Contributing authors: Kristine Briggs, Bernard Williams, Jocel Siglos
The OIC SaaS Governance Maturity Model (SGMM) defines four distinct stages of maturity:
Level 1: Chaotic – No oversight, resulting in shadow IT and unmanaged costs
Level 2: Emerging – Initial awareness, with inconsistent controls and visibility
Level 3: Managed – Structured policies and tools are in place, but governance is still largely manual
Level 4: Optimized – Governance is automated, strategic, and aligned with business objectives
This article focuses on the transition from Level 1 to Level 2, essentially beginning the journey of improving SaaS governance.
At the "Chaos" level of SaaS governance, organizations often find themselves reacting to problems rather than preventing them. Employees and departments independently purchase and manage SaaS tools, with little to no centralized oversight. The result? A tangled web of shadow IT, redundant applications, spiraling costs, and security and compliance risks.
Transitioning to the "Emerging" stage requires deliberate action. While it's not about full control overnight, this phase is about creating visibility, establishing basic policies, and setting the stage for long-term governance maturity. It’s a pivotal moment when an organization begins to shift from reactive firefighting to proactive oversight. By building operational discipline early, teams can lay the foundation for sustainable SaaS growth.
Here are five practical steps your organization can take to quickly improve your SaaS governance posture.
From Chaos to Emerging: Five steps to take that will quickly improve your SaaS governance posture
You can’t govern what you can’t see. Begin by building a comprehensive inventory of all the SaaS tools currently in use across the organization whether officially purchased, employee-expensed, or accessed via free trials. Use surveys, expense data, browser plugins, or SaaS discovery tools to uncover this information. This inventory becomes your source of truth and lays the groundwork for informed decision-making across IT, finance, and operations.
Dig deeper by documenting key metadata: who owns the tool, how many users it supports, its cost, and renewal terms. Understanding the full scope of your environment helps you uncover risks and operational dependencies that might otherwise remain hidden.
Without clear ownership, SaaS applications fall through the cracks causing renewal surprises, unused licenses, and compliance risks. Mapping responsible owners to tools creates accountability for usage, security, and budget alignment. These owners can act as internal champions to support adoption and ensure vendor communications don’t get lost. As governance matures, ownership will evolve into a key part of your operational model.
Application owners should also take part in reviewing tool performance, negotiating renewals, and ensuring their applications align with organizational goals. Empowering them with responsibility and guidance sets the stage for decentralized governance with central visibility.
Even at an early stage, it’s important to set some guidelines for SaaS purchasing. Create lightweight guidelines that distinguish between tools employees can choose on their own and those that require team, IT, or Finance input. While these aren’t rigid rules, they signal a shift toward more thoughtful acquisition. Over time, these guidelines will evolve into formal policies that scale across the organization.
Clear guidelines reduce friction and ensure employees know what's expected, so IT doesn’t have to micro-manage. Framing this as a collaborative safeguard, not a bureaucratic hurdle, helps gain support from individual teams.
Visibility into costs and usage helps to identify low-value/redundant tools and budget inefficiencies. Collaborate with your Finance team to map spending by department, application, and user base, even if it’s through simple spreadsheets at first. Regularly reviewing this data allows you to pinpoint under-used licenses or shadow IT that could be rationalized. Financial clarity is often the first tangible win in any governance effort.
You can take this further by correlating spend with value delivered. Is an expensive platform barely being used? Are departments renewing tools without reviewing usage data? Answers to these questions enable cost-saving interventions and more effective budgeting.
Governance can’t succeed without buy-in. Clearly explain to stakeholders that these are essential processes for a well-run business. Make sure to communicate that unregulated SaaS usage exposes the business to risks such as security breaches, compliance failures, and escalating costs. Position governance as a support function focused on enabling smart, safe, and efficient SaaS adoption. Framing the initiative this way transforms resistance into collaboration.
Note that to be successful, the communications need to be on-going. Messaging should be consistent and reinforced over time. Host short information sessions, share internal newsletters, or highlight early wins to reinforce the value of this shift. Change management is not a one-time announcement, it’s a sustained effort to reshape mindset and behavior.
Moving from Chaos to Emerging in the SaaS Governance Maturity Model doesn’t require perfection, it requires momentum. By taking these five practical steps, your organization will begin to reduce risk, uncover savings, and improve visibility almost immediately.
These quick wins are more than operational; they signal a cultural shift toward strategic enablement. Start small, stay transparent, and commit to building better SaaS habits that scale over time.
Ready to see where your team stands? Take our free SaaS Governance Assessment to evaluate your current maturity and get personalized recommendations: 👉 https://scorecard.oicadvisors.com/saas-management-assessment