2.149.4 Asset Management Software Procedures 2.149.4.1 Program Scope and Objectives 2.149.4.1.1 Background 2.149.4.1.1.1 Purpose of Procedure 2.149.4.1.2 Authority 2.149.4.1.3 Roles and Responsibilities 2.149.4.1.4 Program Management and Review 2.149.4.1.5 Program Controls 2.149.4.1.5.1 Controls 2.149.4.1.6 Terms/Definitions/Acronyms 2.149.4.1.6.1 Terms and Definitions 2.149.4.1.6.2 Acronyms 2.149.4.1.7 Related Resources 2.149.4.2 Step 1 - Manage IT Asset Plan Workflow 2.149.4.2.1 Main Process Diagram 2.149.4.2.2 Entry Criteria 2.149.4.2.3 Inputs 2.149.4.2.4 Outputs 2.149.4.2.5 Exit Criteria 2.149.4.2.6 Activities 2.149.4.2.7 Roles 2.149.4.2.8 Procedure 2.149.4.2.8.1 A1 Analyze Request 2.149.4.2.8.2 A2 Review Repository 2.149.4.2.8.3 A3 Process Request 2.149.4.2.8.3.1 Cross-Functional Diagram 2.149.4.3 Step 2 - Process Acquired IT Asset Workflow 2.149.4.3.1 Main Process Diagram 2.149.4.3.2 Entry Criteria 2.149.4.3.3 Inputs 2.149.4.3.4 Outputs 2.149.4.3.5 Exit Criteria 2.149.4.3.6 Activities 2.149.4.3.7 Roles 2.149.4.3.8 Procedure 2.149.4.3.8.1 A1 Receive and Process Notifications 2.149.4.3.8.2 A2 Update Repository 2.149.4.3.8.2.1 Cross-Functional Diagram 2.149.4.4 Step 3 - Deploy IT Asset Workflow 2.149.4.5 Step 4 - Maintain IT Asset Workflow 2.149.4.5.1 Main Process Diagram 2.149.4.5.2 Entry Criteria 2.149.4.5.3 Inputs 2.149.4.5.4 Outputs 2.149.4.5.5 Exit Criteria 2.149.4.5.6 Activities 2.149.4.5.7 Roles 2.149.4.5.8 Procedure 2.149.4.5.8.1 A1 Manage Inventory Data 2.149.4.5.8.2 A2 Manage Report Data 2.149.4.5.8.3 A3 Manage Audits 2.149.4.5.8.4 A4 Update Repository 2.149.4.5.8.5 A5 Recommend Corrective Actions 2.149.4.5.8.5.1 Cross-Functional Diagram 2.149.4.6 Step 5 - Dispose IT Asset Workflow 2.149.4.6.1 Main Process Diagram 2.149.4.6.2 Entry Criteria 2.149.4.6.3 Inputs 2.149.4.6.4 Outputs 2.149.4.6.5 Exit Criteria 2.149.4.6.6 Activities 2.149.4.6.7 Roles 2.149.4.6.8 Procedure 2.149.4.6.8.1 A1 Determine IT Asset At EOL 2.149.4.6.8.2 A2 Manage Disposal Activities 2.149.4.6.8.3 A3 Update Repository 2.149.4.6.8.3.1 Cross-Functional Diagram Part 2. Information Technology Chapter 149. IT Asset Management Section 4. Asset Management Software Procedures 2.149.4 Asset Management Software Procedures Manual Transmittal May 29, 2024 Purpose (1) This transmits revised IRM 2.149.4, Information Technology (IT) Asset Management Software Procedures. Material Changes (1) IRM 2.149.4, was updated for editorial changes to: remove a decommissioned term, in order to meet the new IRS guidelines correct the Information Technology Infrastructure Library (ITIL) definition Effect on Other Documents IRM 2.149.4, dated September 30, 2022 is superseded. Audience The IT Asset Management Software Procedures is applicable to all employees enterprise-wide responsible for managing TIER 3 software, including Asset Management’s stakeholders, customers, asset owners, contractors, and vendors. Effective Date (05-29-2024) Rajiv Uppal Chief Information Officer 2.149.4.1 (05-29-2024) Program Scope and Objectives This document describes the formal process for implementing the requirements of the Asset Management Software Procedures process. It provides an operational definition of the major components of the process and how to perform each step in the process. This document also describes the logical arrangements of steps that are essential to successfully completing the process and achieving its desirable outcome. Purpose: This document describes the formal Information Technology (IT) policy for implementing the requirements of the Information Technology (IT) Asset Management Policy process. It provides the purpose, scope, authority, and mandates for institutionalizing this process. This policy establishes authority and responsibility for the performance of IT asset management throughout the IRS. It also establishes policies and procedures for management and control of hardware and software assets throughout their lifecycle. Audience: The TIER 3 Software Asset Management Policy is applicable to all employees enterprise-wide responsible for the management IT equipment, including Asset Management’s stakeholders, customers, asset owners, contractors, and vendors. Policy Owner: The office of Asset Management within Information Technology, UNS, Operations Service Support. Program Owner: Information Technology, UNS, Operations Service Support, Program Director is responsible for overseeing and managing IT assets enterprise-wide that meets the established criteria for TIER 3 software. Primary Stakeholders: All organizations, business units and employees including contractors who have inventory responsibilities are considered stakeholders. Program Goals: AM is the process responsible for tracking and reporting the value and ownership of financial assets throughout their lifecycle. AM is part of the ITIL Process. An IT asset is property or equipment that is part of the IT infrastructure, including hardware and software for IT and telecommunications data and voice that is in use, in reserve storage, or is awaiting disposal. All IRS organizations (including contractors) developing, maintaining, and controlling IT assets shall adhere to the mandates of this policy and all associated AM procedures. 2.149.4.1.1 (05-29-2024) Background The process definition laid out in the process description document further breaks down the Activities into Tasks, each of which have a complete set of attributes defined such as data and tool specifications and the role(s) responsible for executing the tasks. All proposed changes to this document must be submitted in writing, with supporting rationale, to the Information Technology, UNS, Operations Service Support, Asset Management organization. This document defines the step-by-step instructions for the activities used in the Software Asset Management procedures: Step 1 - Manage IT Asset Plan process includes the planning for information technology asset purchases Step 2 - Process Acquired IT Asset includes the processing of acquired software information technology assets Step 3 - Deploy IT Asset includes a method for deploying information technology software assets Step 4 - Maintain IT Asset includes the accountability, support, and maintenance of information technology software assets Step 5 - Dispose of IT Asset includes the end of life (EOL)/disposition for information technology software assets 2.149.4.1.1.1 (05-29-2024) Purpose of Procedure This document defines the step-by-step instructions on how to conduct the activities used to implement the Asset Management Software Procedures process in the Information Technology, User & Network Services, Operations Service Support, Asset Management organization. The purpose of a procedure document is to institutionalize and formalize the preferred method of performing tasks that staff is using. The objective is to have everyone using the same tools and techniques and follow the same repeatable steps so that the organization can quantify how well the procedure is working and train future staff members who may not currently know the routine. Ensuring consistency is a critical component for ensuring optimum efficiency. 