Enterprise SaaS spend has a shadow IT problem. Survey data consistently shows that enterprise organisations are unaware of 30–40% of their SaaS commitments — tools purchased by business units on corporate credit cards, free-tier platforms that scaled into paid enterprise accounts, and trial licences that converted to subscriptions without IT or procurement visibility. The average large enterprise now runs 200–500 SaaS applications, but only 60–70% are typically managed through formal procurement processes.

This guide is part of our SaaS Contract Optimization: The Enterprise Playbook. It addresses the structural question that underpins all SaaS cost management: how should your organisation govern SaaS procurement, and what is the right balance between central control and business unit autonomy?

The Core Tension

Centralised SaaS procurement maximises commercial leverage and compliance, but creates friction that drives shadow IT. Decentralised buying maximises agility but fragments spend and creates security and compliance exposure. The answer for most enterprises is a federated model — centralised governance with distributed purchasing authority within defined guardrails.

The Centralised vs Decentralised Decision

Most enterprises have not made a deliberate structural choice about SaaS procurement governance — they have simply allowed patterns to emerge, with IT procuring some tools, business units buying others, and the finance team discovering the true extent of SaaS spend at year-end when reviewing credit card statements and vendor invoices.

A deliberate governance model starts by understanding the tradeoffs between the two structural extremes:

Centralised Procurement

All SaaS purchasing managed through central IT/procurement

Advantages
  • Maximum commercial leverage through volume consolidation
  • Full spend visibility and budget control
  • Consistent security and compliance review
  • Prevents duplicate tools across business units
  • Stronger renewal negotiating position
Disadvantages
  • Slower procurement cycles frustrate business units
  • Drives shadow IT and workarounds
  • Central team often lacks domain expertise
  • Risk aversion leads to rejecting valuable tools

Decentralised Procurement

Business units procure SaaS independently within their budgets

Advantages
  • Fast deployment — days not months
  • Domain experts make purchasing decisions
  • Higher business unit satisfaction
  • Enables experimentation and innovation
Disadvantages
  • Fragmented spend — no volume leverage
  • Security and compliance blind spots
  • Significant tool overlap and duplication
  • Renewal management falls through gaps
  • Data sovereignty and GDPR risks

Most enterprise organisations have oscillated between these extremes over time, often tightening central control after a security incident or budget shock, then loosening it when business units rebel against procurement friction. The federated model described below is designed to stabilise this pendulum.

The Federated SaaS Governance Model

A federated SaaS governance model maintains central oversight while distributing purchasing authority within a defined framework. It has four layers:

Layer 1: Approved Vendor Catalogue

The approved vendor catalogue is the foundation of federated SaaS governance. It contains a curated list of pre-vetted SaaS tools that business units can procure without a full central review process — each has passed security assessment, legal review, and commercial due diligence. The catalogue is organised by category (CRM, collaboration, analytics, HR, etc.) and includes preferred vendors, pre-negotiated pricing tiers, and standard security terms.

Building a comprehensive catalogue typically takes 60–90 days for a mid-size enterprise and requires collaboration between IT, security, legal, and procurement. The output dramatically reduces procurement cycle time for catalogue tools while maintaining governance standards. Business units that procure from the catalogue can expect approval in 2–5 days rather than 6–8 weeks.

Layer 2: Spend and Category Thresholds

Not all SaaS purchases require the same level of scrutiny. A federated model uses spend thresholds to determine the approval path:

Annual Spend Approval Route Review Requirements SLA
Under £25K Manager + Finance approval Catalogue check only 2 days
£25K–£100K IT/Procurement light review Security questionnaire + DPA check 5 days
£100K–£500K Central procurement review Full security + commercial negotiation 10–15 days
Over £500K Strategic procurement process Full due diligence + negotiation advisory 30–60 days

Layer 3: SaaS Visibility and Discovery

Spend governance only functions if you can see what is being spent. SaaS visibility requires two inputs: financial discovery (finding SaaS spend in expense reports, credit card statements, and vendor invoices) and technical discovery (finding SaaS applications being accessed by your users through SSO logs, browser extensions, or network monitoring).

Dedicated SaaS management platforms — including Torii, Zylo, Productiv, BetterCloud, and Vendr — automate both discovery workflows. These tools typically identify 30–60% more SaaS spend than organisations are aware of in manual audits. For organisations with SaaS estates above £5M annually, the ROI on these platforms is typically achieved within 3–6 months through rationalisation savings alone. Our SaaS stack rationalisation guide covers how to use this visibility data to drive rationalisation decisions.

Layer 4: Renewal Calendar and Negotiation Planning

A federated governance model must include a structured approach to renewals. In a decentralised environment, renewals are managed by whoever signed the original contract — which is often a business unit manager who lacks commercial negotiation skills and does not engage central procurement until after the renewal has auto-renewed. The result is missed negotiation windows and unchecked price escalation.

