Before you begin, get clear on what you’re auditing and why. This means deciding:

• Which departments, sites or asset types are in scope
• Who is responsible for each aspect of the audit
• What constitutes success (e.g. a complete asset register, licence compliance, or cost-saving opportunities)

You’ll want to bring in stakeholders from IT, finance, procurement, and compliance, as clear cross-departmental communication will be important from the outset.

Now it’s time to track down what you actually have. This can include:

• Desktops, laptops, and servers
• Mobile devices
• Printers and peripherals
• Software applications and licences
• Network hardware (routers, switches, etc.)

Manual spreadsheets work for very small organisations, but most businesses benefit from automated discovery tools that scan the network for connected devices and software installations.

Use this opportunity to integrate with your IT asset management system if you have one, or consider implementing one if you don’t. A live asset register can become the backbone of your audit efforts.

Once you’ve discovered your assets, you need to document them properly. Include details like:

• Serial numbers
• Asset condition
• Purchase date and warranty information
• Current location
• Assigned user (if applicable)

This provides a reliable baseline for all future audits. Without a consistent system for tracking, the whole IT asset audit process has the potential to unravel.

With everything logged, it’s time to assess the security posture of each asset. This includes:

• Verifying antivirus and endpoint protection
• Checking for unapproved software
• Ensuring operating systems and firmware are up to date
• Reviewing user access controls

A good IT asset management audit also flags legacy systems that may pose a security risk.

Compliance goes hand-in-hand with security. During your audit, check:

• Whether all licensed software is accounted for
• That user data is being handled in line with GDPR
• How well your policies align with frameworks like ISO 27001

Audit documentation is key here. You need a clear audit trail to demonstrate compliance to regulators or clients.

Don’t forget about the old gear gathering dust in cupboards. These assets still pose a risk if they contain sensitive data or are disposed of improperly. Check to 

see if the data has been wiped from old devices securely and whether the device could be refurbished or resold (best case) or if it needs to be recycled responsibly.

In the case of recycling or disposal, you can employ the services of companies like Restore Technology, offering comprehensive IT disposal, data destruction, and remarketing and recycling services to help you manage this final stage securely and sustainably.

An IT asset audit should never be a one-off exercise. The goal is to build processes that keep your asset data accurate over time. To help achieve this, make sure your audit findings are integrated with:

• Procurement and finance systems
• IT service management tools
• Security monitoring platforms

That way, new devices and licences are logged automatically, changes are tracked, and audits become simpler over time.

Modern businesses are under increasing pressure to demonstrate environmental and social responsibility. Your audit can support this by:

• Highlighting underused or redundant assets
• Tracking carbon footprint and energy use
• Supporting asset reuse and e-waste reduction
• Feeding into ESG and carbon reporting

Restore Technology is committed to helping clients reduce waste being sent to landfill and embrace circular economy principles through responsible IT lifecycle services.

An IT asset audit template is only useful if you use it often. Set a schedule to:

• Reverify assets quarterly or bi-annually
• Update asset conditions and statuses
• Review policy compliance

This regular maintenance turns audits from reactive fire-fighting missions into a streamlined and proactive part of your IT operations.