The true scale of the SaaS sprawl problem · Why traditional procurement processes fail to control it · A practical framework for gaining visibility and control over software spend · Regional differences in how the problem shows up · What a mature SaaS procurement process looks like — from first discovery to ongoing governance.
Somewhere in your organisation right now, someone is paying for a project management tool that the team stopped using eight months ago. Someone else is running three different video conferencing subscriptions on three different credit cards. And at least one department has auto-renewed an annual software licence it never really needed in the first place.
This is not a small problem. It is an almost universal feature of organisations that adopted cloud software rapidly — which, after the pandemic-era acceleration of digital work, means virtually every mid-to-large enterprise in North America, Europe, the Middle East, and Southeast Asia.
1. How Big Is the SaaS Sprawl Problem?
The scale of unmanaged SaaS spend is consistently underestimated when organisations first look at it seriously. Software purchasing has been democratised — department heads and individual contributors can now purchase software on a credit card without triggering traditional procurement approval processes. The SaaS vendor model is optimised for frictionless adoption and sticky renewal. And most organisations simply do not have a centralised inventory of their software applications.
Regional Variation in the SaaS Sprawl Problem
- North America (NAM): The most mature SaaS market. Sprawl is typically very broad — average application counts per employee are highest in US organisations. The problem is often most visible through security and compliance exposure rather than pure cost.
- Europe (EUR): GDPR creates a data residency and processor compliance layer on top of the cost management problem. Many applications purchased by non-IT teams are GDPR non-compliant without the organisation's knowledge.
- Middle East & Africa (MEA): SaaS adoption is growing rapidly, particularly in the GCC. Data residency requirements are emerging (Saudi Arabia's NCA cloud guidelines, UAE TDRA requirements). The compliance dimension of unmanaged SaaS is particularly acute.
- Southeast Asia (SEA): A highly diverse region with varying SaaS maturity. In high-growth organisations, the sprawl problem often appears very quickly as teams scale and adopt tools independently. Budget visibility is frequently the primary pain point.
2. The Seven Categories of SaaS Waste That Cost Organisations the Most
Category 1: Orphaned Subscriptions
Active, paid subscriptions where the original buyer has left the organisation. Nobody cancelled the subscription. It auto-renews — usually because it was set up with the departing employee's corporate card. The financial impact is typically 8–15% of total SaaS spend in organisations that have not actively managed this. In a company spending $2M on SaaS annually, that is $160,000–$300,000 in pure waste.
Category 2: Duplicate Tools
Multiple tools serving the same function, purchased independently by different departments. Document collaboration, project management, note-taking, video editing, CRM — every one of these categories regularly appears with three to five different applications running in parallel in organisations over 200 employees. Duplicate tool consolidation is typically the single largest savings opportunity in a SaaS rationalisation programme.
Category 3: Over-Licensed Seats
An application purchased for 100 users when 60 are active. Most enterprise SaaS vendors have licence utilisation data available through their admin portal. Many organisations never look at it. When they do, average utilisation rates of 60–70% are common. In some categories, active utilisation may be as low as 40%.
Category 4: Auto-Renewed Annual Contracts
Annual SaaS contracts typically include a 30–60 day cancellation notice window. Miss the window and you are committed for another year — often with a 5–15% price increase. Most organisations miss the window for the majority of their contracts because nobody is tracking renewal dates centrally.
Category 5: Shadow SaaS — Applications IT Does Not Know About
Employees and departments purchasing and using applications entirely outside of IT and procurement visibility. Unlike traditional shadow IT, SaaS shadow IT leaves no footprint on the corporate network — only on credit card statements.
Shadow SaaS is simultaneously a cost problem and a security/compliance problem. In MEA and SEA markets where regulatory enforcement is tightening, the compliance exposure from uninventoried SaaS applications is increasingly a board-level concern — not just an IT housekeeping issue.
Category 6: Free Tiers Used in Ways That Create Data Risk
Free SaaS tools that do not cost anything but create data risk. Employees upload company documents to free PDF editors. Teams use free project management tools with no data processing agreement. The risk mitigation cost — should a breach occur — is almost always higher than the cost of providing proper approved tooling.
Category 7: Underutilised Premium Features in Existing Platforms
The inverse of the waste problem: the organisation is paying for premium SaaS tiers that include features not being used. Meanwhile, other departments purchase point solutions to fill gaps that already exist in the premium tier of a tool the organisation already owns.
3. The SaaS Procurement Framework: From Discovery to Ongoing Governance
Discovery — Find Everything
You cannot manage what you cannot see. Use multiple methods in parallel:
| Discovery Method | What It Finds | Coverage | Recommended For |
|---|---|---|---|
| Financial data analysis | All paid subscriptions on cards/AP | 70–80% of spend | All organisations — start here |
| Identity provider audit | SSO-connected and OAuth apps | 40–60% of apps | Orgs with centralised IdP |
| Network monitoring | All SaaS domains accessed | 80–90% of apps by usage | Mature IT security environments |
| Browser extension tools | Apps used on managed devices | 60–70% of apps | Mid-market organisations |
| Department self-declaration | Known tools, context on use | Variable | Always useful for change management |
Inventory — Build Your SaaS Register
For each application, your SaaS register should record: application name, vendor, and category · business owner · contract type (month-to-month, annual, multi-year) · contract renewal date and notice period required · number of licences purchased versus active users · annual cost and cost per active user · data classification (does this application process personal data?) · security review status · business criticality.