A central renewal calendar aggregates all SaaS renewal dates and assigns ownership. For contracts above threshold, procurement engagement is triggered automatically 9–12 months before renewal. For catalogue tools below threshold, the business unit owner is notified with standard renewal guidance. Our 12-month software renewal planning cycle provides a template for this process.

Shadow IT: Causes, Costs, and Controls

Shadow IT — SaaS tools procured without IT or procurement awareness — is the primary driver of unmanaged SaaS spend. It exists in every organisation above a certain size and is almost never the result of malicious intent. Business units turn to shadow IT when the official procurement process is too slow, the approved tool catalogue does not include what they need, or the cost of a tool falls below the expense policy threshold for IT review.

The costs of unmanaged shadow IT extend beyond the direct spend on ungoverned contracts:

  • Security risk: Shadow IT tools often have not been assessed for GDPR compliance, data residency requirements, or security certifications — creating regulatory exposure proportional to the sensitivity of data processed in those tools
  • Duplicate spend: Shadow IT tools frequently duplicate capabilities already licensed through approved platforms — one analysis of a 3,000-person organisation found 14 project management tools operating simultaneously
  • Integration debt: Ungoverned SaaS creates integration complexity that inflates future IT costs as the tools become embedded in business processes
  • Renewal exposure: Auto-renewal clauses in shadow IT tools trigger without any commercial review, locking in spend without leverage

Reducing shadow IT requires addressing its root cause — procurement friction — rather than simply increasing controls. The most effective approach pairs a faster, lighter-touch approved catalogue process (addressing the friction) with automated discovery tooling (providing visibility into what is being procured outside the process). For a complementary perspective on managing auto-renewal risk, see our SaaS auto-renewal negotiation guide.

SaaS Spend Management Maturity Model

Level 1 — Reactive

Characteristic: No Visibility, No Control

SaaS spend is fragmented across expense claims, credit cards, and direct vendor billing. IT and procurement have limited visibility into what is being purchased. Renewals are often missed or auto-renewed without review. Shadow IT is pervasive and unmeasured. This describes the majority of mid-market and growth-stage organisations.

Level 2 — Aware

Characteristic: Visibility Without Structure

The organisation has conducted a SaaS audit and has a partial inventory of applications. Key renewal dates are tracked manually. Some procurement controls exist for large contracts, but business units routinely buy below the threshold. Shadow IT is acknowledged but not systematically managed.

Level 3 — Governed

Characteristic: Structured Governance, Active Optimisation

An approved vendor catalogue exists and is actively maintained. Spend thresholds and approval workflows are defined and followed. A SaaS management platform provides continuous visibility. Renewal planning is structured and procurement engages proactively. Rationalisation cycles run annually to remove unused or redundant tools. This level typically delivers 15–25% SaaS cost reduction in the first year.

Level 4 — Optimised

Characteristic: Predictive, Integrated, Value-Focused

SaaS spend management is integrated with broader IT and finance planning. Usage analytics drive proactive licence reclamation before renewals. Vendor consolidation strategies reduce the overall number of SaaS relationships. Commercial negotiation is sophisticated, with multi-year strategies for strategic vendors. The organisation has moved beyond cost management to value management — measuring ROI per SaaS tool against usage and business outcomes. Typically achieved by large enterprises with dedicated SaaS management capability.

Implementing a SaaS Spend Management Programme

For organisations moving from Level 1 or 2 to Level 3 governance, a structured 90-day implementation roadmap covers the essential steps:

  • Days 1–30 (Discovery): Complete a full SaaS inventory using financial discovery (expense data, credit card statements, vendor invoice analysis) and technical discovery (SSO logs, IT asset management tools). Quantify the current unmanaged spend and categorise by risk and spend level.
  • Days 31–60 (Structure): Design the governance framework — spend thresholds, approval workflows, catalogue categories. Identify the 10–20 highest-spend vendors for priority commercial review. Implement a renewal calendar for all contracts above £25K annually.
  • Days 61–90 (Activation): Launch the approved catalogue with pre-vetted tools. Communicate procurement thresholds and approval routes to business units. Identify quick-win rationalisation opportunities (unused licences, duplicate tools). Conduct priority vendor commercial reviews for the next 6 months of renewals.

For guidance on the rationalisation decisions that flow from improved SaaS visibility, see our SaaS stack rationalisation framework. For the commercial tactics that apply once governance is in place and you are approaching key SaaS renewals, see our SaaS Contract Optimization pillar.

To discuss SaaS spend management programme design for your organisation, contact our team or download the SaaS Contract Optimization white paper for a complete programme framework.