Yeah ...
You audit everything that makes up a system
You record any 3rd party deps - and their licensing.
And, if producing a built system, yu make sure it can be built on a fresh build box, generating identical binaires i.e. exact same at the binary output level.
Problem with 'Enterprise Architects' is most they are fly by night bandwagon jumping shyters