This guide is part of our comprehensive analysis of why SaaS prices are rising 4x faster than inflation and what you can do about it. SaaS inflation is running at 11.4%. General inflation? 2.7%. Your software costs are climbing four times faster than everything else in your budget.
Without governance, you’re paying an average of $4,830 per employee for software. Nearly half of all SaaS licences go unused. 58% of vendors hiked prices in 2024. Shadow IT accounts for 3.8% of total spend – that’s security and compliance gaps you probably don’t even know about yet.
A governance framework puts you back in control. Centralised procurement. Usage monitoring. Vendor relationships managed strategically instead of reactively.
This guide walks you through the implementation step-by-step. You’ll get measurable outcomes: 20-40% cost reduction, redundant applications eliminated, and software budgets that actually stay predictable. No bureaucracy. Just guardrails that work.
What is a SaaS governance framework and why do you need one?
It’s policies, processes, and tools that give you centralised control over how software gets bought, used, and managed across your organisation.
Here’s what it solves: the average enterprise now runs 275 SaaS applications. IT owns only 26% of SaaS spend. The rest? Business units buying whatever they want with corporate credit cards.
No governance means unpredictable budget overruns, vendor lock-in, compliance gaps, and duplicated functionality everywhere. SaaS spending now accounts for 14.1% of a typical company’s expense line. That’s up from 12.7% last year. As we explored in our analysis of unsustainable software costs, vendor pricing power and market consolidation are driving these increases even as general inflation moderates.
The framework prevents cost blowouts by establishing approval workflows, eliminating redundant applications, and shutting down shadow IT before it becomes a problem. The components work together: procurement guardrails, usage monitoring, vendor management, and chargeback models that make people care about the licences they’re requesting.
What are the essential components of a SaaS governance framework?
Six components working together.
First, you need a Software Governance Office or designated owner. Someone has to manage the enterprise-wide portfolio and establish guardrails. That’s a job, not a side project.
Second, procurement guardrails establish approval workflows based on cost thresholds and risk levels. You don’t need C-level sign-off for a $50/month tool, but you do need guardrails before someone commits you to a $100k contract.
Third, SSO integration requirements. You can’t manage what you can’t see, and if applications aren’t authenticating through your identity provider, you can’t see them.
Fourth, usage analytics and monitoring. Track actual adoption rates. Identify unused licences. Stop paying for seats nobody’s using.
Fifth, vendor management processes that govern contract negotiation, renewal timing, and relationship management. This is where you claw back the pricing power.
Sixth, a chargeback model that allocates software costs to business units. When costs appear on their P&L, managers suddenly start asking questions about unused licences. Funny how that works.
How do you establish procurement guardrails without slowing teams down?
Balance control with speed through tiered approval workflows based on risk and cost.
Low-risk, low-cost tools under $500/year get pre-approved status or same-day approval. Medium-risk tools between $500-$5,000/year require technical review for security and integration, but you commit to 48-hour turnaround. High-cost or high-risk enterprise tools trigger full evaluation with all stakeholders involved.
Maintain a pre-approved vendor list for common tool categories – communication, project management, development tools. Publish clear criteria for each tier so people know what to expect. Use automated workflows through SaaS spend management platforms like Zylo or Productiv to route requests to the right people automatically.
Your approval criteria should cover security requirements, data residency, integration capability, and cost thresholds. SLA commitments: same-day for low-risk, 48-hour for medium, 5-day for high-risk applications.
Build a self-service procurement portal with automated routing so people aren’t waiting on email chains. Add an exception process for urgent business needs – because those happen. Measure how well the process works by tracking approval time, denial rate, and shadow IT detection rate.
How do you discover and control shadow IT and shadow AI?
Discovering shadow IT requires multiple detection layers: SSO integration logs, network traffic analysis, expense report mining, and browser extension scanning.
Implement SSO as the primary control. Require all applications to authenticate through your identity provider – Okta, Azure AD, whatever you’re using. This creates visibility into every application your employees access.
Complement SSO with SaaS spend management platforms like Productiv or Torii that scan corporate credit cards and expense systems to identify unsanctioned subscriptions. Someone’s paying for these tools. Find the payments, find the tools.
