Home >> e-Government & Information Management >> ICT Better Practice & Collaboration >> Better Practice Checklists & Guides >> Better Practice Checklist - 24. ICT Asset Management

Better Practice Checklist - 24. ICT Asset Management

June 2007 (organisational details updated January 2008)

Download PDF of ICT Asset Management Checklist [PDF Document - 126 KB]

Introduction

The Australian Government’s total expenditure on information and communication technology (ICT) is approximately $5 billion a year1. This is one of the government’s highest agency administrative costs. The management of ICT management is a critical issue for government. Asset management is integrated with major investment decisions on infrastructure and it is important to ensure that all ICT assets are protected and monitored by means of adequate asset management procedures. ICT assets may also be associated with important and sensitive information.

All government agencies must undertake appropriate asset management as part of their internal financial and accountability policies.

Why is the Checklist needed?

This checklist has been developed in response to a Joint Committee of Public Accounts and Audit (JCPAA) recommendation in its Report No.399 that departments and agencies be assisted in establishing, maintaining, auditing and reconciling asset registers of ICT equipment.

The checklist focuses on non-technical issues relating to ICT assets and is intended to highlight key issues for agencies. The checklist draws on a range of previous material which has been reviewed and updated to reflect developments. It must be read in conjunction with the agency’s Chief Executive Instructions and therefore does not include advice on agency-specific asset management procedures.

The principles of asset management as applied to ICT assets are generally relevant to other assets owned and under the control of agencies.

Why is it important to manage ICT assets?

‘Asset management is a systematic, structured process covering the whole life of an asset. The underlying assumption is that assets exist to support program delivery’.2

From a strategic perspective, agencies should develop and implement an asset management strategy that defines the asset portfolio the agency requires to support services. The agency should identify asset related risks which affect service delivery and it identifies asset performance levels required to achieve service performance. The strategy should address whether assets will be enhanced by capital investment, maintained or disposed of to best support overall business objectives.

From a financial management perspective assets should be recorded, costed, valued and depreciated according to the accounting policies described in an agency’s financial statements and The Finance Minister’s Orders.

From an operational perspective, asset management is about recording the description and location of assets in an agency to ensure physical security is maintained and the assets continue to support the operational needs of the agency.

This checklist encompasses ICT assets including intangible ICT assets such as software. Intellectual property (IP) is not defined as an asset for this checklist.

Key resources

Australian National Audit Office (ANAO). Agency Management of Software Licensing (2001/2002) (Audit Report 27) available at www.anao.gov.au [External Site].

ANAO. Asset Management Handbook (1996) available at www.anao.gov.au [External Site].

Department Finance and Deregulation, ICT Investment Framework

Financial Management and Accountability Act 1997 (FMA Act) [External Site]

Chief Executive Instructions of each agency covered by the FMA Act.

Acknowledgements

This checklist was developed with the assistance of The Australian National Audit Office.

[1] This figure is based on Australian Bureau of Statistics 8119.0 - Government Technology, Australia 2002-03 report.

[2] Australian National Audit Office, Asset Management Handbook (1996)

How to complete the checklist

In order to complete the checklist you should refer to the requirements for each checklist question as detailed below.

Before you start

1. Understand the asset management lifecycle

The physical lifecycle of an asset has four distinct phases:

Further information on the asset management lifecycle can be found in the ANAO Asset Management Handbook (1996) available at www.anao.gov.au [External Site].

The following better practice information spans the asset’s lifecycle.

2. Become familiar with the principles of asset management

Agencies should manage assets through gaining an understanding of the principles of the asset management and associated asset life cycle. The Australian National Audit Office (ANAO) has identified the following five major principles which apply to all assets held by agencies.

 Principle 1: Asset management decisions are integrated with strategic planning
By integrating asset strategies with ICT, Human and Financial Strategic Plans, agencies create a framework which optimises the asset’s utilisation and service potential. Such integration requires agencies to convert program delivery strategies into specific asset strategies.

Principle 2: Asset planning decisions are based on an evaluation of alternatives which consider the ‘life-cycle’ costs, benefits and risks of ownership.
An evaluation of the alternatives to new asset acquisition, which includes life-cycle costs, produces a more economic, efficient and cost-effective asset acquisition framework. Estimating life-cycle costs prior to acquisition also establishes a standard which is the basis for monitoring and controlling costs after acquisition. Such costs will also include operating energy levels.

A key document for the presentation of the cost benefit analysis of options is the business case. The preparation of a business case should assist agencies to measure the cost and performance tradeoffs of alternative asset options. The on-going reference to the business case and a benefits realisation plan can help agencies achieve the required level of effectiveness throughout the life of the asset for the minimum life cycle cost.

