The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

Business planning and reporting are the weakest ITAM disciplines

The 12 Box Model from The ITAM Review, all of the People, Process and Technology competencies for a modern ITAM department.

We’ve just had our 200th organization go through our online 12 Box Maturity Assessment – so I thought I’d share the average scores across the 12 competency areas.


The 12 Box Model from the ITAM Review is a framework for understanding ITAM and assessing the maturity of your organization. The maturity model test is FREE and available here.

The 12 competency areas are explained in detail with practical examples and case studies in Practical ITAM the book.

Two hundred organizations have completed the self-assessment, which involves evaluating five statements for each of the 12 competency areas. On average it takes 21 minutes to complete.

People, Process and Technology

The 12 competency areas span People, Process and Technology ITAM requirements. Across 200 organizations the average respondent is better at Process, followed by Technology, with People very close behind.

Best and Worst

As per the diagram below – Strongest competencies across the 12 areas were Dependencies and Transition. We’ve discussed this at our UK conference in the past, suggesting strength in dependencies and transition might be because of strong ITSM processes in this area that ITAM is benefitting from. Entitlement and Inventory were also stronger, the bread and butter of any ITAM practice.

Average scores in descending order

Reclaim is weak, which is quite disappointing given it underpins one of the biggest areas for ROI in ITAM – by clawing back unused hardware and software. Reclaim of software is difficult to execute without good technology, permissions and resources to actually remove software.

Verification is also weak, suggesting that organizations are leaving themselves exposed to being undermined by a third party (Internal audit, stakeholder, or outside auditor) which may blow holes in their data.

Weakest of all across 200 organizations were planning and reporting. Reporting is key to demonstrate progress, keep the team motivated, keep stakeholders engaged and demonstrate execution to the “Authority”. Without a good business plan and reporting, ITAM teams run the risk of running out of steam and losing senior management attention.

What do you think? Why are planning and reporting so weak compare to the other ten disciplines? Please leave a comment with your ideas.

About Martin Thompson

Martin is owner and founder of The ITAM Review, an online resource for worldwide ITAM professionals. The ITAM Review is best known for its weekly newsletter of all the latest industry updates, LISA training platform, Excellence Awards and conferences in UK, USA and Australia.

Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.

He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.

Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).

When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.

Connect with Martin on LinkedIn.


  1. These levels of maturity coincide with what we have experienced consulting in the ITAM /ITAD /Sam disciplines over the past 25 years. In the early 90’s when ITAM was closely tied to leasing (early distributed ITAM systems mostly were created by leasing firms I.e., Comdisco, GE Capital) reporting and planning were front and center. Then came a more IT operations orientation and a view that the System handled everything. This seemed to disconnect ITAM from its more business oriented roots and made it a technical discipline. Not a bad thing but a reorientation of the Drucker based principles on resources being the basis of enterprise success. Enter ITIL and the push to process (although the elders in the ITAM game saw process as king before that). But ITIL initially ignored ITAM then relegated to a sub discipline. IMHO it should have been the primary discipline (again I’m a Drucker disciple). While reporting was a key element of all processes the kind of reporting in ITSM was not focused on the asset, but on Incident, problem and change handling statistics, justifying roles. Enter the age of regulatory compliance, audits and complex licensing and the focus is returning to planning, ROI, analytics and reporting. The maturity levels for reporting and planning now are representative of where ITAM sits in the organization, still often segmented away as technical, instead of being seen as the business of technology. Reorient and resituate the ITAM organization and its role and those maturity levels will grow. The work of organizations like IAITAM, the ITAM Review and some of those elders still consulting are where the future of these competencies.

  2. Deborah says:

    I would agree with this however as ITAM is relatively a new function in a lot of business do you think this could be a cause due to it not being fully embedded within the business?
    Our ITAM function is relatively new, some functions within the process were already working well and continue to do so. The new areas have been deployed but need cleansing before reclamation can take place.

    Reporting and stakeholder updates are essential. Reporting provides evidence of improvements and how far along the roadmap you currently are. This does along with key risks needs reporting back.

    For example highlighting a risk of an audit with a notorious aggressive software vendor to stakeholders and giving them the evidence of non compliance backed up with the estimated cost of the non compliance gives ITAM as a function a voice that is then taken seriously with stakeholders

Leave a Comment