2.149.4.1.2 (05-29-2024) Authority All proposed changes to this document must be submitted in writing, with supporting rationale, to the Information Technology, UNS, Operations Service Support, Asset Management organization. 2.149.4.1.3 (05-29-2024) Roles and Responsibilities Each process defines at least one role. Each role is assigned to perform specific tasks within the process. The responsibilities of a role are confined to the specific process. They do not imply any functional standing within the hierarchy of an organization. For example, the process manager role does not imply the role is associated with or fulfilled by someone with functional management responsibilities within the organization. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time. Name Description Asset Management Specialists - Software Manage control processes and interactions for all enterprise-wide software financial assets and associated components Develop policies and procedures related to the management of software assets as needed Monitor software usage Manage software licenses Ensure compliance with IRS software standards Reconcile software assets receipt data for verification and audit Oversee and coordinate with external/internal auditors (GAO, TIGTA, and CFO) regarding IT assets Administrate guidelines for quality reviews 2.149.4.1.4 (05-29-2024) Program Management and Review Policies outline a set of plans or courses of action that are intended to influence and determine decisions or actions of a process. Policies provide an element of governance over the process that provides alignment to business vision, mission and goals. ProcessManagement Statement: The Asset Management Process will have a single Process Owner and a separate Process Manager, responsible for implementation and ensuring adherence to the process. The process will be reviewed regularly to ensure that it continues to support the business requirements of the enterprise. The process will be designed and developed based on ROI to the business. Process metric will be focused on providing relevant information as opposed to merely presenting raw data. People Statement: Roles and responsibilities for the process must be clearly defined and appropriately staffed with people having the required skills and training. The mission, goals, scope and importance of the process must be clearly and regularly communicated by upper management to the staff and business customers of IT. All IT staff (direct and indirect users of the process) shall be trained at the appropriate level to enable them to support the process. Rationale: It is imperative that people working in, supporting, or interacting with the process in any manner understand what they are supposed to do. Without that understanding the Asset Management Process will not be successful. Process Statement: Modifications to the Asset Management Process must be approved by the Process Owner. The design of the process must include appropriate interfaces with other processes to facilitate data sharing, escalation and workflow. The process must be capable of providing data to support real-time requirements as well as historical/trending data for overall process improvement initiatives. The process must be fully documented, published and accessible to the various stakeholders of the process. The process will be reviewed on a periodic basis in order to ensure it continues to support organizational goals and objectives (continuous improvement). The process must include Inputs, Outputs, Controls, Metrics, Activities, Tasks, Roles and Responsibilities, Tool and Data requirements along with documented process flows. The process will be kept straight forward, rational, and easy to understand. Rationale: The process must meet operational and business requirements. Technology andTools Statement: All tools selected must conform to the enterprise architectural standards and direction. Existing in-house tools and technology will be used wherever possible, new tools will only be entertained if they satisfy a business need that cannot be met by current in-house tools. The selection of supporting tools must be process driven and based on the requirements of the business. Selected tools must provide ease of deployment, customization, and use. The selected tools must support heterogeneous platforms. Automated workflow, notification and escalation will be deployed wherever possible to minimize delays, ensure consistency, reduce manual intervention and ensure appropriate parties are made aware of issues requiring their attention. The tools used by this process are the following: Software Asset Management Repositories Discovery Tools Rationale: Technology and tools should be used to augment the process capabilities, not become an end themselves. 2.149.4.1.5 (05-29-2024) Program Controls Activities involved in ensuring a process is predictable, stable, and consistently operating at the target level of performance. 2.149.4.1.5.1 (05-29-2024) Controls Process controls represent the policies and guiding principles on how the process will operate. Controls provide direction over the operation of processes and define constraints or boundaries within which the process must operate: Name Description GAO, CFO and TIGTA Audits Formal inspection and verification to check whether a standard or set of guidelines is being followed, that records are accurate, or that efficiency and effectiveness targets are being met. Asset Management Policies Policies and regulations that provide guidance for managing the IT Asset Management program. Security Policies Policies to ensure the confidentiality, integrity, and availability of IT assets. Governance Governance ensures that policies and strategy are actually implemented and that required processes are correctly followed. 2.149.4.1.6 (05-29-2024) Terms/Definitions/Acronyms Definitions of Asset Management’s terms and acronyms. 