Why SaaS Stacks Need Regular Auditing
The average mid-size company is paying for 40-80 SaaS tools. Of those, 15-25% are either unused, redundant with another tool, or providing so little value that they wouldn't survive a rational cost-benefit review. The problem compounds because SaaS procurement is decentralized — individuals and teams sign up for tools with a credit card, and no one tracks the total.
A SaaS audit surfaces this waste and creates a rationalized, governed stack. Most companies that run their first audit find 10-20% in immediate savings. Here's how to do it systematically.
Phase 1: Get Complete Visibility (Week 1)
You can't audit what you can't see. The first step is building a complete inventory.
Sources to check:
Finance and AP records: Pull every recurring charge from your credit cards and bank accounts. Filter for monthly/annual charges to known SaaS vendors. This is the most comprehensive source — anything being paid shows up here.
SSO/Identity provider: If you use Okta, Azure AD, or Google Workspace SSO, your identity provider shows every SaaS application that has requested access. This catches tools that individual employees set up.
Browser extension inventories: Many IT-managed environments can report installed browser extensions, which often reveals additional SaaS tools used in browsers.
Team surveys: Ask every department head to list the tools their team uses. You'll find shadow IT that doesn't show up in finance or SSO.
Contract management system: Review all executed SaaS contracts for active subscriptions.
Consolidate these sources into a single inventory. Include: tool name, category/function, cost (monthly or annual), owner/department, and contract renewal date. This spreadsheet is the foundation of your audit.
Phase 2: Classify Each Tool (Week 1-2)
With your inventory complete, classify each tool into one of four categories:
Active and essential: The tool is in regular use and provides clear value. These survive the audit untouched.
Active but redundant: The tool is being used, but another tool in your stack does the same thing. Example: paying for both Loom and Vidyard, or both Calendly and HubSpot scheduling. Flag these for consolidation analysis.
Paid but underutilized: The tool is paid for but not being actively used. This is your primary waste bucket. Common causes: tool adopted for a project that ended, individual who signed up left the company, tool was better in theory than practice.
Unused: Nobody in the company can identify current use. These are immediate cancellation candidates — but confirm before canceling, because someone may be using it without knowing it's in the inventory.
Phase 3: Analyze Usage Data (Week 2)
Classification should be confirmed with actual usage data, not just self-reporting.
Login frequency: Request admin data from vendors showing login activity in the last 90 days. Most SaaS vendors provide admin dashboards that show last login per user. Tools with 0-1 logins per user in the last 90 days are functionally unused regardless of what users tell you.
Feature adoption depth: Beyond logins, does usage indicate that the tool is providing value? A project management tool with daily logins but every project stuck in "To Do" is being logged into but not used effectively.
SSO reports: Identity providers can report application access frequency. This is a fast way to see which tools have declining usage trends — a tool that went from 50 weekly accesses to 5 weekly accesses over 6 months is at risk of being unused.
Tools with sub-20% monthly active user rates relative to seat count are candidates for seat reduction or cancellation, regardless of user self-reporting.
Phase 4: Identify Overlap and Consolidation Opportunities (Week 2-3)
Beyond unused tools, look for functional overlap in your active stack.
Category mapping: Group all your tools by function: CRM, project management, communication, document creation, analytics, security, customer support. Anywhere you have two or more paid tools in the same category, evaluate whether consolidation is possible.
Common overlap patterns:
- Multiple project management tools (Asana + Monday + ClickUp across different teams)
- Multiple communication tools (Slack + Teams + Zoom + Google Meet)
- Multiple storage solutions (Dropbox + Google Drive + SharePoint)
- Multiple email marketing platforms (Mailchimp + HubSpot + Klaviyo)
- Multiple video tools (Loom + Vidyard + Vimeo + Wistia)
For each overlap, calculate the savings from consolidation and estimate the migration cost. Consolidation makes sense when the savings over two years exceed the one-time migration cost.
Phase 5: Security and Compliance Review (Week 3)
A SaaS audit isn't only about cost. It's also about risk.
For each active tool, review:
- When it was last security-reviewed (SOC 2, penetration testing)
- What data it has access to (especially tools with OAuth access to your Google Workspace or Microsoft 365)
- Whether there's a signed DPA in place for any tool handling personal data
- Whether there are shared credentials (rather than SSO) that create a security risk if an employee leaves
Tools with access to sensitive data and no DPA are compliance liabilities. OAuth permissions that haven't been reviewed in years may have broader access than you want.
Revoke OAuth access for unused tools immediately. A former employee's personal Dropbox app shouldn't have ongoing access to your organization's files.
Phase 6: Contract Renewal Optimization (Week 3-4)
Map every tool's renewal date against your audit findings. This gives you an action plan:
Immediate cancellations: Unused tools on monthly plans can be canceled immediately. Annual plans should be confirmed unused before the next renewal date.
Seat reductions: Tools with underutilization can have seats reduced at renewal. Calculate what seat count matches actual usage rather than current contracted count.
Negotiation targets: Tools that survived as essential but are coming up for renewal are targets for price negotiation, especially if the audit surfaced alternatives.
Contracts to exit: Some annual tools may be worth paying to exit early if the savings justify it. Calculate the math: if canceling a $10K/year tool 8 months early saves $10K minus a $2K early termination fee, the $8K net savings has a 0-month payback.
Phase 7: Build Governance Going Forward
An audit addresses the accumulated mess. Governance prevents it from accumulating again.
Procurement process:
- Require approval for any new SaaS subscription above a threshold ($50-$200/month depending on company size)
- Require security review for any tool that gets access to company data
- Require the requestor to check the existing stack for overlap before approving a new tool
Regular review cadence:
- Quarterly review of tools added in the prior quarter
- Annual full audit (shorter once the initial audit has been completed)
- Renewal calendar with 90-day advance alerts for every contract
Tool ownership:
- Every tool should have a named owner responsible for managing access and advocating for the renewal
- Tools without a named owner are immediate review candidates
How Trackr Supports Your SaaS Audit
When your audit surfaces redundant tools or underperforming vendors, you need to evaluate alternatives quickly. Trackr Research runs AI research agents on any tool in 2 minutes, giving you a scored assessment that supports consolidation decisions — without scheduling 4 vendor demos before deciding which tool to standardize on.
Explore Trackr Use Cases for IT and operations team workflows, or see how leading teams are managing their SaaS stacks at Trackr Industries.