We are currently working with two large companies and it is interesting on my behalf on how little emphasis there has been on asset registers.
An asset register of IT equipment is one of the foundations of your IT systems and security, if you dont know what you own, then you dont know what keys you need and or where they are located to keep your systems secure. And hey, stick a barcode on it, saves time for future checks.

This follows onto your IT Security or Information Security Policy. Unknown equipment do not lend them selves to be secured easily. If you had a mansion and never counted the number of windows or doors in the building, let alone knew if they were locked, how do you protect yourself.

So back to ourselves, we are currently working on this process with clients, starting at the basics
a) asset register
b) user controls
c) password management
d) folder security on network drives
e) no unsecured remote access into machines
f) training and awareness of staff on the risks

Are these difficult to work with, I dont believe so.
Getting the very basics correct, then you can worry about the bigger picture.

How does an mouse eat an elephant?
One little piece at a time, and so should you with your IT Risk Assessments

Hey, if in doubt, give us a call.
Happy to help