TL;DR: SaaS expense tracking breaks down when application discovery, invoice review, and renewal decisions sit across different teams, because hidden spend and auto-renewal pressure can outpace manual oversight, according to Zluri. The governance issue is not just cost control: it is that entitlement, renewal, and offboarding decisions are being made without a single ownership model.
NHIMG editorial — based on content published by Zluri: SaaS Management 5 Ways to Track SaaS Expenses in 2026
Questions worth separating out
Q: How should security teams control SaaS renewals without losing visibility across departments?
A: Security teams should treat renewals as a shared governance checkpoint, not a finance-only event.
Q: Why do SaaS expenses become an IAM issue instead of just a procurement issue?
A: Because SaaS costs follow active services, and active services usually carry user access, data exposure, and lifecycle obligations.
Q: What breaks when SaaS discovery is incomplete?
A: Incomplete discovery leaves shadow apps, duplicate subscriptions, and employee-purchased tools outside the control model.
Practitioner guidance
- Create a unified SaaS inventory: Map applications from SSO, finance, endpoint, directory, and HR sources into one inventory so renewal decisions start from complete coverage, not a partial spreadsheet.
- Reconcile invoices to contracts and usage: Compare actual charges, estimated costs, licence counts, and feature usage each cycle so true-up fees and duplicate billing are visible before approval.
- Turn renewals into governance checkpoints: Make each upcoming renewal require a named business owner, a usage check, and a keep or cancel decision.
What's in the full article
Zluri's full blog post covers the operational detail this post intentionally leaves for the source:
- A walkthrough of the nine SaaS discovery methods and how each source contributes to inventory accuracy
- The invoice and contract workflow Zluri uses to connect spend, renewals, and billing exceptions
- The structure of the 22 report types, including department-wise and app-wise spend reporting
- How reminder timing is configured for renewals and contracts across monthly and annual cycles
👉 Read Zluri's guide on tracking SaaS expenses and renewals →
SaaS expense tracking and renewals: what IAM teams should fix?
Explore further
SaaS spend control is an identity governance problem disguised as financial hygiene. When organisations cannot tie applications, invoices, and renewals back to ownership, they lose control over who can approve, continue, or cancel access-bearing services. The article shows that the operational pain is not just wasted budget, but the absence of a reliable decision path for SaaS lifecycle governance. Practitioners should treat spend visibility as a governance prerequisite, not a reporting luxury.
A few things that frame the scale:
- 92% of organisations expose NHIs to third parties, raising concerns about supply chain security, according to Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: What should organisations do when a SaaS renewal is coming up and usage is unclear?
A: Pause automatic renewal until the application has been reviewed for business value, ownership, and active usage. If no accountable owner can justify the service, move it to cancellation or offboarding rather than allowing the subscription to continue by default. Renewal dates should trigger a decision, not an autopay event.
👉 Read our full editorial: SaaS expense tracking exposes the identity governance gap in renewals