Published: November 20 2009, 02:30 PM
by Shawn Sande

As I've grown older, I've become acutely aware that one's age and one's aversion to risk are directly proportional.  I suppose it's ironic then that I chose the topic of risk for my inaugural blog post.  Risk is pervasive.  It manifests itself in many ways and presents a limitless array of possible outcomes: What will she say if I propose?  How will this equity purchase affect my stock portfolio?  What will happen if I start this chainsaw without first reading the "Safe Use Instructions?"  And the risks you underestimate often cause you the greatest consternation, especially when managing IT assets.

Risk management is core to the mission of any asset manager, irrespective of their caste.  In my 10 years in the EAM industry, I saw how adherence to local building codes, PM regimens, MSDS guidelines, OSHA and EPA regulations and adoption of IFMA and BOMA best practices affected exposure to risk in the management of infrastructure assets and facilities.  For transportation assets, the stakes are even higher.  Conformity to maintenance schedules-warranty work, recalls, state and local inspections and NHTSA and NTSB oversight-is crucial.  In EAM, if you get it wrong, people get hurt...or worse.

The hazards are different in the world of ITAM, but it's equally important to get it right. Risk here is measured in legal, fiduciary, regulatory, strategic and operational terms, and mistakes can also be very costly, affecting your customers, your reputation and your bottom line.  In ITAM, if you get it wrong, the business gets hurt.

For IT asset managers, the perennial poster child for risk is software license compliance.  Get it right, and life's dandy.  Get it wrong, and you face the unpleasant prospect of very lengthy and costly audit and true-up cycles.  And the emphasis on license compliance isn't surprising.  Despite declines in the developed world, the BSA recently reported a four percent annual increase in global software piracy.  Intentionally or otherwise, a lot of people are still getting it wrong.

But as I noted earlier, risk manifests itself in myriad ways, and many of these manifestations are unchecked or ignored altogether.  These "shadow risks" hide in plain sight.  We know they're there, but we do little to manage them because of limited budget or bandwidth, ignorance or apathy.  Although license compliance is frequently cited as the centerpiece of ITAM risk mitigation, serious legal and financial threats may also emanate from shadow risks posed by hardware accountability, security and disposal.

In Part 2 of this series (next installment on Monday), I'll briefly address the first two of these shadow risks, hardware accountability and security.

Share this post:  Email

Share