2.149.4.1.6.1 (05-29-2024) Terms and Definitions The definitions listed below are some commonly used terms and provided as an aid to understanding IT Asset Management. Term Definition Agreed Life An asset is designed to perform a function at an acceptable level for a predetermined amount of time according to the manufacturer’s life cycle. It ensures that the defined services for the asset are met to provide the level of service required by the customer, in terms of quality and reliability. Artifact A work product created by a process or procedure step, e.g., plans, design specifications, etc. Asset Any resource or capability. Assets of a service provider include anything that could contribute to the delivery of a service. Assets can be one of the following types: management, organization, process, knowledge, people, information, applications, infrastructure, and financial capital. Audit Formal inspection and verification to check whether a standard or set of guidelines is being followed, that records are accurate, or that efficiency and effectiveness targets are being met. An audit may be carried out by internal or external groups. Depot A centralized storage area for In Stock IT equipment. Certification Issuing a certificate to confirm compliance to a standard. Certification includes a formal audit by an independent and accredited body. Entry Criteria The elements and conditions (state) necessary to trigger the beginning of a process step. Exit Criteria The elements or conditions (state) necessary to trigger the completion of a process step. Hardware Asset Property meeting certain financial and security criteria that is part of the information technology infrastructure and represents a physical piece of computing electronic equipment. Incident The Enterprise Service Desk logs and tracks reported incidents. The incident will be assigned to a service provider for resolution. Information Technology (IT) The use of technology for the storage, communication, or processing of information. The technology typically includes computers, telecommunications, applications and other software. The information may include business data, voice, images, video, etc. Information technology is often used to support business processes through IT services. Information Technology Infrastructure Library (ITIL) A set of best practice guidance for IT service management. ITIL consists of a series of publications giving guidance on the provision of quality IT services, and on the processes and facilities needed to support them. IT Asset Property or equipment that is part of the information technology infrastructure, including hardware and software for IT and telecommunications data and voice that is in use, in reserve storage, or is awaiting disposal. IT Asset Lifecycle A series of states connected by allowable transitions. The set of business practices that join financial, contractual, and inventory functions to support the management from acquisition to disposition for hardware and software found in the IT environment. IT Asset Plan A tactical plan for managing an organization's infrastructure and assets to deliver an agreed standard of service. IT Equipment Profile The standardized list of IT equipment given to each employee based upon their occupation in the IRS. License Position An organizational view, which identifies whether software is under-licensed (at risk of a compliance audit) or over-licensed (wasting money on unnecessary software purchases), assisting in managing license compliance. Move/Add/Change A Service Request is submitted to document the status (location/assignment/user) of any piece of hardware (IT asset). It is used to update the repository. Process A structured set of activities designed to accomplish a specific objective. A process takes one or more defined inputs and turns them into defined outputs. A process may include any of the roles, responsibilities, tools, and management controls required to reliably deliver the outputs. A process may define policies, standards, guidelines, activities, and work instructions if they are needed. Process Owner A role responsible for ensuring that a process is fit for purpose. The process owner’s responsibilities include sponsorship, design, change management, and continual improvement of the process and its metrics. This role is often assigned to the same person who carries out the process manager role, but the two roles may be separate in larger organizations. Quality Reviews Quality reviews ensure compliance to asset management policies. RACI (Responsible, Accountable, Consulted, and Informed) This model is used to help define roles and responsibilities, instructions for the activities used in the Hardware and Software Asset Management procedures Recipient The point of contact (POC) receiving the IT asset. Request for Change (RFC) A formal proposal for a change to be made (work request). An RFC includes details of the proposed change, and may be recorded on paper or electronically. The term RFC is often misused to mean a change record, or the change itself. Rogue Asset An unmanaged asset which appears amidst a population of managed assets. This can happen as a result of non-compliance with the policies concerning asset control and barcoding. Service Request A request from a user for information, or advice, or for a standard change or for access to an IT service. For example, to reset a password, or to provide standard IT services for a new user. Service requests are usually handled by Enterprise Service Desk, and do not require an RFC to be submitted. Software Asset Property meeting certain financial and security criteria that is part of the information technology infrastructure and software installed on personal computers, laptops, desktops, servers, mainframes, network, and mobile devices. TIER 3 Software (Micro) Personal computers such as Desktop PC, Laptop PC, etc. Tool Job aid for a specific purpose, e.g., checklist, template, application, etc. 2.149.4.1.6.2 (05-29-2024) Acronyms The abbreviations and acronyms include an alphabetical listing of some commonly used terms in IT Asset Management. Acronyms Definition ACIO Associate Chief Information Officer AM Asset Management ARM Asset Management Report CFO Chief Financial Officer CMMI Capability Maturity Model Integrated COE Common Operating Environment CTO Chief Technology Officer EOL End of Life FMSS Facilities Management and Security Services (formerly Real Estate and Facilities Management (REFM)) GAO Government Accountability Office IRM Internal Revenue Manual IRS Internal Revenue Service IT Information Technology ITIL Information Technology Infrastructure Library ITSM Information Technology Service Management PD Process Description PMI Project Management Institute POC Point of Contact PR Procedure RACI (Responsible, Accountable, Consulted, and Informed) This model is used to help define roles and responsibilities, instructions for the activities used in the Hardware and Software Asset Management procedures RFC Request For Change ROI Return On Investment SAM Software Asset Management TIGTA Treasury Inspector General for Tax Administration UNS User & Network Services 2.149.4.1.7 (05-29-2024) Related Resources The following lists the regulatory documents that validate the Asset Management Policy: Public Law 89-306, Automated Data Processing Equipment Office of Management and Budget (OMB) Circular A-123, Management’s Responsibility for Internal Controls Treasury Department Publication 32-01, Accounting Principles and Standards OMB Circular A-127, Financial Management Systems Public Law 101-576, Chief Financial Officers Act of 1990 Executive Order 12999, Educational Technology: Ensuring Opportunity for All Children in the Next Century Public Law 104-106, Clinger-Cohen Act of 1996, formerly Information Technology Reform Act of 1996 IRM 1.2.1 - Servicewide Policy Statements and IRM 1.2.2 - Servicewide Delegations of Authority, to see information technology activities such as Policy Statement 2-93 (formerly P-1-229) Delegation Order 1-41 Delegation Order