Every quarter I'd run the SaaS audit. Export from the finance system, pivot table by vendor, cross-reference against Okta login data, manually check SSO status for each app, build a slide deck for the CISO, send it to procurement. Six to eight hours of work, once per quarter.
And every quarter, the same categories of waste showed up: unused seats on tools nobody remembered buying, apps where SSO was never configured so people were using personal emails, duplicate tools solving the same problem in two different departments.
The waste wasn't surprising. The problem was the lag. By the time I found it, the contract was already renewed.
What I Actually Built
The SaaS Spend Auditor ingests a CSV of vendor records — or uses a built-in 50-vendor sample dataset if you just want to kick the tires — and runs four analyses simultaneously:
Spend Dashboard. Annual cost by vendor, color-coded by category. Surfaces your top 10 spend items and the total portfolio cost at a glance.
Security Audit. For each vendor: is SSO configured? SAML? SCIM provisioning? MFA enforced? This is the one that usually finds the most critical findings — SaaS apps with no SSO means no central deprovisioning when someone leaves. That's an offboarding gap that becomes an audit finding.
Waste Report. Three waste categories: unused seats (purchased minus active users), duplicate tooling (two apps in the same category), and shadow IT (apps with no IT owner on record). This is where the dollar numbers are.
Executive Summary. A pre-formatted slide-ready summary Claude generates from the full dataset. Total spend, critical findings, top three recommendations.
The $40k Story
That number came from a real audit run. I'm not going to name the tools, but here's what it found across a 50-vendor portfolio:
- $18,400 in unused seats on three video conferencing/webinar tools. One was a legacy contract from before a vendor consolidation. The procurement team didn't know it was still active because it auto-renewed.
- $12,200 in duplicate project management tooling. Two different departments had each independently purchased their preferred tool. Neither knew about the other. Both were paying full enterprise pricing.
- $9,800 in apps with zero SSO configuration. These weren't necessarily wasting spend, but they were security liabilities — any of those vendors getting breached meant manual account-by-account deprovisioning. In a company of 900 people, that's a bad afternoon.
$40,400 total. Found in 45 minutes including the time to export the data.
The Part I Got Wrong First
My initial approach was to have Claude categorize each vendor by the category field in my CSV. That worked, but it missed the duplicate detection because the categories were too granular — I had "video conferencing," "webinar platform," and "virtual events" as three separate categories, and each had a different tool.
The fix was to add a second pass: after categorization, Claude groups vendors by functional overlap (not just category label) and flags any group with more than one vendor. That's what caught the duplicate project management tools — they were labeled "Task Tracking" and "Project Management" respectively, but they solved identical problems.
Building for Scale
The version in the portfolio runs at 5 audits per day per IP, which is enough for anyone evaluating it seriously. A production deployment would:
- Pull vendor data directly from your finance system via API instead of CSV upload
- Pull Okta login data directly to populate the "active users" field instead of requiring manual entry
- Integrate with your procurement system to flag renewal dates and send alerts 60/30/15 days out
- Run continuously in the background, not quarterly on demand
The quarterly audit is dead. This kind of analysis should run every week. The only reason it didn't before was that it required eight hours of manual work. That's the problem the tool solves.
If you want to try it, the live demo is on my portfolio with a 50-vendor sample dataset pre-loaded. It runs the full analysis in about 30 seconds.