IT Resource Allocation Checklist

Export the device list from NinjaOne / Datto RMM / Intune and reconcile against the PSA asset records. Flag devices that haven't checked in for 30+ days — these are typically lost laptops, decommissioned hardware that wasn't retired in the PSA, or agents that have fallen off.

Pull CPU, memory, and datastore utilization from vCenter / Hyper-V / Proxmox over the trailing 90 days. Watch for hosts sustaining over 75% memory or datastores over 80% — those are the constraints that bite during the next deployment.

Filter the asset list for laptops past their 4-year refresh, machines on Windows 10 (EOL Oct 2025), and devices with failing SMART data or repeated EDR crash reports. Include warranty expiration dates from Dell ProSupport / Lenovo Premier Support exports.

Draft the quote: SKUs, quantities, lead times, and total. Lead times on enterprise SSDs and SFP+ optics still run 6-12 weeks from some vendors — order before the quarter the capacity is needed, not during.

Export assigned vs. purchased counts from the M365 admin center, Google Workspace, Adobe Admin Console, and any SSO-fed apps in Okta or Entra. Cross-check against the HR roster — disabled accounts holding paid licenses are the most common source of waste.

For every disabled or deleted account holding a paid SKU, confirm the offboarding ticket was closed and reclaim the license. Convert mailboxes to shared where retention is required — shared mailboxes under 50GB don't need a license.

Review Microsoft, VMware (Broadcom), Adobe, and Veeam usage against entitlements. Flag anything over-deployed before the next audit cycle — VMware/Broadcom true-ups in particular have produced six-figure surprises since the licensing model change.

Confirm headcount adds with HR and project leads. Map each new role to its required SKU bundle (E3 vs E5, Visio, Project, Adobe Creative Cloud, etc.). Budget for the 60-day onboarding lead added by procurement on enterprise agreements.

Open a ticket with the CFO and outside counsel summarizing the over-deployment, supporting evidence, and remediation options (reduce usage, negotiate true-up, or restructure agreement). Don't wait for the vendor to initiate — self-disclosure is materially cheaper.

Run the trailing 90-day report from ConnectWise PSA / Autotask / Halo: hours per technician, billable vs. non-billable, ticket volume by tier. Technicians sustaining over 85% utilization are burnout risks; under 60% indicates either underloading or unbilled work leaking off the timesheet.

Match certifications (Azure, AWS, Cisco CCNA/CCNP, CompTIA, vendor-specific) and named-tool experience against the quarter's project pipeline. A migration to Intune doesn't run if nobody on the team has shipped one before — flag training or contractor needs now.

Pull the next quarter's PagerDuty / Opsgenie schedule against PTO requests. A rotation with one Tier 3 engineer on every page is a single point of failure — confirm secondary coverage and after-hours escalation paths.

For each identified gap, decide: short-term contractor (TEKsystems, Insight, Robert Half Technology), 1099 specialist, or FTE requisition. FTE searches at the Tier 3 / engineer level run 90-120 days from req to start — open the requisition before the work hits, not after.

Pull 90-day utilization from Auvik / PRTG / Meraki dashboard for each site. Sites running 70%+ peak utilization are due for a circuit upgrade — ISP provisioning runs 60-120 days for fiber, longer for new builds.

Check DHCP scope utilization on each VLAN. Scopes over 80% used will exhaust during the next round of guest devices or IoT onboarding. Document any subnets nearing exhaustion in IPAM (phpIPAM, SolarWinds IPAM, Infoblox).

FortiGate, Palo Alto, and SonicWall license tiers cap concurrent SSL VPN sessions and threat-prevention throughput. Verify the platform handles forecast peak concurrent users plus 25% headroom before approving any remote-access project.

For each upgrade identified, draft the RFC and route through CAB. Schedule into existing maintenance windows; net-new windows require business approval. Include rollback plan and named on-call escalation in the change record.

Pull actuals from the GL (NetSuite, QuickBooks, Sage Intacct) by category — hardware capex, SaaS subscriptions, telecom, professional services, training. Variance over 10% per line needs an explanation before the next quarter's plan is approved.

Roll up the hardware, license, contractor, and network line items from prior sections. Tag each item as run-the-business vs. project, and capex vs. opex. Finance will ask — have the split ready before the meeting.

Score each project on business impact, security/compliance driver, and dependency on prior work. Compliance-driven items (SOC 2 control remediation, Windows 10 EOL migration, MFA enforcement) are not negotiable; rank discretionary projects below them.

Walk through the allocation, the trade-offs made, and the risks of any deferred items. Capture decisions in writing — verbal approval drifts.