MITS-2-1-1, Authority to Approve IT Resources Policies and Procedures Memorandum No. 46.5, Evidentiary Documentation in Support of Receipt and Acceptance IRM 10.8, Information Technology(IT) Security IRM 1.14.4, Personal Property Management, Facilities Management and Security Services IRM 1.35.6, Administrative Accounting, Property and Equipment Accounting IRM 2.21, Shopping Cart Processing for Information Technology Products and Services IRM 1.15, Records and Information Management IRM 6.800, Employee Benefits IRM 2.127, Testing Standards and Procedures National Institute of Standards and Technology Special Publication 800-53, Recommended Security Controls for Federal Information Systems and Organizations (Aug. 2009) Treasury Directive Publication 85-01, Treasury IT Security Program (Nov. 3, 2006) Executive Order, Department of the Treasury Directive 85-02, Software Piracy Policy (May 4, 2010) Executive Order 13103 (Sep. 30, 1998), Computer Software Piracy Executive Order 13589, Promoting Efficient Spending (Nov. 09, 2011) Public Law 113-291, National Defense Authorization Act, Federal Information Technology Acquisition Reform Act, (FITARA) (Dec. 2014) “OMB issued Memorandum M-16-12, dated June 2, 2016:” Improving the Acquisition and Management of Common Information Technology: Software Licensing Public Law 114-210, Megabyte Act of 2016, Making Electronic Government Accountable by Yielding Tangible Efficiencies Act of 2016 (July 29, 2016) Asset Management - Enterprise-wide Software User Guide Asset Management - UNS Software User Guide Asset Management - Hardware User Guide General Services Administration Bulletin Federal Management Regulation (FMR) B - 34, Disposal of Federal Electronic Assets Memorandum, dated July 26, 2011 and signed by CTO for IRS Computer Room and Ownership and Management which assigns ownership of all Computer Rooms to Enterprise Operations 2.149.4.2 (05-29-2024) Step 1 - Manage IT Asset Plan Workflow A workflow consists of Activities and Tasks, Inputs and Outputs, Roles, and Flow Diagrams. It describes the tasks, procedural steps, organizations or people involved, required input and output information, and tools needed for each step of the process. 2.149.4.2.1 (05-29-2024) Main Process Diagram This step does not have a Main Process Diagram, only Cross-Functional Diagram. Step 1 - Manage IT Asset Plan outlines the steps required to plan for new IT asset purchases or replacement of existing IT assets. 2.149.4.2.2 (05-29-2024) Entry Criteria Generally, Step 1 - Manage IT Asset Plan - Software procedure occurs after the following events: Approved Request for IT Asset New technology 2.149.4.2.3 (05-29-2024) Inputs Process inputs are used as triggers to initiate the process and to produce the desired outputs. Users, stakeholders or other processes provide inputs. The following is a list of inputs for this process: Name Description Supplier Service Request A request from a User for information, or advice, or for a Standard Change or for Access to an IT Service. Request Fulfillment Incident An unplanned interruption to an IT Service or a reduction in the Quality of an IT Service. Incident Management RFC/Work Request A formal proposal for a change to be made (work request). An RFC includes details of the proposed change, and may be recorded on paper or electronically. Change Management Budget Information The financial data used to support the IT Asset Plan (e.g., Investment Management and Spending Plans). IT Financial Management IT Asset The property or equipment that is part of the information technology infrastructure, including hardware and software for IT and telecommunications data and voice that is in use, in reserve storage, or is awaiting disposal. Strategic Supplier Management, Asset Management 2.149.4.2.4 (05-29-2024) Outputs Each process produces tangible outputs. These outputs can take the form of products or data and can be delivered to a user or stakeholder, or, they can be used as inputs to other processes. Outputs are measurable in terms of quantity and quality. Name Description Recipient IT Asset Plan A tactical plan for managing an organization's infrastructure and other assets to deliver an agreed standard of service. Strategic Supplier Management, IT Financial Management RFC/Work Request A formal proposal for a change to be made (work request). An RFC includes details of the proposed change, and may be recorded on paper or electronically. Change Management Budget Information The financial data used to support the IT Asset Plan (e.g., Investment Management and Spending Plans). IT Financial Management Knowledge Article The shared information or instructions contained in a centralized database. Knowledge Management, Stakeholders 2.149.4.2.5 (05-29-2024) Exit Criteria Step 1 - Manage IT Asset Plan - Software procedure is exited when: Submitted requests have been incorporated into an IT Asset Plan 2.149.4.2.6 (05-29-2024) Activities An activity is a major unit of work to be completed in achieving the objectives of the process. A process consists of a sequence of related activities that transforms inputs into outputs and performed by the roles defined in the process. Identify the activities in the process and provide a brief description. The activities must correspond with the high-level process flow diagram above. ID Name Description A1 Analyze request Analyze and gather request information for future needs. A2 Review repository Analyze repository data for availability of IT asset. A3 Process request Manage IT asset inventory levels. Additional instructions for the following steps are found in the Software Asset Management – User Guides at the UNS, Operation Service Support Hardware Asset Management SharePoint site, see the following section for IRM Policies and Procedures: https://irsgov.sharepoint.com/sites/ossamweb/Pages/IRM-Policies-and-Procedures.aspx. 2.149.4.2.7 (05-29-2024) Roles Each process defines at least one role. Each role is assigned to perform specific tasks within the process. The responsibilities of a role are confined to the specific process. They do not imply any functional standing within the hierarchy of an organization. For example, the process manager role does not imply the role is associated with or fulfilled by someone with functional management responsibilities within the organization. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time. Name Description Asset Management Specialists - Software Manage control processes and interactions for all enterprise-wide software financial assets and associated components Develop policies and procedures related to the management of software assets as needed Monitor software usage Manage software licenses Ensure compliance with IRS software standards Reconcile software assets receipt data for verification and audit Oversee and coordinate with external/internal auditors (GAO, TIGTA, and CFO) regarding IT assets Administrate guidelines for quality reviews 2.149.4.2.8 (05-29-2024) Procedure Procedure Graphs. 