In the current product, you can use the NAT rules tab in the Firewall details to do a manual audit. You can filter these rules based on specific IP addresses or subnets, export them into an Excel spreadsheet and have them reviewed or verified. There have been some feature requests in this area that might be of some help:
1. Identify NAT rules that will never be triggered because there is no ACL that allows the nat address in the first place. This would identify some outdated nat rules if the ACLs have been modified when the servers are retired.
2. Do usage analysis on NAT addresses to identify the IP addresses that are not being used any more.
We would like to hear if you do any thing else that we can automate.