The third call I get every January is from an office manager who just discovered their company has been paying for 47 Adobe Creative Cloud seats and only 19 people remember installing it. Sometimes the number is closer to 80. The pattern is almost always the same: a spreadsheet someone updated until 2022, a shared mailbox full of license keys, and a CFO who is mildly horrified.
IT asset management at SMB scale is unglamorous, and that is exactly why it gets ignored until the bill arrives.
Stop pretending the spreadsheet works
It worked when you had 15 laptops. It does not work at 60. You are not bad at spreadsheets, you are using the wrong tool for a job that has shape and state. Software licenses expire. Warranties roll off. People leave and their MacBook Pro shows up two years later in a closet next to the holiday decorations.
For SMBs, the realistic options are not ServiceNow. Look at Snipe-IT (open source, self-hosted, free, or a hosted plan around $40/month for a few hundred assets), Lansweeper, or if you live in Microsoft 365, Intune plus a clean export to whatever ticket system you already pay for. The trick is not picking the perfect tool. The trick is picking one and feeding it.
What actually belongs on the list
Hardware is the easy part. Serial number, assignee, purchase date, warranty end, location. Five fields and you are 80% of the way there.
Software is where it gets interesting. For each SaaS subscription you should know: number of seats paid for, number of seats actively used in the last 30 days, renewal date, and the human who owns the relationship. That last one matters. The most expensive license waste I see is the SaaS app the original champion stopped using two years ago and nobody else cancelled because nobody else knew it existed.
If you process payment cards, PCI DSS 4.0 explicitly wants an inventory of in-scope system components (requirement 12.5.1). If you take ePHI, HIPAA 164.310(d) wants device and media accountability. If you are chasing ISO 27001, control A.5.9 is literally "inventory of information and other associated assets." None of these standards are asking for anything fancy. They want a list that is current and someone whose job it is to keep it current.
The shadow IT problem is a finance problem
Half the unknown software in your environment was bought on someone's personal Amex and expensed. Loop in finance. Pull the credit card statements for "SaaS-looking" charges under $50/user/month. You will find Notion, Figma, ChatGPT Team, three different Loom-equivalents, and at least one project management tool nobody uses. This is also where the security risk lives, because nobody has SSO or audit logging on the tool they bought with a personal card.
The fix is mundane. Mandate that any recurring software charge over some threshold (pick a number, $20/month is reasonable) goes through IT, get SSO via your IdP wherever the vendor allows it, and run a quarterly reconciliation against the credit card data. You do not need an AI-powered SaaS management platform. You need a habit.
Refresh cycles you can defend
Three to four years for laptops is the boring right answer for most SMBs. Past four years, support contracts get expensive and battery health falls off a cliff. A Dell Latitude or MacBook Air at three years still has decent resale value; at five it is e-waste. Build the refresh into your annual budget rather than treating each replacement as a surprise.
If working through any of this feels like more than the team can carve out time for, Syncritech does ITAM cleanup and procurement consolidation for SMBs without trying to sell you a platform you will never log into.