AGIMO has published a number of practical tools and better practice links for these purposes:

• ICT Business Case Guide and Tools and Supporting Guidance No. 3 Cost Estimation
(www.finance.gov.au/budget/ict-investment-framework/two-pass-review.html)
• benefits realisation planning (www.finance.gov.au/budget/ict-investment-framework/index.html)

There are several primary sourcing options that may be considered, including:

  • buying/licensing
  • leasing
  • renting
  • sourcing or co-sharing with other agencies (including options such as open source software)
  • leasing with regular upgrades
  • private financing initiatives

Further information on the sourcing of ICT can be found in the Guide to ICT Sourcing published by AGIMO (www.sourceit.gov.au/sourceit/ict [External Site]).

Principle 3: Accountability is established for asset condition, use and performance
Although the function of asset management may be centralised with an agency’s financial management group, the control of and accountability for assets is established at the program level. All major ICT assets should be accounted for and have a nominated owner. The responsibility for implementing and maintenance of appropriate controls should be clearly assigned and documented.

Principle 4: Disposal decisions are based on analysis of the methods which achieve the best available net return within a framework of fair trading.
Effective management of the disposal process will minimise holdings of surplus and under-performing assets and will maximise the return to the Australian Government on such assets. If ICT assets are kept well past their write-off date, the opportunities for sale or re-use are diminished and the need for environmentally safe disposal is heightened. Disposal or declassification of IT media must also be done in accordance with the Australian Government Protective Security Manual available from the agency’s IT department.

Principle 5: An effective control structure is established for asset management.
A policy and procedure manual which details the requirements for effective governance of assets is complemented by an asset register information system. This system should provide the financial and non-financial information necessary to manage assets. Further information on this is provided below.

Further information on the asset management principles can be found in the ANAO Asset Management Handbook (1996) available at www.anao.gov.au [External Site].

Develop an ICT management framework

3. Have you developed policies to cover ICT asset management?

Develop policies and procedures covering asset management. The ICT management framework should be embodied within the agency’s Chief Executive Instructions. ICT assets are often incorporated into an agency’s central asset management framework, but agencies may also consider extending or enhancing their framework to cover specific ICT asset strategies.

4. Have you linked asset registers to procurement and disposal processes?

Process all ICT procurements and disposals through a centralised area to ensure those assets are appropriately included and accounted for on the asset register.

5. Have you considered environmentally friendly acquisition and disposal options?

When acquiring and disposing of ICT assets and associated consumables take into account:

• environmental considerations (for example, waste disposal, recycling programs)
• agencies’ preferred methods for disposing of ICT assets and consumables that have reached the end of their operational life or are surplus to requirements. For example, toner cartridge recycling, ex-government auction houses, data destruction processes, and waste management contractors.

The Department of the Environment and Water Resources has published green procurement guidance at: www.environment.gov.au/settlements/government/purchasing/tools.html [External Site]

6. Have you developed usage policies for notebooks and other portable equipment?

Usage policies for portable equipment need to be developed to protect these assets. Usage policies can cover:

• acquisition procedures
• borrowing procedures
• conditions and restrictions of usage (personal or at home usage)
• care of equipment
• information security
• security and network access conditions
• to whom the policy applies (for example staff, contractors, consultants).

7. Have you considered issues of system security?

Security issues to be considered for inclusion in the framework should include:

• compliance with agency security policy requirements
• ensuring that the equipment is not left unattended at any time, particularly when travelling
• undertaking risk assessment for ICT assets
• insuring assets adequately to protect the agency against financial loss arising from theft, loss or destruction
• ensuring reasonable steps are taken to secure the device in an appropriate container if the equipment is stored off agency premises
• ensuring the sensitivity of the information stored on the equipment dictate the level of classification of the container
• security clearance requirements for staff/contractors using ICT assets
• use of employee owned computing equipment
• use of agency equipment on non-agency premises
• use of non-agency equipment on agency premises
• software licensing, piracy and usage.

8. Have you considered using more advanced systems to enhance ICT asset management

Infrastructure assets and particularly ICT hardware assets typically have preventative maintenance and repair schedules. Asset management systems can effectively forecast planned expenditures, ultimately minimising maintenance costs and emergency repairs and reducing risk exposure.

Depending on the size and nature of an agency’s ICT assets and the degree of sophistication it wishes to apply to asset management, an agency may consider extending or enhancing its asset management framework. An integrated system can assist managers forecast where and when asset investments should occur by determining the asset’s life cycle, condition, criticality, and probability of failure, along with financial concerns and risk factors.

These systems also assist when planning capital and operating budgets and can assist in aligning the framework with the ICT strategic plan.

Some advanced asset management systems can record and measure an asset’s capacity, condition, cost and performance. This can assist an agency to balance the risk of maintaining the asset with its service level requirements.