2.149.4.2.8.1 (05-29-2024) A1 Analyze Request Analyze and gather request information for future needs. ID Task Name and Description Role RACI Duties A1.1 Receive and validate request This task includes receiving purchase requests and renewals to verify that software is approved for use in the environment. Stakeholders R Submit purchase requests and renewals for review Asset Management Specialists - Software C Review purchase requests and renewals A1.2 Provide recommendations Asset Management Specialists - Software respond to stakeholders with approval or denial of purchase requests. Asset Management Specialists - Software R Review information and provide response Stakeholders I Informed of recommendations 2.149.4.2.8.2 (05-29-2024) A2 Review Repository Analyze repository data for availability of IT asset. ID Task Name and Description Role RACI Duties A2.1 Receive request This task includes receiving/acknowledging Service and RFC/Work Requests. Asset Management Specialists - Software Stakeholders R C Acknowledge receipt of request Submit Service and RFC/Work Requests A2.2 Review and validate request This task includes reviewing the information provided for completeness and necessary approvals. Asset Management Specialists - Software Stakeholders R C Analyze and request additional information if needed Provide response as needed A2.3 Verify license availability This task includes analyzing the repository to identify if the request is for a new or existing IT asset. If existing, determine if licenses are available to fulfill the request. Asset Management Specialists - Software R Research repository to check for IT asset availability 2.149.4.2.8.3 (05-29-2024) A3 Process Request Manage IT asset inventory levels. ID Task Name and Description Role RACI Duties A3.1 Identify installations and usage This task includes querying the repository and producing an inventory report. Asset Management Specialists - Software R Generate Asset Management Reports A3.2 Validate report data This includes reviewing the report and supporting documentation to determine the license position. Asset Management Specialists - Software R Analyze findings to determine license availability A3.3 Notify stakeholders of license position This task provides the status of the license position to stakeholders. Asset Management Specialists - Software Stakeholders R I Provide license position to stakeholders Receive notification of inventory level 2.149.4.2.8.3.1 (05-29-2024) Cross-Functional Diagram Step 1 - Manage IT Asset Plan - Software Procedure Flow Diagram Figure 2.149.4-1 Manage IT Asset Plan - Software Procedure Flow Diagram has one role Asset Management Specialists (Software):Begin with Approved RequestAnalyze RequestReview RepositoryProcess Request and end with IT Asset Plan Please click here for the text description of the image. 2.149.4.3 (05-29-2024) Step 2 - Process Acquired IT Asset Workflow A workflow consists of Activities and Tasks, Inputs and Outputs, Roles, and Flow Diagrams. It describes the tasks, procedural steps, organizations or people involved, required input and output information, and tools needed for each step of the process. 2.149.4.3.1 (05-29-2024) Main Process Diagram This step does not have a Main Process Diagram, only Cross-Functional Diagram. Step 2 - Process Acquired IT Asset is to outline the steps required to ensure new IT assets in the IT infrastructure are accounted for in the authoritative repository. 2.149.4.3.2 (05-29-2024) Entry Criteria Generally, Step 2 - Process Acquired IT Asset - Software procedure occurs after the following events: Purchase Notification Service Request Incident RFC/Work Request 2.149.4.3.3 (05-29-2024) Inputs Process inputs are used as triggers to initiate the process and to produce the desired outputs. Users, stakeholders or other processes provide inputs. The following is a list of inputs for this process: Name Description Supplier Purchase Documentation The types of purchase documentation include requisitions awards, shipping information, vendor quotes and contracts. Strategic Supplier Management Asset Management Reports The reports generated to provide data on the asset management inventory. Asset Management, Strategic Supplier Management Service Request A request from a User for information, or advice, or for a Standard Change or for Access to an IT Service. Request Fulfillment 2.149.4.3.4 (05-29-2024) Outputs Each process produces tangible outputs. These outputs can take the form of products or data and can be delivered to a user or stakeholder, or, they can be used as inputs to other processes. Outputs are measurable in terms of quantity and quality. Name Description Recipient Asset Repository An asset record is updated within the Asset Repository. Asset Management Asset Management Reports The reports generated to provide data on the current asset management inventory. Asset Management, Strategic Supplier Management, Stakeholders Knowledge Article The shared information or instructions contained in a centralized database. Knowledge Management, Stakeholders 2.149.4.3.5 (05-29-2024) Exit Criteria Step 2 - Process Acquired IT Asset - Software procedure is exited when: Acquired IT asset is obtained to meet requests and successfully added to the repository 2.149.4.3.6 (05-29-2024) Activities An activity is a major unit of work to be completed in achieving the objectives of the process. A process consists of a sequence of related activities that transforms inputs into outputs and performed by the roles defined in the process. Identify the activities in the process and provide a brief description. The activities must correspond with the high-level process flow diagram above. Additional instructions for the following steps are found in the Software Asset Management – User Guides at the UNS, Operation Service Support Hardware Asset Management SharePoint site, see the following section for IRM Policies and Procedures: https://irsgov.sharepoint.com/sites/ossamweb/Pages/IRM-Policies-and-Procedures.aspx. ID Name Description A1 Receive and process notifications Notification is received and processed for all IT asset acquisitions. A2 Update repository Create/Update record. 2.149.4.3.7 (05-29-2024) Roles Each process defines at least one role. Each role is assigned to perform specific tasks within the process. The responsibilities of a role are confined to the specific process. They do not imply any functional standing within the hierarchy of an organization. For example, the process manager role does not imply the role is associated with or fulfilled by someone with functional management responsibilities within the organization. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time. Name Description Asset Management Specialists - Software Manage control processes and interactions for all enterprise-wide software financial assets and associated components Develop policies and procedures related to the management of software assets as needed Monitor software usage Manage software licenses Ensure compliance with IRS software standards Reconcile software assets receipt data for verification and audit Oversee and coordinate with external/internal auditors (GAO, TIGTA, and CFO) regarding IT assets Administrate guidelines for quality reviews 2.149.4.3.8 (05-29-2024) Procedure Procedure Graphs 2.149.4.3.8.1 (05-29-2024) A1 Receive and Process Notifications Notification is received and processed for all IT asset acquisitions. ID Task Name and Description Role RACI Duties A1.1 Receive notification of purchase This task includes receiving an e-mail or systemic notification for asset purchases initiated. Asset Management Specialists - Software R Receive mail or systemic notification Stakeholders C Submit purchase notification A1.2 Validate purchase data This task includes reviewing purchase and supplemental documentation (requisitions and contracts). Asset Management Specialists - Software R Verify information in purchasing systems and repository 2.149.4.3.8.2 (05-29-2024) A2 Update Repository Create/Update record. ID Task Name and Description Role RACI Duties A2.1 Validate IT asset receipt This task includes verifying the receipt of purchased software. Stakeholders Asset Management Specialists - Software R I Submit notification Confirm receipt of IT assets A2.2 Add new IT assets to repository This task includes adding the purchased software to the repository. Asset Management Specialists - Software R Update asset record in repository 2.149.4.3.8.2.1 (05-29-2024) Cross-Functional Diagram Step 2 - Process Acquired IT Asset - Software Procedure Flow Diagram Figure 2.149.4-2 Process Acquired IT Asset - Software Procedure Flow Diagram has Asset Management Specialists (Software) performing the following actions:Begin with Acquired IT Asset Receive and Process NotificationsUpdate Repository and end at Updated Repository. Please click here for the text description of the image. 2.149.4.4 (05-29-2024) Step 3 - Deploy IT Asset Workflow Step 3 - Deploy IT Asset process is for Hardware IT assets only. Software IT assets are deployed in the Release & Deployment process. 2.149.4.5 (05-29-2024) Step 4 - Maintain IT Asset Workflow A workflow consists of Activities and Tasks, Inputs and Outputs, Roles, and Flow Diagrams. It describes the tasks, procedural steps, organizations or people involved, required input and output information, and tools needed for each step of the process. 2.149.4.5.1 (05-29-2024) Main Process Diagram This step does not have a Main Process Diagram, only Cross-Functional Diagram. Step 4 - Maintain IT Asset is to outline the steps required to inventory, count and track assets, monitor usage, and manage warranties (hardware) contracts for maintenance and support. Some of these activities include monitoring the useful life of an asset, quality reviews and continuous evaluations to improve services for future modification. Each activity may have a different trigger(s) that starts the process. 2.149.4.5.2 (05-29-2024) Entry Criteria Generally, Step 4 - Maintain IT Asset - Software procedure occurs after the following event: IT asset is deployed in the IT infrastructure 2.149.4.5.3 (05-29-2024) Inputs Process inputs are used as triggers to initiate the process and to produce the desired outputs. Users, stakeholders or other processes provide inputs. The following is a list of inputs for this process: Name Description Supplier IT Asset The property or equipment that is part of the information technology infrastructure, including hardware and software for IT and telecommunications data and voice that is in use, in reserve storage, or awaiting disposal. Strategic Supplier Management, Asset Management Asset Repository The database that stores, maintains, and tracks the value and ownership of assets. Asset Management Asset Management Reports The reports generated to provide data on the asset management inventory. Asset Management, Strategic Supplier Management Maintenance and Warranty Agreements The warranties are agreements which call for the replacement or repair of hardware assets at no additional charge. Maintenance agreements ensure continued operation of an IT asset by providing preventive and remedial services including support and installation. Strategic Supplier Management Purchase Documentation The types of purchase documentation include requisitions awards, shipping information, vendor quotes and contracts. Strategic Supplier Management Financial/ Compliance Audits (GAO, TIGTA, CFO) The formal inspection and verification to check whether a standard or set of guidelines is being followed, that records are accurate, or that efficiency and effectiveness targets are being met. Audit Management (Strategy & Planning) Service Request A request from a User for information, or advice, or for a Standard Change or for Access to an IT Service. Request Fulfillment Incident An unplanned interruption to an IT Service or a reduction in the Quality of an IT Service. Incident Management Policies and Directives The guidelines to manage the IT Asset Management program and ensure financial assets are accurately tracked in the authoritative repositories. Asset Management RFC/Work Request A formal proposal for a change to be made (work request). An RFC includes details of the proposed change, and may be recorded on paper or electronically. Change Management 2.149.4.5.4 (05-29-2024) Outputs Each process produces tangible outputs. These outputs can take the form of products or data and can be delivered to a user or stakeholder, or, they can be used as inputs to other processes. Outputs are measurable in terms of quantity and quality. Name Description Recipient Asset Repository An asset record is updated within the Asset Repository. Asset Management Asset Management Reports The reports generated to provide data on the current asset management inventory. Asset Management, Strategic Supplier Management, Stakeholders Service Request A request from a User for information, or advice, or for a Standard Change or for Access to an IT Service has been fulfilled and closed. Request Fulfillment, Asset Management Incident The resolution of an unplanned interruption to an IT Service or a reduction in the Quality of an IT Service. Incident Management, Asset Management Knowledge Article The shared information or instructions contained in a centralized database. Knowledge Management, Stakeholders 2.149.4.5.5 (05-29-2024) Exit Criteria Step 4 - Maintain IT Asset - Software procedure is exited when: IT assets are managed in the repository until end of life 2.149.4.5.6 (05-29-2024) Activities An activity is a major unit of work to be completed in achieving the objectives of the process. A process consists of a sequence of related activities that transforms inputs into outputs and performed by the roles defined in the process. Identify the activities in the process and provide a brief description. The activities must correspond with the high-level process flow diagram above. ID Name Description A1 Manage inventory data Verify IRS owned IT assets are consistent with the inventory. A2 Manage report data Generate and analyze reports for recommendations. A3 Manage audits Collaborate to ensure compliance and respond to all IT asset internal/external audits and requests for information. The corrective actions will result in improved data and processes. A4 Update repository Process the IT asset record changes in the authoritative repository. A5 Recommend corrective actions Process data improvements as needed. 