Home / Help Center / EOFY IT Checklist
By · Published 12 May 2026 · Updated 15 May 2026 · EOFY · Small Business

EOFY IT Checklist for Townsville Businesses

End of financial year is more than a tax deadline. For most Townsville small businesses it's also the natural moment to look at IT — what's working, what's about to break, what's overdue for replacement, and what you can write off before 30 June. This checklist runs through the items that matter for SMBs, organised so you can work through them with your accountant and IT provider in the weeks before EOFY.

Disclaimer: This is a practical IT checklist, not tax advice. Specific deduction thresholds and rules change each year — confirm with your accountant before making purchase decisions based on tax outcomes. Where tax timing matters, we've flagged it.

1. Hardware Review

  • List every business-owned computer, laptop, and serverAge, model, condition. Anything older than 5 years is on borrowed time; anything older than 7 is overdue. EOFY is the right moment to plan replacements.
  • Check warranty statusOut-of-warranty hardware that fails costs you the full replacement plus downtime. For business-critical machines (servers, primary workstations), warranty cover for the next year is usually worth the money.
  • Identify what's slowing the team downSlow PCs, dying batteries, cracked screens — write a list of what each staff member complains about most. EOFY is the cleanest time to budget for replacements.
  • Plan refresh schedule for next yearSpread hardware refresh across the year — don't replace everything at once. A rolling 3-5 year cycle keeps spending predictable.
  • Securely dispose of old hardwareWipe drives properly before disposal. For laptops with sensitive business data, physical destruction or certified secure-wipe is the safe option. The recycling depot is not.

2. Software & Subscriptions

  • Audit every software subscriptionList Microsoft 365, Xero/MYOB, simPRO/ServiceM8, Adobe, design tools, project management, etc. Note seats vs. actual users. Most businesses pay for at least one subscription nobody uses anymore.
  • Right-size Microsoft 365 licencesBusiness Basic vs Standard vs Premium — pick the lowest tier that covers what you actually need. Frontline workers might only need Business Basic; admin and finance benefit from Premium's security features.
  • Remove licences for ex-staffMicrosoft 365 Admin → Active users. Block sign-in and remove licences for everyone who's left. Continuing to pay for departed staff is one of the most common SMB subscription leaks.
  • Look for annual vs monthly pricingMany subscriptions are 10-20% cheaper paid annually. If you'll definitely keep using it, the annual price pays for itself.
  • Move from on-prem to cloud where it makes senseAnything still on a local server (file shares, on-prem Exchange, old accounting software) is a cost and a risk. EOFY is a good moment to budget the move to Microsoft 365 / SharePoint / cloud accounting.

3. Backups & Disaster Recovery

  • Verify last successful backup of every systemServer, workstations, Microsoft 365 (yes, you need third-party M365 backup), accounting software. Confirm the backups are actually completing — many silently fail.
  • Test a restorePick a file from last month. Restore it. If you can't, the backup isn't real. This is the single most-skipped EOFY task and the one most likely to save your business.
  • Check backup retentionHow far back can you restore? 30 days isn't enough — aim for at least 90 days for operational data, 7 years for ATO-relevant records.
  • Ensure backups are immutable / offlineRansomware specifically targets connected backups. Cloud backups with immutability, or offsite copies, are the only ransomware-proof option.
  • Document the recovery processIf your main server dies tomorrow, who restores from backup? How long does it take? Where are the credentials? This belongs in a documented IT recovery plan.

4. Cyber Security

  • MFA on every accountMicrosoft 365, Xero, MYOB, ATO portal, banking, payroll. EOFY is peak season for Business Email Compromise targeting accounting staff — MFA is the single best defence.
  • Review who has admin access to financial systemsReduce to the minimum number of named people. Remove ex-staff and contractors who no longer need it. Audit logs should show recent admin activity.
  • Confirm 'change of bank details' process with clientsAgree internally and with clients that bank details changes are confirmed by phone — never by email alone. Document this and remind clients before EOFY.
  • Run a phishing simulation with staffMicrosoft Defender Attack Simulator or a third-party tool. EOFY phishing campaigns are sophisticated and well-timed — staff need recent training.
  • Update endpoint protectionMake sure EDR / antivirus is current and reporting to a central console. Investigate any device that hasn't checked in recently.
  • Patch everythingWindows, Office, browsers, business apps. Unpatched software is one of the top ransomware entry points. EOFY is a good moment to confirm patching is actually happening.

