--- name: saas-spend-auditor description: Audits SaaS sprawl and produces a consolidation report with shadow-IT findings, licence-utilisation gaps, contract risk, and a savings backlog. version: 1.0.0 author: VantagePoint Networks audience: IT Managers, Finance Business Partners, Procurement Leads, IT Asset Managers output_format: Formatted Markdown audit report with SaaS inventory, utilisation analysis, shadow-IT register, contract risk register, and savings backlog. license: MIT --- # SaaS Spend Auditor Turns "we don't really know how many SaaS tools we have" into a structured audit with a hard number on potential annual savings, a shadow-IT register, and a remediation plan. ## How to use this skill 1. Download this `SKILL.md` file. 2. Place it in `~/.claude/commands/` (macOS / Linux) or `%USERPROFILE%\.claude\commands\` (Windows). 3. Run `/saas-spend-auditor` in Claude Code. Provide the data you have (finance exports, SSO connector list, expense reports, contract inventory). Receive the audit. ## When to use this - Finance has flagged SaaS spend creeping up year-on-year and wants to know why. - A new CIO / CFO has asked "how much do we spend on SaaS?" and the answer was "we'll get back to you". - M&A integration — combining two organisations' SaaS estates. - Annual budget cycle — defending or rationalising the SaaS line. - A breach has surfaced an unknown app with access to corporate data — time for a tidy-up. ## What you'll get - **Discovery dashboard** — total apps known, total annual spend, vs prior year. - **Per-app inventory** — name, owner, business purpose, licence count, utilisation, annual cost, contract end date, data sensitivity. - **Shadow-IT register** — apps in use but not procured / approved through IT. - **Utilisation findings** — over-provisioned licences, dormant accounts, duplicate tools. - **Contract risk register** — auto-renewals, missing DPAs, weak SLAs, no exit terms. - **Consolidation opportunities** — overlapping tools, where one platform replaces several. - **Savings backlog** — quantified, prioritised by ROI. - **Governance recommendations** — process changes to stop sprawl recurring. ## Clarifying questions I will ask you 1. **What data do you have?** (SSO connector list, finance / AP exports, expense reports, vendor contracts, MDM app inventory) 2. **Approximate total SaaS spend per year?** 3. **How many apps known?** (vs. how many you suspect actually in use) 4. **Single Sign-On coverage** — what % of apps are behind SSO? 5. **App approval process** — does one exist, and is it followed? 6. **Personal credit-card / expense reimbursement** — common channel for shadow IT? 7. **Are there orphaned subscriptions from departed staff or completed projects?** 8. **DPA / GDPR posture** — do you maintain a register of which apps process personal data? 9. **What's the appetite for consolidation?** (Aggressive cuts, gentle rationalisation, status-quo with hygiene) 10. **Renewal dates known** — do you have a contracts calendar? ## Output template ```markdown # SaaS Spend Audit — — YYYY-MM-DD **Audit ID:** SSA- **Conducted by:** **Period audited:** YYYY-MM-DD to YYYY-MM-DD **Currency:** GBP / USD / EUR ## 1. Executive Summary > <5 lines: total apps found, total annual spend, sprawl indicator (apps per 100 staff), top 3 findings, total addressable savings.> ## 2. Headline Numbers | Metric | Value | |---|---| | Apps discovered | N | | Apps in IT inventory before this audit | N | | Apps newly identified (shadow IT) | N | | Total annual SaaS spend | £XXX,XXX | | Spend per employee per year | £X,XXX | | Apps behind SSO | XX% | | Apps with current DPA | XX% | | Identified savings (annualised) | £XX,XXX (X%) | Sprawl indicator: apps per 100 staff. (Industry median ~110 per 100 staff for knowledge workers; flag if dramatically higher or lower.) ## 3. SaaS Inventory ### Sanctioned, procured through IT | App | Vendor | Owner | Purpose | Licences | Active users | Cost / year | Renewal | Data class | |---|---|---|---|---|---|---|---|---| | Microsoft 365 | Microsoft | IT | Productivity | 250 | 247 | £37,500 | 2027-04-01 | Confidential | | Salesforce | Salesforce | Sales | CRM | 50 | 38 | £62,400 | 2026-09-15 | Confidential | | ... | | | | | | | | | ### Sanctioned but unmanaged | App | Vendor | Owner | Purpose | Licences | Cost / year | Issue | |---|---|---|---|---|---|---| | | | | | unknown | | No defined owner; renewal unclear | ### Shadow IT (paid via expense / personal cards) | App | Vendor | Used by | Purpose | Cost / year (est) | Risk | |---|---|---|---|---|---| | | | | | | Data leakage; no DPA | ## 4. Utilisation Findings ### Over-provisioned licences | App | Provisioned | Active (90d) | Wasted | Annual waste | |---|---|---|---|---| | Salesforce | 50 | 38 | 12 | £14,976 | | Slack | 200 | 152 | 48 | £4,608 | | ... | | | | | ### Dormant accounts (not signed in 90+ days) | App | Account | Last sign-in | Action | |---|---|---|---| | Atlassian | departed.user@... | 14 months ago | Remove (leaver gap) | | Adobe | active.user@... | 6 months ago | Confirm need or remove | ### Duplicate tools (same job-to-be-done) | Job | Tool 1 | Tool 2 | Tool 3 | Recommendation | |---|---|---|---|---| | Diagramming | Lucidchart | Miro | Microsoft Visio | Standardise on one — Visio (already in M365 E3) | | Project tracking | Jira | Asana | Trello | Standardise on Jira; sunset Asana + Trello | | Note-taking | Notion | OneNote | Confluence | Notion for free-form; OneNote phased out (low usage) | ## 5. Contract Risk Register | App | Renewal | Auto-renew | DPA in place | SLA acceptable | Exit terms | Risk | |---|---|---|---|---|---|---| | | YYYY-MM-DD | Yes (60-day notice) | Yes | 99.9% | Standard | Low | | | YYYY-MM-DD | Yes (90-day notice) | **No** | Best-effort | None | High — block renewal until DPA + exit terms | | ... | | | | | | | ## 6. Consolidation Opportunities Larger plays beyond duplicate tools. ### Opportunity 1 — Move from to - **Savings:** £/year - **Risk:** - **Effort:** S / M / L - **Quarter:** Q - **Owner suggestion:** ### Opportunity 2 — ... ## 7. Savings Backlog (prioritised) | # | Action | Saving / year | Effort | Owner | |---|---|---|---|---| | 1 | Reclaim 12 dormant Salesforce seats at next true-up | £14,976 | S | Sales Ops + IT | | 2 | Sunset Asana + Trello | £8,200 | M | PMO | | 3 | Block renewal of pending DPA | £6,500 (avoidance) | XS | Procurement | | 4 | Negotiate renewal at -10% | £4,000 | S | Procurement | | ... | | | | | | **Total identified** | **£XX,XXX** | | | ## 8. Governance Recommendations To prevent sprawl recurring. - [ ] Single SaaS approval process (intake form, owner, security, finance) - [ ] Required: SSO integration before any rollout > 5 users - [ ] Required: DPA + security review for any tool processing personal or confidential data - [ ] Quarterly access review covers SaaS apps (use `/access-review` skill) - [ ] Annual SaaS audit (this exercise) becomes recurring - [ ] Expense card SaaS purchases auto-flagged in Finance system - [ ] Departing staff: SaaS accounts revoked as part of offboarding (use `/onboarding-builder` skill — has offboarding preview) - [ ] Unknown app surfaced via SSO discovery → tagged for triage within 30 days ## 9. Compliance Findings - **GDPR:** N apps process personal data without DPA — must remediate before next audit - **ISO 27001 A.5.19, A.5.20, A.5.22:** supplier risk treatment needed for top-tier apps - **Cyber Essentials Plus:** all in-scope apps must support MFA — list any that don't ## 10. Methodology + Limitations - Discovery sources: - Usage data based on: - Cost data based on: - **Limitations:** apps purchased before may have incomplete data; some shadow IT remains undiscoverable without endpoint inspection. ## 11. Decision Asks (for the review meeting) - [ ] Approve sunset of duplicates listed in section 4 - [ ] Approve hold on auto-renewal for high-risk contracts (section 5) - [ ] Approve governance changes in section 8 - [ ] Allocate budget for consolidation projects (section 6) - [ ] Commit to recurring annual SaaS audit ``` ## Example invocation **User:** "/saas-spend-auditor — about 200 staff, finance says we spend ~£180k/year on SaaS, IT manages maybe 30 apps, but I see expense receipts for things I've never heard of. Need to clean up before budget review." **What the skill will do:** 1. Ask for finance export / SSO connector list / expense data — work with what's available. 2. Likely surface 50-80 apps total (sprawl indicator ~25-40 per 100 staff is low; reality often higher when shadow IT counted). 3. Find ~15-25% addressable savings — £27k-£45k in this case is a typical first-pass. 4. Identify 4-6 duplicate-tool consolidation opportunities. 5. Flag DPA / GDPR gaps that block renewal of risky vendors. 6. Produce a 12-month action plan with quarterly milestones. ## Notes for the requester - **Discovery quality drives report quality.** SSO + finance data + expense data = good. Just SSO = partial. Just finance = misses freemium tools. Combine sources. - **Shadow IT often beats sanctioned IT for solving the actual job.** Don't reflexively shut down — investigate why people chose it. Sometimes the answer is "your sanctioned tool sucks for this". - **Auto-renewal is the silent killer.** A 60-day notice clause means you have 305 days a year where you can't exit. Track every renewal date. - **Per-employee spend is the most useful number for cross-org benchmarking.** Industry median for knowledge workers is roughly £800-£1,500 per employee per year on SaaS in 2026. Above that, scrutinise. Below, you're probably under-tooled. - **Sunset is not "block immediately".** Migration plan + comms + cutover date = success. Surprise sunset = revolt. - **"Good" looks like:** finance has a hard number on addressable savings, IT has a backlog with owners, security has DPAs in motion, and the next audit cycle proves the savings landed.