9. Have you considered innovative approaches to streamline ICT asset management?

Consider the introduction of new approaches to streamline asset management such as:

• linking the asset register database and a geographic information system – to monitor location and movement of mobile assets
• using mobile equipment to assist stocktaking
• implementing tools that track software licenses and usage across the network, to optimise software purchases
• internal user charging for ICT equipment to encourage managers to make more cost-effective use of ICT and ICT solutions
• identifying added or missing equipment by electronic ‘polling’ of IT equipment attached to a LAN (Local Area Network).

The last two of these approaches are described as case studies in the ANAO Asset Management Handbook (1996) available at www.anao.gov.au [External Site].

10. Have you established a robust control framework?

A robust control framework assists in the management of ICT assets and may include:

• documenting hardware and software compliance policies
• ensuring users sign agreements which detail the conditions of use of the agency’s IT environment or asset
• effective controls over the planning and conduct of purchasing activities, including software licensing issues, to align with strategic priorities
• IT security restrictions to prevent unauthorised installation of software/access to classified data
• business continuity requirements for critical ICT assets.

Establish and manage asset registers

11. Have you identified who is responsible for management of the asset register?

Identify and document responsibilities of an officer or group who, as the Asset Manager, is responsible for maintaining and enhancing the asset register.

12. Have you established an asset register which records all physical and intangible assets?

An asset register is a database of information about tangible and intangible assets that an organisation owns or maintains.

An asset register should include purchased assets. Assets capitalised for financial reporting purposes should also have a set minimum value (for example, non-current assets may have a value of $5,000 or more).

Leased and hired assets are generally recorded separately and are usually the responsibility of the lessor. Agencies should have clauses within their lease contracts that ensure completion of asset registers and audit programs.

An asset register should also incorporate a register of portable and attractive items. These are items valued at less than $5,000 but regarded as accountable after issue. Portable or PEDs (personal electronic devices) would be included on this register. Computer hardware is usually classified in financial statements under property, plant and equipment. Purchased software and communications licenses are usually classified as intangibles.

Agencies should comply with procedures in their Chief Executive Instructions and should pay due regard to any supporting Financial Procedures, issued by the Chief Financial Officer and the Finance Minister's Orders (Requirements and Guidance for the Preparation of Financial Statements) issued for the particular financial year.

13. Have you recorded all ICT assets, excluding information assets and intellectual property, on the asset register.

Asset registers should retain the following minimum information:

• date of acquisition
• description of item
• asset serial number
• asset barcode number
• cost of acquisition and maintenance (if appropriate)
• the location of the asset
• ownership.

14. Have you established an integrated software asset register?

A software asset register provides an additional level of control over software assets and enhances the management of software licensing risks. The establishment and maintenance of a software register enables agencies to identify they have the appropriate number of licences for each item of software. Software products that can monitor software usage patterns may assist in this regard.

Central asset registers can be either extended or integrated with additional capability to identify software issues to include:

• date of acquisition
• description of software
• asset serial number
• asset barcode number
• cost of acquisition and maintenance (if appropriate)
• the location of the software
• what licences have been purchased/acquired
• when their associated maintenance is due to expire
• are there any licences that can be re-issued (for example to a new employee) or excluded for payment.

Developed software should also be classified intangible but the method for valuation is more complex. An appropriate costing system should be maintained by the agency to record all direct and indirect costs of internally developed computer software. This should include the costs of software configuration design, software interface design, coding, installation of hardware and networks, testing and parallel processing. Expenses should be recorded in the agency’s financial system as work in progress, and the total outlays transferred across to non current assets (and the asset register) at the time of commissioning.

In general, software licenses can be capitalised, (treated as an asset) and therefore depreciated over time, under the following conditions:

• the license should not contain any maintenance component
• the license period is longer than one year
• the software’s (licensed or developed) useful life is finite.

Agencies will usually have more specific policies including monetary value thresholds to determine the treatment of a software asset for depreciation purposes.

15. Have you established a personal issue items register?

Where ICT equipment (or other items) is issued to officers on a personal basis for use on agency work, a personal issue items register can track that equipment. Where equipment is used outside agency premises, staff agreements should include safe keeping of equipment and that equipment will be used predominantly for official purposes.

16. Have you developed usage policies for portable assets?

Mobile assets including notebooks, laptops, portable storage devices, mobile phones, PEDs (such as BlackBerry devices) will in most cases be recorded on a register of portable and attractive items. Usage and proliferation of these items is increasing and without adequate usage policies being adopted, they can present a significant security risk given the data they store, process or transmit. Therefore it is important that policies for mobile items be established which:

• ensure that staff acknowledge the policy and associated procedures
• provide staff with training before being allowed to use the items
• remove/disable communication functions not identified as a business requirement
• establish the need for encryption
• prevent connection of unaccredited or personally owned portable computers/PEDs to agency networks.