5. Records & Compliance

  • Confirm digital tax records are properly retainedThe ATO requires business records for 5 years. Invoices, BAS, payroll, supporting docs — held in a way that's tamper-evident and recoverable.
  • Apply retention policies in Microsoft 365Purview retention policies keep critical email and SharePoint content for the required period, even if a user deletes it.
  • Export accounting data backupsXero, MYOB, BGL — export a year-end snapshot to a secure storage location. Belt-and-braces in case of vendor issues.
  • Document software licences for asset registerYour accountant may want a list of paid software subscriptions and their renewal cycle.
  • For TPB-regulated practicesConfirm cyber controls meet current Tax Practitioners Board guidance. Document MFA, encryption, and access reviews so it's audit-ready.

6. Planning & Budget for Next Year

  • Set an IT budget for the new financial yearHardware refresh, software, cyber tools, IT support. A documented budget prevents surprise spends and makes EOFY 2026 easier.
  • Consider managed IT if you're still on break-fixPredictable monthly spend beats surprise invoices. Easier to budget, easier to deduct, and the proactive maintenance generally prevents more expensive incidents.
  • Plan one major IT improvementOne project per year — Microsoft 365 migration, cyber controls rollout, hardware refresh, network upgrade. Bite-sized progress beats trying to fix everything at once.
  • Review your cyber insuranceMost policies are renewed annually. Confirm you still meet the security requirements — MFA, EDR, backups. If you don't have cover, EOFY is a good moment to budget for it.
  • Talk to your IT provider before renewal timeHave an honest conversation about what's working and what isn't. Get a roadmap for the new year before lock-in renewal contracts.

Need EOFY IT Help?

We run free EOFY IT reviews for Townsville businesses — hardware audit, software subscription review, backup verification, and cyber check. Walk into 30 June with a clear plan instead of last-minute panic.

Frequently Asked Questions

What IT spending can I write off at EOFY?

Specific thresholds change year to year — check current ATO rules with your accountant. Generally, computers, monitors, peripherals, software subscriptions, and IT services are deductible as business expenses. Hardware above instant asset write-off thresholds gets depreciated. The key is timing — purchasing before 30 June pulls the deduction into the current financial year.

Should I buy new computers before 30 June?

If you'd need new hardware in the next 6-12 months anyway and your accountant confirms the tax benefit, yes — buying before 30 June pulls the deduction forward. But don't buy gear you don't need just for the write-off. The tax saving is a fraction of the cost; you're better off matching the spend to actual business need.

How long should I keep tax-related digital records?

The ATO generally requires business records to be kept for 5 years after the lodgement date. For most businesses that means digital invoices, BAS records, payroll, and supporting documents — held in a way that's tamper-evident and recoverable. Microsoft 365 retention policies plus third-party backup is the standard approach for SMBs.

What cyber controls should I have in place before EOFY?

Multi-factor authentication on every account (especially Xero, MYOB, ATO portal, banking), tested backups of all financial data, locked-down access for departed staff, and clear processes for confirming any "change of bank details" requests by phone. EOFY is peak season for business email compromise targeting accounting staff.

Can I claim home internet and home office IT?

Generally yes, for the business-use portion. The ATO has methods for calculating home office deductions — your accountant can advise. Keep records of the business-related IT spend (laptop, monitor, internet share) so the claim is supportable.

Is now a good time to switch IT providers?

EOFY is actually a good moment — it aligns with budget cycles, lets you assess what you spent last year, and gives the new provider time to onboard before peak EOFY rush hits again. Most managed IT engagements have 30-90 day onboarding, so starting in May-June puts you in good shape for the new year.