Skip to main content
    Operations7 min read

    How to Audit Your SaaS Stack

    A structured audit reveals spending, redundancy, and risk that accumulates invisibly over time.

    Run the audit on a fixed annual schedule

    A stack audit done reactively — after a budget crisis or a security incident — is less valuable than one done systematically on a fixed schedule. Run a full audit annually, with a lighter mid-year review. Fix the audit date in the company calendar. Assign ownership — typically finance, IT, or operations. A fixed-schedule audit becomes a habit; a reactive audit becomes a fire drill.

    Pull all recurring charges from payment records

    Your audit starts not with a tool survey but with financial records. Pull three months of company credit card and bank statements and identify every recurring charge above any size. Cross-reference with last year's audit inventory. You will find tools that were added and not recorded, tools that continue billing after the team stopped using them, and tools where the billing amount does not match the contract. Financial records are more accurate than memory.

    Survey actual users

    Run a short survey of all employees: which tools do you use at least once a week, which tools do you use monthly, and which tools have you been assigned access to but never use? The gap between licensed access and actual use is where most audit savings come from. User-reported usage is not perfectly accurate, but it gives you a starting point for which tools to investigate further with actual login data.

    Assess security and access controls

    For each tool in the audit, verify that access has been revoked for all employees who have left in the past 12 months. Test whether each tool supports SSO with your identity provider — if not, that tool's user management is manual and subject to error. Check whether multi-factor authentication is enforced for all users. Access control gaps are both security risks and cost risks — former employees with active accounts may still consume licensed seats.

    Produce a written audit report with actions

    The audit output should be a document, not a meeting. Include the complete tool inventory with costs, an assessment of each tool's utilization and value, a list of recommended actions by priority, and the ownership assignment for each action. Distribute the report to finance, department heads, and IT. The most important items — unused tools to cancel, licenses to reduce, contracts to renegotiate — should have assigned owners and deadlines, not just recommendations.

    Related Guides
    How to Build a SaaS Stack AuditHow to Reduce SaaS Spend Without Disrupting Your TeamHow to Manage SaaS Subscriptions