For shadow AI specifically – ChatGPT, Claude, Gemini – monitor usage through browser extensions and API gateways.
Once discovered, address shadow IT through education, not punishment. Someone requested that tool because they needed it to do their job. Provide approved alternatives with better security. If you can’t provide something better, maybe you should approve their choice.
Your response framework: assess the business need, provide an approved alternative, migrate their data, sunset the unsanctioned tool.
Make it easy to comply and people will comply. Make it hard and they’ll just hide it better.
How do you implement usage monitoring and licence optimisation?
Implement automated tracking through SSO login data – last login dates and frequency for every user. Nearly half of all SaaS licences go unused. That’s up 7% in 12 months.
Configure your SaaS spend management platforms to flag licences unused for 30, 60, and 90 days with automated notifications to managers. Let the system do the nagging.
Establish quarterly licence optimisation cycles where you right-size subscriptions based on actual usage. Customers are reducing licence counts by 20-40% through optimisation tools and user audits. That’s real money.
Match subscription tiers to actual usage patterns. If your marketing team is using basic CRM features, you don’t need to pay for enterprise-level functionality. Downgrade the plan.
For consumption-based pricing, set up dashboards tracking API calls, storage growth, and compute usage. Configure alerts at 80% and 95% thresholds so you know about overages before they hit your credit card.
For a comprehensive approach to auditing and reducing SaaS spending through software rationalisation, including systematic discovery techniques and consolidation strategies, see our detailed rationalisation guide.
How do you set up a chargeback model for SaaS costs?
A SaaS chargeback model allocates software costs to the business units consuming them. Simple as that.
Start with direct allocation – team-specific tools like Figma for design or Salesforce for sales charge directly to those departments. For shared infrastructure like Microsoft 365 or Slack, use allocation rules based on user count or usage metrics.
Implement chargeback through your finance system with monthly reporting showing each department’s software spend. This visibility drives behaviour change. When managers see costs on their P&L, they start questioning unused licences real fast.
Most organisations should start with showback before transitioning to chargeback. Showback means you show them the costs but don’t charge them yet. This gives you time to build trust in your cost allocation accuracy before you make it real.
Communicate the new model clearly. Train managers on what they’re seeing. Address concerns directly instead of letting resentment build.
How do you manage vendor relationships and contract renewals strategically?
Start vendor management 120+ days before contract renewal. Not 30 days before. Not when the auto-renewal notification hits your inbox. 120 days minimum.
Run usage audits to right-size licences. Do competitive research to understand your alternatives.
Maintain a centralised contract database tracking renewal dates, pricing terms, auto-renewal clauses, and committed spend. If you don’t know when renewals are coming, you’ve already lost the negotiation.
Contact vendors 120-180 days before expiry to negotiate multi-year price caps limiting increases to 2-3% annually. That’s below their standard inflation rate. That’s the point.
Request removal of auto-renewal clauses. Vendors often comply if you ask. Establish your BATNA – best alternative to a negotiated agreement – by obtaining alternative vendor quotes.
Negotiation tactics: multi-year price caps, early renewal discounts, licence right-sizing. Never reveal your budget. Keep it confidential to secure the best deal.
Document all vendor interactions and pricing they’ve offered. Build institutional knowledge so the next person negotiating that contract knows what discounts are actually available.
Contract terms worth negotiating: auto-renewal clauses, price increase limits, exit rights, and data portability. These matter when you need to leave.
What metrics should you track to measure governance effectiveness?
Track both financial and operational metrics across five categories.
Financial metrics: total software spend, cost per employee, year-over-year inflation rate, and savings from rationalisation. Usage metrics: application count, licence utilisation rate, inactive licence percentage, and SSO adoption rate.
Compliance metrics: shadow IT discovery rate, policy violations, and security review completion. Vendor metrics: renewal timing (how early you started negotiation), average discount achieved, and contract terms secured. Process metrics: procurement approval time, SLA adherence, and stakeholder satisfaction scores.
Benchmark your IT spend against industry data to see how you compare to peers in your sector.
Your dashboard needs three views: executive summary, department drilldown, and trend analysis. Reporting cadence: monthly operational reviews, quarterly strategic reviews, annual comprehensive assessment.