Rationalisation — Cut, Consolidate, Optimise
- Cut: Applications that should be cancelled immediately — orphaned subscriptions, duplicates where one application is clearly redundant, applications not in use by any active employee.
- Consolidate: Where multiple applications serve overlapping functions, identify the preferred tool and migrate users.
- Optimise: Right-size licences to active user counts, negotiate pricing at renewal, downgrade to lower tiers where premium features are not being used.
Organisations conducting their first systematic SaaS rationalisation typically identify savings of 15–30% of total SaaS spend. For a $2M SaaS budget, that is $300,000–$600,000. The largest savings usually come from consolidation of duplicate tools (35–40% of total savings) and cancellation of orphaned/unused subscriptions (25–30%).
Procurement Process — Control New Purchases
- A software procurement request process: any new software purchase above a threshold (typically $500–$1,000/year) requires a formal request reviewed by IT and procurement before purchase.
- A preferred vendor list: for common software categories, maintain approved applications that employees can select without a full review.
- Contract ownership and renewal tracking: every SaaS contract must have a named owner who receives automated reminders 90/60/30 days before renewal.
- Security review gate: all new applications that process company or customer data should require IT security review before purchase is approved.
Ongoing Governance — Maintain Control
- Quarterly licence utilisation reviews: compare licences purchased to active users; flag underutilisation for right-sizing discussions.
- Annual contract reviews: benchmark pricing, review utilisation, decide whether to renew, renegotiate, consolidate, or cancel.
- Offboarding triggers: when an employee leaves, their SaaS application ownership and access must be reviewed and reassigned or cancelled within a defined timeframe.
- New application discovery refresh: run financial and technical discovery quarterly to catch new shadow SaaS before it accumulates.
Ready to Get Visibility Into Your SaaS Spend?
Procurement VMS's vendor management and spend visibility capabilities give IT and procurement a unified view of all supplier relationships — including SaaS vendors.
4. SaaS Procurement vs Traditional Software Procurement
| Dimension | Traditional Software | SaaS |
|---|---|---|
| Procurement trigger | Capital expenditure request, IT project approval | Often a credit card purchase by a department head |
| Contract length | Multi-year licence agreements | Monthly or annual subscriptions, often auto-renewing |
| Cost structure | Upfront licence + annual maintenance | Per-user per-month or per-seat annual fee |
| Renewal process | Active renegotiation required | Auto-renewal is the default; requires active opt-out |
| Utilisation tracking | Rarely measured post-deployment | Usage data available in admin portal |
5. Real-World Results
A 400-Person Professional Services Firm (North America)
The firm's first SaaS audit, conducted over four weeks using financial data and identity provider logs, identified 147 applications. 34 were unknown to IT. After rationalisation: 23% reduction in annual SaaS spend, 12 duplicate tool categories consolidated to single approved tools, and a procurement request workflow implemented that has since prevented $280,000 in unapproved purchases in 18 months.
A Diversified Industrial Group (Riyadh, MEA)
The first SaaS audit identified 94 applications, of which 31 were unknown to IT. Data processing reviews revealed 12 applications with potential NCA cloud guideline compliance issues. After rationalisation and a central procurement process: 28% cost reduction, all applications security-reviewed, contract renewal calendar established.
A Financial Services Firm in Singapore (SEA)
A 600-person financial services firm managing SaaS under MAS Technology Risk Management Guidelines. When procurement mapped the compliance inventory to spend data, they found $340,000 in duplicate and underutilised subscriptions in the first review cycle. Procurement now participates in all software purchases above $1,000 per year.
6. Evaluating SaaS Spend Management Tools: What to Look For
- Discovery coverage: Does the platform discover applications through financial data, identity provider integration, network monitoring, and browser extensions?
- Contract management integration: Can the platform store contract documents, track renewal dates, and send automated reminders?
- Utilisation tracking: Does the platform track actual application usage at the user level — not just licence assignment, but active usage?
- Workflow integration: Does the platform support a software procurement request workflow that routes approvals and enforces policy?
- Financial reporting: Can procurement teams report on SaaS spend by department, vendor category, renewal month, and unused licence cost?
- ERP and procurement system integration: Does the platform connect to your existing procurement and finance systems, or does it create another data silo?
7. Building the Business Case for SaaS Spend Management
The Discovery-First Approach
Before investing in tooling, run a manual SaaS discovery exercise using financial data. In most organisations, this surfaces enough savings to justify both the tool investment and the programme cost with significant headroom.
| Finding Category | Typical % of SaaS Spend | Action |
|---|---|---|
| Orphaned subscriptions (unused, no owner) | 8–15% | Cancel immediately |
| Duplicate tool categories | 10–20% | Consolidate to preferred tool |
| Over-licensed seats (>20% unused seats) | 12–18% | Right-size at renewal |
| Auto-renewals missing notice window | 5–10% | Track and negotiate |
| Unapproved shadow SaaS | 10–25% | Review and approve or cancel |
| Total addressable savings | 25–40% | Programme ROI basis |
A well-run SaaS management programme — including tooling, staff time, and process development — typically costs 3–8% of total SaaS spend annually. Against savings of 15–30%, the ROI is highly favourable and typically demonstrable within the first 12 months. Use our VMP ROI Calculator to model the business case for your specific spend profile.