Further assistance can be found in Use of Blackberry Better Practice Guidance, available at www.finance.gov.au/publications/protective-markings-and-blackberry-devices-guidance/index.html

17. Have you developed stocktake procedures to maintain and reconcile asset registers?

A stocktake verifies that physical resources under the control of the ‘owner’ are in use and are fully accounted for. A stocktake should produce the following reports, which help to inform decisions about asset disposal, replacement, cost allocation or further investigation:

• surplus items available for reallocation or disposal
• unserviceable and obsolete items report
• discrepancy report (discrepancies between the asset register and the physical stocktake)
• completed stocktake report.

Stolen, lost or damaged assets should be reported to the asset manager as soon as possible. There should also be appropriate and timely follow-up of any exceptions, including report sign-off at senior management level.

Agencies should comply with procedures in their Chief Executive Instructions.

Audit ICT assets

Effective ICT asset management requires a monitoring process to provide systematic and timely reporting of compliance, and performance to enable prompt asset-related decision making.

18. Have you monitored compliance with policies and standards?

Asset management is subject to appropriate internal – and from time to time external – auditing of compliance with policies, procedures and legislation. There should also be regular reviews of internal policies, to test their currency and adequacy.

19. Have you monitored software compliance?

Undertake periodic software compliance audits and employ different audit strategies, including periodic, unannounced spot-checks of software installed on agency personal computers to ensure that preventive controls are effective.

20. Is there an asset performance regime in place?

Asset management can inform planning, procurement, service delivery and disposal by measuring the availability, reliability, maintainability and capacity performance of an asset. The measurement of performance is normally delegated to the owner of the asset but sound and consistent practices for measuring performance should be employed across the department or agency.

The Performance Indicator Resource Catalogue a useful way of identifying and describing performance measurements for ICT assets. Once the appropriate indicators have been identified they can be incorporated into a benefits realisation plan or other asset performance audit.

The catalogue as well as a range of better practice guides and links is available at
www.finance.gov.au/budget/ict-investment-framework/index.html.

Better Practice Checklist

In general

checkbox.gif Do you understand the asset management lifecycle?

checkbox.gif Are you familiar with the principles of asset management?

Develop an ICT management framework

checkbox.gif Have you developed policies to cover ICT asset management?

checkbox.gif Have you linked asset registers to procurement and disposal processes?

checkbox.gif Have you considered environmentally friendly acquisition and disposal options?

checkbox.gif Have you developed usage policies for notebooks and other portable equipment?

checkbox.gif Have you considered issues of system security?

checkbox.gif Have you considered using advanced systems to enhance ICT asset management?

checkbox.gif Have you considered innovative approaches to streamline ICT asset management?

checkbox.gif Have you established a robust control framework?

Establish and manage asset registers

checkbox.gif Have you identified who is responsible for management of the asset register?

checkbox.gif Have you established an asset register which records all physical and intangible ICT assets?

checkbox.gif Have you recorded all ICT assets, excluding information assets and intellectual property on the asset register?

checkbox.gif Have you established an integrated software asset register?

checkbox.gif Have you established a personal issue items register?

checkbox.gif Have you developed usage policies for portable assets?

checkbox.gif Have you developed stocktake procedures to maintain and reconcile asset registers?

Audit ICT assets

checkbox.gif Have you monitored compliance with policies and legislation?

checkbox.gif Have you monitored software compliance?

checkbox.gif Is there an asset performance regime in place?

Other Better Practice Checklists

  1. Providing Forms Online
  2. Website Navigation
  3. Testing Websites with Users
  4. Use of Cookies in Online Services
  5. Providing an Online Sales Facility
  6. Use of Metadata for Web Resources
  7. Archiving Web Resources
  8. Managing Online Content
  9. Selecting a Content Management System
  10. Implementing a Content Management System
  11. Website Usage Monitoring and Evaluation
  12. Online Policy Consultation
  13. Knowledge Management
  14. Designing and Managing an Intranet
  15. Information Architecture for Websites
  16. Implementing an Effective Website Search Facility
  17. Spatial Data on the Internet
  18. Digitisation of Records
  19. Access and Equity Issues for Websites
  20. Marketing E-government
  21. ICT Support for Telework
  22. Assistive Technology for Employees of the Australian Government
  23. Decommissioning Government Websites
  24. ICT Asset Management
  25. Managing the Environmental Impact of ICT

Download PDF of ICT Asset Management Checklist [PDF Document - 126 KB]

Contact for information on this page: AGIMO Better Practice Team

Back to top

Last Modified: 16 September, 2009