← All posts

The Mid-Market SaaS Stack Audit: How to Run One in a Week

July 8, 2026

Most mid-market finance and IT teams do not know exactly how many SaaS tools their company pays for. They know the big ones: the CRM, the HRIS, the cloud provider. What they miss is the long tail of departmental subscriptions, free-trial-to-paid conversions, and tools a former employee signed up for eighteen months ago that nobody has canceled. A SaaS stack audit closes that gap, and it does not require a quarter-long project. Run correctly, it fits into a single week.

The scale of the problem

SaaS sprawl is not a hypothetical. Zylo's 2025 SaaS Management Index, based on data from more than 40 million licenses and $40 billion in managed SaaS spend, found the average company portfolio grew to 275 applications, and organizations in the 1 to 500 employee range run an average of 152 applications and roughly $11.5 million in annual SaaS spend. Zylo also found companies are wasting an average of $21 million a year on unused licenses, a figure up 14.2% year over year.

Utilization data tells the same story from a different angle. Productiv's analysis of nearly 100 million SaaS licenses and more than 100 billion usage data points over three years found that 53% of purchased licenses go unused. BetterCloud's 2025 State of SaaS report puts the average organization at 106 distinct SaaS tools in active use, down from 112 the prior year as budget pressure has started to bite, and estimates companies typically carry about 7.6 duplicate subscriptions they are not aware of, meaning two teams are often paying for the same job to be done twice.

Vendor pricing is compounding the waste. Zylo's 2025 index found average SaaS spend per employee climbed to $4,830, up 21.9% year over year, driven largely by vendor price increases, tiered upsells, and new AI-priced add-ons rather than net-new purchasing. At the same time, buyers have been shifting toward shorter, more flexible contract terms as a hedge against that price volatility. A stack that was right-sized eighteen months ago is not necessarily right-sized today, even if headcount and tool count have not changed.

For a company with $3 million to $6 million in annual SaaS and vendor spend, a typical mid-market range, even a conservative 15% to 20% waste rate (well below the 53% unused-license figure Productiv reports industry-wide) translates to $450,000 to $1.2 million a year sitting in tools nobody is fully using or contracts nobody has renegotiated.

Why mid-market stacks get out of control

Three structural patterns show up repeatedly in mid-market companies, and they are worth naming because the audit framework below is built to catch each one.

Distributed buying with no central record. Gartner's research on shadow IT found that in large enterprises, unsanctioned spend accounts for 30% to 40% of total IT spending, with some studies putting the figure above 50%. Mid-market companies rarely have a dedicated procurement function, so a marketing lead expenses a design tool, a sales manager signs up for a prospecting platform, and finance only learns about either one when the credit card statement arrives. Gartner projects that by 2027, 75% of employees will be acquiring, modifying, or creating technology outside IT's visibility, up from 41% today, which means this problem is getting worse, not better, even as tooling to catch it improves.

No single owner for renewal dates. When a contract lives in a shared drive, an email inbox, or a single person's memory, the renewal date becomes a surprise rather than a decision point. Most SaaS agreements include auto-renewal clauses with notice windows of 30 to 90 days; miss the window and the company is committed to another full term, often at a higher rate, with no leverage to negotiate.

Usage data that nobody looks at until the invoice arrives. Almost every SaaS product has an admin panel showing login frequency and feature usage. Almost nobody in a 150-person company has the bandwidth to check it monthly. The result is that license counts get set once, at initial purchase or a hiring surge, and then coast on autopilot while actual usage drifts downward.

The one-week audit framework

A full SaaS audit does not need a dedicated project manager or a six-figure consulting engagement. It needs five focused days and one person (or a two-person team split across finance and IT) with authority to pull data and ask department heads direct questions.

Day Focus Key output
Day 1 Inventory pull Master list of every active vendor and subscription
Day 2 Reconciliation and dedupe Ownership assigned, duplicates flagged
Day 3 Usage analysis Utilization rate per tool, low-usage flags
Day 4 Contract terms review Renewal dates, auto-renewal clauses, price escalators mapped
Day 5 Prioritization and action list Ranked savings opportunities with owners and deadlines

Day 1: Pull the inventory from every source that touches money, not just IT's list. Export transactions from the corporate card provider, the AP system, and any expense management tool, filtering for recurring software charges. Cross-reference against your identity provider (Okta, Google Workspace, Microsoft Entra) for OAuth-connected apps, since single sign-on logs catch tools that never touched a credit card because someone used a free tier and later upgraded. Combine both lists into one spreadsheet or, if you already have a contract repository, one system of record. Most mid-market companies find their real tool count is 20% to 40% higher than what IT's official list showed.

Day 2: Reconcile and assign ownership. For every line item, identify a named business owner, the department paying for it, and whether a near-duplicate exists elsewhere in the company. This is where the "two teams buying the same job" problem surfaces. A common pattern: marketing pays for one project management tool, engineering pays for another, and nobody has ever compared them side by side. Flag every overlap for a Day 5 decision.

