IT Budgeting Checklist

Export the asset list from your RMM (NinjaOne, Datto, ConnectWise Automate) or CMDB. Tag each laptop, server, switch, AP, and firewall with purchase date and warranty end. Anything past warranty in the next 12 months is a refresh candidate, not a maintenance line item.

Pull seat counts from M365 / Google Workspace admin, Adobe Admin Console, Salesforce, and your SSO (Entra, Okta) app catalog. Match assigned seats to active employees — orphaned licenses on terminated users are the easiest line item to cut before a Microsoft or Adobe true-up bill arrives.

Aggregate trailing-12-month spend from AWS Cost Explorer, Azure Cost Management, GCP Billing, Datadog, and any colo/bandwidth invoices. Separate steady-state run rate from one-time migration costs so the forecast doesn't double-count.

Include EDR (CrowdStrike, SentinelOne, Defender for Endpoint), SIEM (Sentinel, Splunk), email security (Proofpoint, Mimecast, Avanan), MFA (Duo), vuln scanner (Tenable, Qualys), KnowBe4, and any MDR retainer. Per-endpoint pricing scales with headcount — model that link explicitly.

Pull last year's spend on Microsoft, Cisco, AWS, and CompTIA cert exams plus Pluralsight / A Cloud Guru / INE seats. Note any vendor co-op funds available — many distributors fund a portion of partner training.

List Cisco SmartNet, Meraki licenses, VMware/Broadcom support, Dell ProSupport, Veeam maintenance, and any third-party MSP retainers. Flag anything renewing in the next 90 days — those need to land in the proposal, not next quarter's surprise.

Use a 4-year laptop and 5-year server refresh cycle as the default. Model the unit count by quarter so finance sees lumpy capex rather than a single line. Include Autopilot / Intune onboarding labor and BitLocker key escrow setup per device.

Get the hiring plan from HR by month and department. Apply per-seat costs (M365 E5 ~$57/user/mo, CrowdStrike ~$8/endpoint/mo, Slack Business+ ~$15/user/mo) to project incremental SaaS spend. Cloud workloads scale with usage — review Azure / AWS reserved-instance commitments expiring in the budget year.

Map gaps from the last vuln scan, pen test, or SOC 2 report to specific tools: PAM (CyberArk, Delinea), ZTNA replacing legacy VPN, immutable backup (Veeam hardened repo, AWS S3 Object Lock), or phishing-resistant MFA (YubiKey). Each gap → one budget line with vendor + estimated annual cost.

Score each candidate project (network refresh, AD-to-Entra migration, Exchange-to-M365, VMware-to-Hyper-V or Proxmox post-Broadcom, SD-WAN rollout, DR site stand-up) on business value, risk reduction, and labor hours. Hold a short list for the proposal; document deferrals so they aren't relitigated mid-year.

Split the workbook into capex (hardware, project labor) and opex (SaaS, MSP retainer, support contracts, training). Tag each line with cost-center / department so chargebacks land cleanly. Show prior-year actual, current-year forecast, and next-year proposed side by side.

Walk department leaders through the lines that hit their cost center — especially per-seat SaaS that scales with their hiring plan. Capture pushback verbatim so revisions are traceable. CFO conversation focuses on capex timing and any multi-year commitments.

Track every change with a reason and a sponsor. If a project was cut, document the risk accepted and route it to the security/risk register so it doesn't reappear as a surprise after an incident.

Triggered when leadership rejects the proposal. Hold a working session with the CFO to identify which deferrable lines come out — typically discretionary projects, training, or non-critical refreshes. Re-route through the same approvers; do not start spending against unapproved lines.

30-minute recurring with IT lead, finance partner, and (for MSPs) the vCIO assigned to the account. Standing agenda: variance by category, upcoming renewals in the next 60 days, and any change requests that materially shift run rate.

Pull the GL extract from NetSuite / QuickBooks / Sage Intacct. Match each AP invoice to the budget line. Misclassified vendor codes are the most common cause of phantom variances — fix the coding at the source rather than annotating the variance every month.

Default threshold: any line greater than 10% or $5K over plan gets a written explanation. Distinguish timing variances (project slipped a quarter) from run-rate variances (M365 license overage from unplanned hiring) — only the latter requires a forecast revision.

Triggered only when variance crosses the threshold. Document the driver, propose an offset (cut from another line) or request incremental funding, and route to the same approver who signed the original budget. Keep the approval trail attached to the budget workbook.

One-page dashboard: actual vs. budget by category, top 5 variances with explanations, renewals due in 60/90 days, project burn against plan. For MSPs, this rolls into the QBR deck for the client.

Cross-reference Okta / Entra last-login against each app's seat list. Anything inactive over 60 days is a candidate for downgrade or removal. Also check for tool overlap: Asana + Monday + Trello running in parallel across teams is the typical finding.

Review AWS Compute Optimizer or Azure Advisor recommendations. Convert steady-state on-demand workloads to 1-year or 3-year reserved instances / savings plans. Snapshot orphaned EBS volumes and idle load balancers — both bill silently.

Auto-renewal clauses lock in price increases when you wait. Open the conversation 90 days out with usage data in hand and a competitive quote (or the credible threat of one). Multi-year deals trade flexibility for typically 10-20% discount — only sign if the tool is genuinely embedded.

Submit cancellations through the vendor portal or via certified email — not just a Slack to the AE. Capture the cancellation confirmation number and the effective date in the contract repository (Vendr, Tropic, or your IT Glue / Hudu vendor section).

Log realized savings by line item with the action that produced them. Feeds next year's baseline so optimization isn't re-discovered annually, and gives the IT team concrete numbers for QBRs and performance reviews.