Risk Tolerance - Missing Assets

Is anyone aware of any industry standards on % or calculations when determining an acceptable tolerance for missing assets during your annual IT equipment asset scan.

1 Like

None comes to mind, though if we’re talking acceptable shrinkage for lost or stolen I would say less than 1% is desired with proper controls in place.

A good rule of thumb for completeness and correctness for general inventory would be 90-95% that are actively reporting in your inventory systems if automated and used for purposes of your SAM Program. I’ll presume we’re talking about Laptops, Desktops, Servers and virtualization. I see your cycle is annually, by the time you search for the missing the trail could be cold and hard to find. Alter your audits to every 90 days and only those that are missing (assuming again you have automation for tracking). For physical inventories if you feel warranted shift to 25% of your estate over a two year period for all inventory for correctness validation of their actual location. I’ll presume again you have other controls in place, happy to expand further on ideas if desired.

Hope that helps


I work to be at least 97.7% able to accurately report on all equipment & software. Shrinkage is never acceptable and should be eliminated via good process. However, it’s not usually ‘worth it’ to audit when +97.7% of hw and/or sw can be accounted for and reported.

1 Like