Day 3: Pull usage data tool by tool. For anything above a threshold you set (a reasonable mid-market cutoff is $5,000 a year), log into the admin console and export active user counts for the last 90 days. Compare active users to purchased seats. Anything under roughly 50% utilization is a candidate for downsizing at the next renewal; anything under 20% is a candidate for cancellation. This is the step most manual audits skip because it requires touching a dozen or more separate admin panels, and it is also the step that produces the largest dollar findings.

Day 4: Map every contract's commercial terms. For each tool above the threshold, record the renewal date, notice period required to cancel or renegotiate, auto-renewal status, current per-seat or tiered price, and any contractual price escalators (many multi-year SaaS agreements include automatic 3% to 8% annual increases). Sort the resulting list by renewal date so you can see, at a glance, which contracts need attention in the next 90 days versus which have a year of runway.

Day 5: Rank and assign action items. Combine the usage findings from Day 3 with the contract terms from Day 4 to build a prioritized list: cancel outright, downsize seats at renewal, renegotiate terms, or consolidate two overlapping tools into one. Assign an owner and a deadline to each item. A useful discipline here is to size the list by dollar impact first, since a handful of contracts (often the ones nobody had looked at closely in a year or more) usually account for most of the recoverable spend.

A mid-market services company with around 250 employees and roughly $2.5 million in annual SaaS spend running this exact sequence typically surfaces 15 to 30 tools nobody remembered purchasing, 3 to 6 pairs of overlapping tools ripe for consolidation, and 2 to 4 contracts within a 90-day renewal window with no plan in place. None of that requires new software to discover, only structured time and someone with permission to ask department heads uncomfortable questions about what they are actually using.

What good looks like after an audit

A completed audit does not mean spend goes to zero waste; it means the company has visibility and a plan instead of surprise invoices. Concretely, "good" after a one-week audit looks like:

  • A single, current system of record listing every active vendor, contract value, owner, and renewal date, replacing whatever combination of spreadsheets and institutional memory existed before.
  • A renewal calendar with alerts set at least 60 to 90 days ahead of each auto-renewal notice window, so cancellation or renegotiation decisions happen deliberately rather than by default.
  • A short list of consolidation opportunities where overlapping tools get merged into one vendor relationship, which also creates negotiating leverage since a larger combined contract typically commands better per-seat pricing.
  • A quarterly, not annual, cadence for re-checking usage data on the top 20 tools by spend, since utilization drifts within months, not years, especially after reorgs or team changes.

The companies that treat this as a one-time cleanup tend to see waste creep back within a year. The ones that build the renewal calendar and usage-check cadence into a recurring process are the ones who show up to each negotiation with data instead of guesswork, which is the difference between accepting a vendor's proposed renewal price and countering it with evidence.

Frequently asked questions

How much does a SaaS stack audit typically save a mid-market company?

It depends heavily on how sprawling the existing stack is, but based on industry utilization data (Productiv found 53% of licenses go unused industry-wide), a mid-market company with $3 million to $6 million in annual SaaS spend commonly identifies $450,000 to $1.2 million in recoverable spend through cancellations, downsizing, and renegotiation. The largest single category of savings is usually seats purchased for a headcount peak that never got trimmed back down.

What is the difference between a SaaS audit and a contract renewal review?

A SaaS audit is broader: it inventories every active tool, checks usage, and evaluates overlap across the whole stack. A renewal review is narrower and reactive, typically triggered only when a specific contract's notice window approaches. Running a full audit first gives you the usage and overlap data needed to make each subsequent renewal review sharper and faster.

How do I find shadow IT subscriptions that finance doesn't know about?

Cross-reference three sources: corporate card and expense system transactions, single sign-on or identity provider logs for OAuth-connected apps, and a short survey to department heads asking what tools their team currently pays for. Combining all three typically surfaces 20% to 40% more active tools than any single source alone, since some purchases never touch a corporate card and others never get connected through SSO.

What license utilization rate should trigger a renewal renegotiation?

A common threshold is renegotiating or downsizing when fewer than half of purchased seats show activity in the prior 90 days, and canceling outright when utilization falls below roughly 20%. Pulling this usage data before a renewal conversation gives you specific numbers to bring to the vendor, which is generally more effective than a general request for a discount.

How often should a company repeat a SaaS audit after the first one?

A full audit once a year is a reasonable baseline, but the highest-spend tools (typically the top 15 to 20 by annual cost) benefit from a lighter usage check every quarter, since seat utilization tends to drift after reorgs, new hires, or offboarding that was not fully processed. Building a renewal calendar during the first audit makes these follow-up checks much faster to run.

Related Articles

No items found.

Procr

Stop renewing blind.

See what Procr does with your real vendor portfolio.

Book a demo →