As Templeton Peck said, Apple have thought about this and these days actually offer two different solutions for this.
Firstly purely for Apple Mac operating system updates you can use the 'Software Update Server' module in Apple's Server.app software. Alternatively you can use the 'Caching' module also in Apple's Server.app software. There are advantages and disadvantages to each.
The Caching module caches previously downloaded Software Updates i.e. operating system updates for Macs, but it can also cache the download of Apps from both the Mac App Store and the iOS App Store. It does not however let you control which operating system updates have been released to your users.
You can also use a free open-source alternative to Apple's Software Update Server module which is called Reposado. This adds the ability to define multiple 'branches' to your Reposado equivalent Software Update Server which allows having both a 'released' and 'testing' branch for different users/computers and also lets you retain older updates that officially Apple have discontinued, e.g. older versions of iTunes or Safari.
I personally use both Reposado and Apple's Caching module.
While Apple are weak in many areas from a business feature point of view please do not unfairly castigate them as being totally business unfriendly as this is not true. Apart from the fact that in this case Apple have provided a solution for many years, Apple have and still do lead in some business areas, for example they pioneered MDM solutions (Mobile Device Management) and I would argue that in this area they have and do genuinely lead from the front in providing business solutions and are ahead of even Microsoft.
