End-of-Financial-Year IT Checklist for Australian Businesses

Why EOFY Is a Good Time for an IT Review

End of financial year brings the combination of budget cycles, compliance deadlines, and a natural pause for review. It is a practical time to check whether your IT is still aligned with your business, what has changed over the past year, and what needs to happen in the year ahead.

This checklist is designed for Australian small businesses. Work through it in the weeks leading up to 30 June.

Licences and Subscriptions

• [ ] List all active software subscriptions and their annual cost
• [ ] Identify subscriptions that are unused or underutilised
• [ ] Confirm Microsoft 365 licence count matches your current staff count (over-licensing wastes money; under-licensing creates compliance issues)
• [ ] Review whether your Microsoft 365 plan tier is still appropriate (Standard vs Premium)
• [ ] Check that all licences are assigned to named staff — not floating or shared
• [ ] Confirm any licences for departed staff have been deactivated and removed

Compliance and Records

• [ ] Confirm that financial records are backed up and stored in accordance with ATO requirements (five years for most business records)
• [ ] Review data retention policies — are you keeping what you should keep and deleting what you should not?
• [ ] Check that your privacy policy is current if it references specific data handling practices
• [ ] For healthcare businesses: confirm clinical records are retained in accordance with AHPRA requirements
• [ ] For financial services businesses: confirm records meet ASIC retention requirements

Hardware

• [ ] Identify computers that will be over four years old by mid next year — plan replacements in next year's budget
• [ ] Check server age and warranty status — servers over five years should be flagged for replacement planning
• [ ] Review UPS battery status — batteries typically need replacement every three to four years
• [ ] Dispose of decommissioned equipment securely — certified data erasure before donation or recycling

Security

• [ ] Confirm all devices are running a current, supported operating system
• [ ] Confirm EDR or endpoint security is active on all devices
• [ ] Review and confirm MFA is enabled on all email and cloud accounts
• [ ] Review access permissions — have any staff changed roles or departed?
• [ ] Confirm backup is running and has been tested in the last quarter

Budget Planning for the New Financial Year

• [ ] Identify hardware refreshes planned for the year ahead and get quotes now
• [ ] Review managed IT pricing — is the per-user cost and scope still aligned with your business?
• [ ] Budget for at least one staff security awareness training session
• [ ] Consider any planned growth (new staff, new office) and what IT investment that will require

Getting the Review Done

If reviewing all of this feels overwhelming, Netluma IT conducts EOFY IT reviews for SE Queensland small businesses. We cover licences, security, hardware, and compliance in a structured session and provide a written summary of findings and recommendations. Call 1300 521 162 to book a time.

IT Tax Deductions at EOFY: What Australian Businesses Can Claim

End of financial year is when many businesses make intentional IT purchases specifically for the tax benefit. Understanding what is deductible and how different asset types are treated helps with timing decisions.

Immediate deduction (Small Business Instant Asset Write-Off). The Australian Government's small business instant asset write-off threshold has varied year to year. Check the current ATO guidance for this financial year's threshold. When eligible, this allows immediate deduction of the full asset cost in the year of purchase rather than depreciating it over multiple years.

Software subscriptions. SaaS subscriptions — Microsoft 365, accounting software, backup services, EDR tools — are generally fully deductible as operating expenses in the year they are paid, without depreciation considerations.

Hardware. Computers, servers, switches, and other business hardware are capital assets. Depending on the current small business threshold, these may qualify for immediate deduction or need to be depreciated over their effective life under the ATO's depreciation schedule.

Timing matters. A hardware purchase made before 30 June falls in this financial year. A purchase on 1 July falls in the next. If you are planning hardware refreshes and the instant asset write-off threshold allows it, the timing of the purchase matters for which year you take the deduction.

Consult your accountant for specific advice on your situation — but being aware of these considerations helps when planning IT expenditure around EOFY.

Planning Next Year's IT Budget

EOFY is the natural planning point for next year's IT spend. A structured approach:

Hardware refresh forecast. Using a hardware register (device, purchase date, expected life), identify which devices will be over four years old during the next financial year. Plan replacements 12 months in advance to avoid emergency purchases at full price with no lead time.

Licence review. Confirm Microsoft 365 plan appropriateness for the coming year. If you are growing, will you need more licences? If the business has changed, is the current plan tier right?

Security investments. Are there security gaps identified in the EOFY review that require investment in the coming year? Budget these explicitly rather than treating security as a contingency.

Managed IT costs. If you are currently on break-fix support, use EOFY as the time to evaluate whether managed IT would provide better value. A managed IT assessment from Netluma IT is free.

EOFY as a Business Continuity Checkpoint

Beyond licences and hardware, EOFY is a useful time to review the fundamentals of business continuity — what happens to your IT operations if something goes seriously wrong.

Who has the passwords? Does your business have a centralised record of all critical system credentials, accessible to more than one trusted person? If the person who informally "handles IT" is unavailable in an emergency, can anyone else access systems?

What would recovery look like? If your primary location became inaccessible tomorrow — fire, flood, break-in — what is the plan for restoring IT operations? Where is the backup? Can staff work remotely from day one?

Is your IT provider relationship documented? Your managed IT provider should maintain documentation of your environment — device inventory, network diagrams, licence information, configuration notes. Confirm this documentation exists and is current.

Insurance. Review whether your cyber insurance policy covers your current risk profile — particularly if the business has changed significantly over the past year (more remote workers, new systems, revenue growth). Cyber insurance premiums have increased, but so have the costs of incidents.

Netluma IT conducts EOFY IT reviews for SE Queensland businesses. Call 1300 521 162 to book a review session before 30 June.