2.149.4.5.7 (05-29-2024) Roles Each process defines at least one role. Each role is assigned to perform specific tasks within the process. The responsibilities of a role are confined to the specific process. They do not imply any functional standing within the hierarchy of an organization. For example, the process manager role does not imply the role is associated with or fulfilled by someone with functional management responsibilities within the organization. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time. Name Description Asset Management Specialists - Software Manage control processes and interactions for all enterprise-wide software financial assets and associated components Develop policies and procedures related to the management of software assets as needed Monitor software usage Manage software licenses Ensure compliance with IRS software standards Reconcile software assets receipt data for verification and audit Oversee and coordinate with external/internal auditors (GAO, TIGTA, and CFO) regarding IT assets Administrate guidelines for quality reviews 2.149.4.5.8 (05-29-2024) Procedure Procedure Graphs 2.149.4.5.8.1 (05-29-2024) A1 Manage Inventory Data Verify IRS owned IT assets are consistent with the inventory. ID Task Name and Description Role RACI Duties A1.1 Review and analyze licenses to manage compliance This task includes monitoring inventory levels and reviewing documentation to determine license position. Asset Management Specialists - Software R Manage licenses: Compare software license versus installed Perform software metering/harvesting Track license compliance Review software contract for compliance Go to A5: Recommend Corrective Actions 2.149.4.5.8.2 (05-29-2024) A2 Manage Report Data Generate and analyze reports for recommendations. ID Task Name and Description Role RACI Duties A2.1 Generate reports This task is performed in the daily management of the repository to ensure accuracy and monitoring of the software life cycle. Common triggers for this activity include RFC/Work Request, Service Requests and Maintenance Renewal requests. Asset Management Specialists - Software Stakeholders R C Generate Asset Management reports Submit request A2.2 Analyze report findings This task involves analyzing reports and supporting documentation to determine availability, identify non -compliance and data discrepancies/anomalies. Asset Management Specialists - Software R Validate the results of the report query Evaluate report results against request Communicate findings Stakeholders C Receive report/findings and provide response A2.3 Correct Deficiencies This task involves correcting inaccuracies and anomalies in the repository within the scope of the Asset Management Specialists - Software. Asset Management Specialists - Software R Update repository Go to A5: Recommend Corrective Actions 2.149.4.5.8.3 (05-29-2024) A3 Manage Audits Collaborate to ensure compliance and respond to all IT asset internal/external audits and requests for information. The corrective actions will result in improved data and processes. ID Task Name and Description Role RACI Duties A3.1 Respond to audit requests This task involves providing data to TIGTA, CFO and GAO for audit requests. Asset Management Specialists - Software R Conduct research and provide data requested Stakeholders C Communicate audit requirements A3.2 Receive audit findings This task involves receiving and analyzing audit findings from TIGTA, CFO and GAO. Develop and provide an appropriate response. Asset Management Specialists - Software R Review information and provide feedback Stakeholders C Communicate audit findings A3.3 Perform corrective actions based on audit findings This task involves performing corrective actions within the scope of the Asset Management Specialists - Software. Asset Management Specialists - Software R Implement recommendations to address corrective actions Communicate corrective actions implemented Stakeholders I Receive notification of corrective actions implemented Go to A5: Recommend Corrective Actions 2.149.4.5.8.4 (05-29-2024) A4 Update Repository Process the IT asset record changes in the authoritative repository. ID Task Name and Description Role RACI Duties A4.1 Process repository changes This task involves updating the repository in response to the supporting change documents. Asset Management Specialists - Software R Update the repository as requested from: Incident RFC/Work Request Service Request Purchase Notification Stakeholders C Submit change request The end state is a “Managed IT Asset” 2.149.4.5.8.5 (05-29-2024) A5 Recommend Corrective Actions Process data improvements as needed. ID Task Name and Description Role RACI Duties A5.1 Manage data discrepancies This task includes managing IT asset data discrepancies. Asset Management Specialists - Software R Generate Asset Management reports A5.2 Issue guidance This task includes performing analysis for areas of improvements and making recommendations. Asset Management Specialists - Software R Analyze reports and make recommendations Stakeholders I Receive recommendations for corrective actions A5.3 Process repository changes This task includes modifications to the repository in response to the corrective actions. Asset Management Specialists - Software R Make changes to the repository to address corrective actions The end state is a “Managed IT Asset” 2.149.4.5.8.5.1 (05-29-2024) Cross-Functional Diagram Step 4 - Maintain IT Asset Overview - Software Procedure Flow Diagram Figure 2.149.4-3 Maintain IT Asset Overview - Software Procedure Flow Diagram Please click here for the text description of the image. 2.149.4.6 (05-29-2024) Step 5 - Dispose IT Asset Workflow A workflow consists of Activities and Tasks, Inputs and Outputs, Roles, and Flow Diagrams. It describes the tasks, procedural steps, organizations or people involved, required input and output information, and tools needed for each step of the process. 2.149.4.6.1 (05-29-2024) Main Process Diagram This step does not have a Main Process Diagram, only Cross-Functional Diagram. Step 5 - Dispose IT Asset is to remove IT assets from active inventory and make them unavailable for use. Some of these activities include determining IT assets reaching end of life and performing disposal activities. 