FAQ Section
What’s the difference between SaaS governance and traditional IT governance?
SaaS governance addresses challenges that don’t exist in traditional IT governance.
Distributed purchasing across departments instead of centralised IT procurement. Consumption-based pricing creating unpredictable costs instead of fixed capital expenditure. Rapid adoption cycles measured in days instead of months-long deployment projects. Vendor lock-in through data integration instead of hardware dependencies. Shadow IT enabled by corporate credit cards instead of controlled server rooms.
Traditional governance assumes centralised procurement and deployment. Someone in IT approves everything. SaaS governance has to balance control with the speed business units demand while preventing cost blowouts from unsanctioned subscriptions and usage overages.
Different problems require different solutions.
How long does it take to implement a SaaS governance framework?
For organisations under 200 employees, expect 2-3 months for basic governance.
2-4 weeks for application discovery and inventory. 3-4 weeks for policy development and approval workflows. 4-6 weeks for tool selection and implementation. 2-3 weeks for training and rollout.
Larger enterprises with 500+ employees need 4-6 months. Stakeholder alignment takes longer. Legacy system integration is more complex. Change management is harder when you’ve got more people invested in the old way.
Quick wins like SSO enforcement and automated discovery can deliver value within 30 days though. You don’t have to wait for the full framework to start capturing benefits.
Can you implement governance without dedicated SaaS management tools?
Basic governance is possible using spreadsheets, SSO logs, and expense reports. If you’re under 50 employees with fewer than 30 applications, this might work fine.
Beyond that scale, manual processes become unreliable. Too many applications. Too many renewals. Too many people making purchasing decisions.
Platforms like Zylo, Productiv, Torii, and Vertice become necessary for automated discovery, usage monitoring, renewal alerts, and optimisation recommendations. The platforms do the work you can’t do manually.
The tool cost – typically $10,000-$50,000/year – usually pays for itself within 60-90 days through licence optimisation alone.
How do you handle exceptions to the governance process?
Establish a formal exception process with three tiers.
Tactical exceptions for urgent business needs get approved within 24 hours by the governance lead with mandatory post-implementation review. Strategic exceptions for new business capabilities requiring fast experimentation get approved by the CTO with a 90-day review checkpoint. Temporary exceptions for time-bound projects get a pre-approved sunset date with automated reminder.
Document all exceptions. Business justification, risk assessment, and remediation timeline all go on record.
Review exception patterns quarterly to identify policy gaps requiring framework updates. If you’re granting the same exception repeatedly, your policy needs updating.
What happens to existing SaaS contracts when you implement governance?
Existing contracts continue until renewal. You’re not breaking commitments.
But they immediately enter the governance framework through contract inventory and renewal tracking. You need visibility into what you’ve already committed to.
Conduct an application portfolio review within the first 30 days. Identify redundant tools for consolidation, unused licences for immediate reduction, and high-priority renewals requiring early negotiation.
Quick wins: licence right-sizing delivers 20-40% reduction typically. Redundant application elimination – the average organisation has 3-5 overlapping tools per category. SSO implementation for usage visibility on everything going forward.
Wait for renewal cycles to renegotiate terms. But implement usage monitoring and optimisation immediately. Don’t wait when money’s being wasted.
How do you get stakeholder buy-in for governance policies?
Build buy-in through a data-driven business case emphasising cost savings, not control.
Present current state analysis showing total software spend, per-employee costs, redundant applications, and shadow IT risks. Make the problem visible.
Quantify the opportunity. Typically you’re looking at 20-40% cost reduction through licence optimisation, 15-25% through application consolidation, and 10-15% through better contract negotiation. That’s real money that could go to headcount or product development.
Address concerns directly. Commit to fast approval SLAs. Maintain pre-approved vendor lists. Establish exception processes. You’re adding guardrails, not roadblocks.
Pilot governance with a willing department first, demonstrate results, then expand. Success sells better than any presentation deck.
What role should procurement/finance play in SaaS governance?
Procurement and finance are governance partners. But they shouldn’t own it solely.
Best structure: IT or CTO owns the governance framework and technical requirements – security, integration, SSO. Procurement handles vendor negotiations and contract management. Finance administers the chargeback model and budget tracking.
