
Does the centralized or decentralized IT assets management causes this problem?
How the company's Internal control could not find such a major lapse in the system?
How the Senior management do not have oversight or flow of information to them?
How the individual user departments are happy, despite the loss of assets over a long period of time?
Solution Implementation:
We brought in a centrallised inventory management system by deploying a 3rd party application.
A similar methodology had been brought in for enterprise license keys, User licenses, other assets such as platforms, citrix & others.
The full and final settlement will not be made to an employee unless, the assets he has taken as part of his official duties are returned and reconciled by IT infrastructure area.
Brought in a centralized bar coding system by which every asset is uniquely identified and logged into the inventory data base. The issue of assets and return of assets were tracked and reconciled through that system.
Established a strong system on employee exits. Whenever, an employee exit the company, the first information will flow to IT infrastructure department. Unless the IT infrastructure head approves, he will not be exited. This will be preceded by handing over of assests by the employee.