Dec 6 2018
How to Conduct Pre-IPO SaaS Auditing — Organizing The Junk Drawer
Alpin is now CoreSaaS.
Anyone who’s been through an IPO knows the intense work and scrutiny it requires. Preparing for an IPO typically results in thorough corporate “house cleaning.”
And just like when you’re cleaning house, there’s a junk drawer. What’s the modern junk drawer in most companies? SaaS.
How Did SaaS Become The Corporate Junk Drawer?
Whether it was encouraged or ignored, enterprises use orders of magnitude more SaaS than they did 5 years ago. (We talk about other alarming shadow IT stats and how SaaS spreads in other posts.)
IT’s philosophy has changed in recent years. At most companies, IT concluded they could no longer command and control everything, and instead they worked to become a great partner to other departments. Other companies doubled down on their centralized model, often attempting to block or outlaw cloud applications entirely.
Regardless, both paths resulted in mass adoption of SaaS.
In one case, it was by design with a newly permissive attitude from IT. In the other case, those attempting to “block” cloud apps were not as successful as they thought.
Users, uh, find a way.
Why Should I Worry About SaaS Before An IPO?
Two words: cost and risk.
On the cost side, CFOs and IPO underwriters do not like it when expense growth outpaces revenue growth. SaaS applications are very easy to start using, and build massive user bases costing thousands or even millions of dollars in the blink of any eye. This results in expenses rocketing upward, with no or few controls.
The good news? You can rein it in, and reduce those expenses.
On the risk side, modern compliance frameworks require that companies ensure vendor compliance. That means any data stored with SaaS vendors should be treated similarly to data stored internally.
While we don’t generally store important and sensitive information in our personal junk drawers, corporations do — intentionally or not. It’s a big problem when a company doesn’t know they are storing PII, financials, or IP with a vendor… and an auditor finds out.
For an IPO, it’s essential to avoid surprises. Auditors do not like to see that a Russian gaming site has full access to the CEO and CFO’s email inboxes and all their sensitive contents. We covered these kind of horror stories that can erupt from a lack of SaaS management.
How to Conduct Pre-IPO SaaS Auditing
For the sake of this post, I’ll assume that you’d prefer to audit SaaS both quickly and comprehensively. If that’s the case, you’ll want a modern SaaS management platform like Alpin. We act as a single source of truth to discover, organize, and manage your SaaS.
1. Find The Cloud Apps
There are many ways to discover cloud apps. Currently, Alpin offers over a dozen methods to quickly find and categorize SaaS.
Some companies conduct manual surveys, though this approach assumes a generous and not-believable level of accuracy from your workforce. Combing through firewall logs or expense histories could also help. We have an spreadsheet template for manually cataloging SaaS, if you’d like to try it. But if you’re about to go IPO, don’t mess around and waste time on a partial solution; get the comprehensive answer quickly and accurately from an automated solution.
2. Create A Single Source of SaaS Truth, Including Financials
Accurate financial reporting is an important part of any IPO. Categorizing software spend and removing gaps in financial reporting due to shadow IT will save valuable time and effort with auditors, and put you on a path to a smooth IPO, not one marred by questions and investor skittishness.
That requires not only discovering cloud applications, but adding information around financials, contracts, and payments as well. Once you do this, reporting on all SaaS spend by category or department becomes possible. That makes it easy to cut costs and get the ratios back where they need to be.
3. Understand Who Stores What With Which Vendors
After discovering vendors, anyone handling vendor compliance will have to answer questions such as:
- Of our SaaS vendors, which perform business functions?
- How important are those business functions?
- Do the vendors performing those functions possess requisite security certifications and safeguards?
- What data is stored with these vendors?
- Who in our organization owns relationships with vendors?
A good SaaS management platform can speed up the process of answering those questions considerably. Read about it in our Compliance use cases blog post and learn more about our tagging and search features.
4. Establish SaaS Management Processes And Procedures
With a single source of SaaS truth, you’ll be in a better position to update processes and procedures around cloud software acquisition.
Some questions to ask yourself when you’re better equipped with data:
- How can we better balance autonomy with the need for oversight?
- What roles should IT and other departments take in documenting and monitoring cloud software?
- How should security and compliance be maintained within the SaaS environment?
- With information centralized, how else could it be used to benefit different departments or the company as a whole?
Want to get a taste for the leading SaaS management platform? Look no further than Alpin (now CoreSaaS.) We have over a dozen ways to discover SaaS apps, along with financial, compliance, and security tools; contact us for a 10-minute demo. You’ll see how Alpin can work for you.