2.149.4.6.2 (05-29-2024) Entry Criteria Generally, Step 5 - Dispose IT Asset - Software procedure occurs after the following event: IT asset is ready for disposal or reached end of life 2.149.4.6.3 (05-29-2024) Inputs Process inputs are used as triggers to initiate the process and to produce the desired outputs. Users, stakeholders or other processes provide inputs. The following is a list of inputs for this process: Name Description Supplier IT Asset The property or equipment that is part of the information technology infrastructure, including hardware and software for IT and telecommunications data and voice that is in use, in reserve storage, or is awaiting disposal. Strategic Supplier Management, Asset Management Asset Repository The database that stores, maintains and tracks the value and ownership of assets. Asset Management Asset Management Reports The reports generated to provide data on the asset management inventory. Asset Management, Strategic Supplier Management Service Request A request from a User for information, or advice, or for a Standard Change or for Access to an IT Service. Request Fulfillment Incident An unplanned interruption to an IT Service or a reduction in the Quality of an IT Service. Incident Management Policies and Directives The guidelines to manage the IT Asset Management program and ensure financial assets are accurately tracked in the authoritative repositories. Asset Management Maintenance and Warranty Agreements The warranties are agreements which call for the replacement or repair of hardware assets at no additional charge. Maintenance agreements ensure continued operation of an IT asset by providing preventive and remedial services including support and installation. Strategic Supplier Management, FMSS 2.149.4.6.4 (05-29-2024) Outputs Each process produces tangible outputs. These outputs can take the form of products or data and can be delivered to a user or stakeholder, or, they can be used as inputs to other processes. Outputs are measurable in terms of quantity and quality. Name Description Recipient Asset Management Reports The reports generated to provide data on the current asset management inventory. Asset Management, Strategic Supplier Management, Stakeholders Service Request A request from a User for information, or advice, or for a Standard Change or for Access to an IT Service has been fulfilled and closed. Request Fulfillment, Asset Management Incident The resolution of an unplanned interruption to an IT Service or a reduction in the Quality of an IT Service. Incident Management, Asset Management Asset Repository An asset record is updated within the Asset Repository. Asset Management Knowledge Article The shared information or instructions contained in a centralized database. Knowledge Management, Stakeholders 2.149.4.6.5 (05-29-2024) Exit Criteria Step 5 - Dispose IT Asset - Software procedure is exited when: IT asset has been removed from the IRS environment and record updates have been finalized 2.149.4.6.6 (05-29-2024) Activities An activity is a major unit of work to be completed in achieving the objectives of the process. A process consists of a sequence of related activities that transforms inputs into outputs and performed by the roles defined in the process. Identify the activities in the process and provide a brief description. The activities must correspond with the high-level process flow diagram above. ID Name Description A1 Determine IT assets at EOL Monitor and manage IT assets that do not meet operational needs in accordance with end of life (EOL) criteria which is based upon the contract. A2 Manage disposal activities Perform the steps to remove IT asset from operational use. A3 Update repository Execute disposition updates for IT assets by processing IT asset record changes. 2.149.4.6.7 (05-29-2024) Roles Each process defines at least one role. Each role is assigned to perform specific tasks within the process. The responsibilities of a role are confined to the specific process. They do not imply any functional standing within the hierarchy of an organization. For example, the process manager role does not imply the role is associated with or fulfilled by someone with functional management responsibilities within the organization. Within a specific process, there can be more than one individual associated with a specific role. Additionally, a single individual can assume more than one role within the process although typically not at the same time. Name Description Asset Management Specialists - Software Manage control processes and interactions for all enterprise-wide software financial assets and associated components Develop policies and procedures related to the management of software assets as needed Monitor software usage Manage software licenses Ensure compliance with IRS software standards Reconcile software assets receipt data for verification and audit Oversee and coordinate with external/internal auditors (GAO, TIGTA, and CFO) regarding IT assets Administrate guidelines for quality reviews 2.149.4.6.8 (05-29-2024) Procedure Procedure Graphs. 2.149.4.6.8.1 (05-29-2024) A1 Determine IT Asset At EOL Monitor and manage IT assets that do not meet operational needs in accordance with end of life (EOL) criteria which is based upon the contract. ID Task Name and Description Role RACI Duties A1.1 Validate request for EOL This task includes receiving notification for software that is no longer in use. Asset Management Specialists - Software R Receive information or request regarding IT assets at EOL Stakeholders C Submit EOL notification A1.2 Monitor for software no longer supported This task involves checking the repository for existence of EOL software. Asset Management Specialists - Software R Check repository for EOL IT assets Stakeholders I Receive information for software no longer supported by manufacturer 2.149.4.6.8.2 (05-29-2024) A2 Manage Disposal Activities Perform the steps to remove IT asset from operational use. ID Task Name and Description Role RACI Duties A2.1 Review EOL request This task includes reviewing notification for termination of maintenance/contract agreements. Asset Management Specialists - Software R Receive notification from stakeholders about termination of any maintenance/contract agreements Stakeholders C Submit notification A2.2 Notify stakeholders This task includes working with impacted stakeholders for the removal of software from the infrastructure. Asset Management Specialists - Software R Collaborate with stakeholders for EOL activities Stakeholders I Receive the notification and take appropriate actions 2.149.4.6.8.3 (05-29-2024) A3 Update Repository Execute disposition updates for IT assets by processing IT asset record changes. ID Task Name and Description Role RACI Duties A3.1 Process repository changes This task includes modifications to the repository according to the EOL procedures. Asset Management Specialists - Software R Update repository to reflect EOL 2.149.4.6.8.3.1 (05-29-2024) Cross-Functional Diagram Step 5 - Dispose IT Asset - Software Procedure Flow Diagram Figure 2.149.4-4 Dispose IT Asset - Software Procedure Flow Diagram which has one role - Asset Management Specialists.EOL IT Assets go to Determine IT Assets at EOL then to Manage Disposal Activities to Update Repository for Retired Asset. Please click here for the text description of the image. More Internal Revenue Manual