Establish a joint ownership model with clear RACI. IT responsible for tool evaluation and usage monitoring. Procurement accountable for contract terms and vendor relationships. Finance accountable for cost allocation and reporting. Business units consulted for requirements and informed of policies.
Three teams, one framework, shared goals.
How do you prevent governance from becoming bureaucratic?
Prevention requires deliberate design choices.
Tiered approval workflows matching process complexity to risk level. Pre-approved vendor lists enabling self-service procurement. Automation reducing manual tasks via SaaS spend management platforms. Clear SLA commitments – same-day approval for low-risk requests.
Measure process efficiency monthly. Track approval time and stakeholder satisfaction. If either metric degrades, investigate and fix it.
Establish a continuous improvement cycle. Review policy effectiveness quarterly. Adjust thresholds based on actual outcomes. Gather feedback from requesters about what’s working and what’s creating friction.
The goal is governance with guardrails, not an approval bottleneck. If it feels bureaucratic, you’ve designed it wrong.
Should governance policies be the same for all departments?
Baseline governance policies should apply universally. SSO requirements, security review, contract review – everyone follows these.
But approval thresholds and process speed can vary by department need.
Sales and engineering often require faster tool adoption than back-office functions. Revenue impact matters. Consider department-specific variations: higher approval thresholds for engineering tools given technical evaluation complexity. Faster procurement for customer-facing teams given revenue impact. Stricter controls for departments handling sensitive data given compliance requirements.
Document variations clearly. Review annually to prevent policy fragmentation where every department has negotiated their own special rules.
How do you handle SaaS governance in a remote or distributed organisation?
Remote organisations face amplified shadow IT challenges. But they also benefit from cloud-native governance approaches.
Implement SSO as a mandatory control. You can’t monitor office network traffic when there’s no office. But you can require authentication through your identity provider.
Use automated discovery tools scanning expense reports and corporate cards. Establish virtual approval workflows through collaboration platforms like Slack or Teams. Leverage SaaS spend management platforms for centralised visibility across locations.
Remote governance often works better than office-based governance. All approvals are already digital. Usage tracking via SSO is more reliable than network monitoring. Distributed teams are already familiar with cloud tool workflows.
What are the first three steps to start implementing governance today?
First, conduct rapid application discovery. Export your SSO logs showing all connected applications. Scan corporate credit card statements for software subscriptions. Survey department heads for team-specific tools. This takes 2-3 days.
Second, implement contract inventory tracking all renewal dates, pricing, and committed spend in a simple spreadsheet or database. Just get the information captured. 3-5 days effort.
Third, establish a basic approval workflow even if it’s initially email-based. Define cost thresholds requiring approval. Assign a governance owner. Communicate the policy to your organisation. 1 week implementation.
These three steps provide immediate visibility and control without requiring tool purchases or major process changes. Start here. Expand later.
How does SaaS governance interact with cloud cost governance?
SaaS governance and cloud infrastructure governance are complementary but distinct disciplines. They need coordination.
SaaS governance focuses on application subscriptions, user licences, and per-seat pricing from vendors like Salesforce, Microsoft, and Atlassian. Cloud governance addresses infrastructure consumption – compute, storage, networking – from AWS, Azure, and Google Cloud.
You need both. SaaS spend management platforms for application governance. Cloud cost management tools for infrastructure governance.
Key integration points: unified reporting showing total technology spend across both categories. Shared chargeback model allocating both SaaS and cloud costs to business units. Coordinated vendor management where cloud and SaaS purchases from the same vendor – Microsoft, Google – leverage combined spend for better discounts.
Different tools, different processes, but the financial reporting needs to roll up together so you understand your total technology cost structure.
Conclusion
Governance isn’t about restricting your teams. It’s about preventing the SaaS inflation crisis from destroying your budget through shadow IT, unused licences, and unchecked vendor price increases.
Start with the three immediate actions: application discovery, contract inventory, and basic approval workflows. These deliver visibility and control within two weeks. Then layer in the sophisticated components: usage monitoring, chargeback models, and strategic vendor management.
The framework pays for itself through cost optimisation alone. But the real value is predictability – knowing what you’re spending, why you’re spending it, and having the control to adjust when business conditions change.
