The average mid-size company is running more software tools than its procurement team knows about. A portion of those tools were purchased by teams with budget authority for purchases below a threshold. Some started as free trials and converted to paid subscriptions automatically. Some were brought in by employees from previous roles. Some were adopted during a period of rapid headcount growth, before the company's procurement processes had scaled to match its size.
The company is paying for all of them. Most of those payments are being processed without budget approval, without contract review, and without anyone tracking the renewal date. When the renewal arrives, accounts payable treats it as a standard invoice and processes it. The tool continues. The cost continues. Nobody reviews whether it should.
This post explains how this happens, specifically, and what it costs.
What Uncontracted Spend Is and Why It Matters
Uncontracted SaaS spend is any software or cloud tool cost a company is paying for without a formally executed agreement in place. This includes tools purchased on a corporate card without a contract, trials that converted to paid plans without a formal procurement step, and tools carried over from previous team configurations without contract review. The absence of a formal contract is not merely an administrative gap: it means the company has no documented terms governing pricing, data handling, renewal conditions, or exit rights.
The distinction between uncontracted and unmanaged matters. A tool can be formally contracted and still poorly managed if its renewal date is not tracked and its pricing has never been benchmarked. Uncontracted spend is a specific subset: the portion of the portfolio where no signed agreement exists at all. Both categories carry financial exposure; uncontracted spend carries the additional compliance and security exposure that comes from having no formal vendor obligations in place at all.
For the full picture of what vendor risk means across the SaaS and cloud portfolio, see SaaS and Cloud Vendor Risk Management: The Complete Guide for Mid-Size Companies.
The Four Pathways Through Which Uncontracted Spend Enters the Portfolio
Most uncontracted spend does not arrive through a single failure. It accumulates through four predictable pathways, often simultaneously.
Team-purchased tools below the procurement threshold. Most mid-size companies set a threshold below which team managers or budget owners can purchase software without formal procurement review: typically anywhere from $5,000 to $15,000 per year. This threshold exists for legitimate reasons; small tools should not require six weeks of review. The unintended consequence is that the portfolio contains dozens of individually small tools that in aggregate represent a material annual commitment, with no contracts, no security reviews, and no consolidated visibility anywhere in the company.
Free trials that converted to paid. SaaS vendors rely on product-led growth. A team member signs up for a free trial with a work email, integrates the tool into a daily workflow, and the trial converts to a paid subscription at the end of the free period. The conversion invoice goes to accounts payable, which processes it as a standard cost. There was no budget approval, no procurement review, no contract signing: just a recurring charge that now appears on a corporate card statement every month. The tool is in use, the team depends on it, and the company has no formal agreement with the vendor.
Tools carried in by new hires. Mid-size companies hire from companies that use different tool stacks. New employees arrive with tool preferences and, when given any budget autonomy, will procure the tools they know. In a growth phase where headcount is increasing rapidly, this pathway generates substantial uncontracted spend in a compressed period, because procurement processes cannot scale as quickly as hiring does. The CISO discovers the tool during an access review. The finance team discovers it when reconciling expenses. Nobody discovered it at the point of adoption, because the adoption happened through a personal account or a low-value card purchase.
Tools accumulated during rapid growth phases. Companies that scaled from 50 to 200 employees in two or three years almost universally have a procurement gap: the period before formal processes were established. During that phase, every tool adopted was effectively uncontracted, because the company did not yet have procurement processes that would create a contract. Many of those tools are still running, sometimes years later, with no one specifically accountable for whether the original agreement, if one exists, is still current or relevant.
For context on how these uncontracted tools interact with renewal mechanics and what happens when they auto-renew without any tracking system, see Why Mid-Size Companies Keep Auto-Renewing at the Wrong Price.
Why Procurement Does Not Catch It
The purchase threshold is not the only reason uncontracted spend persists. Three structural factors keep it invisible once it enters the portfolio.
No unified purchase record. SaaS tools are purchased via corporate cards, charged to team cost centres, and processed by accounts payable as operational expenses. Finance sees the invoice amount. IT may or may not know the tool exists. Procurement, if the company has a dedicated function, is not in the payment flow for any tool that came in below the procurement threshold. The data about what tools are running is distributed across three functions with no shared system that consolidates it.
No renewal calendar entry for uncontracted tools. Renewal calendars, where they exist at all, are built from contracts. An uncontracted tool has no contract entry, so it has no renewal calendar entry. The renewal happens automatically, the charge is processed, and the company continues paying for a tool that may not be actively used by the team that originally adopted it. For context on how a structured renewal calendar addresses the contracted portion of this problem, see SaaS and Cloud Contract Renewal Management: The Complete Guide.
No trigger for review outside of a payment event. Formal procurement creates a review trigger at the renewal event: a contract that requires active renewal creates an obligation to decide whether to continue. A subscription that auto-renews creates no event except an invoice. For the company paying that invoice, the review trigger must come from somewhere outside the payment flow: a spend audit, a finance reconciliation exercise, or a security access review. Without one of these external triggers, the tools simply continue indefinitely.
What Uncontracted Spend Actually Costs
The direct cost is the price the company pays without negotiation. There was no benchmarking, no competitive evaluation, no procurement process: the company pays list price, which is the vendor's rate for customers with no bargaining position. Every renewal of an uncontracted tool at list price is a cost the company did not need to accept.
The indirect costs accumulate across three dimensions. First, compliance exposure: any uncontracted tool processing company or customer data is operating without a data processing agreement. In markets with data protection requirements, this is a regulatory gap that grows in significance as the tool's usage expands. Second, security exposure: tools that did not go through a security review may store data in locations or under conditions the company has not assessed and cannot account for. Third, concentration exposure: uncontracted tools often cluster around the same vendors, creating dependency the company has no formal leverage to manage.
The total cost is not visible until the portfolio is audited. Companies that complete a full spend analysis, covering contracted and uncontracted tools, consistently find the uncontracted portion is larger than the finance team's estimate before the audit, costs more per tool than the contracted portion, and carries compliance gaps that do not appear on any risk register.
What Changes When You Have Visibility
Visibility is the precondition for everything else. A company that knows what tools it is running, what each one costs, what the contract status is, and when each one renews has the information to make decisions. A company that does not have that picture is paying for tools it cannot fully account for, renewing contracts it has not reviewed, and carrying compliance exposure it cannot quantify.
The first step is a complete portfolio inventory. Every tool, every payment method, every renewal date, contracted or not. From that inventory, prioritisation follows: which uncontracted tools need immediate formalisation, which compliance gaps carry the highest regulatory exposure, which renewal events in the next 90 days represent the most material spend opportunity.
For a complete guide on how to run that audit, see How to Audit Your SaaS and Cloud Portfolio for Uncontracted Spend. For a full view of what structured vendor risk management looks like once the portfolio is mapped, see SaaS and Cloud Vendor Risk Management: The Complete Guide for Mid-Size Companies.
Find Your Uncontracted Spend
CostRoom's spend analysis identifies every tool running in your portfolio, contracted or not, before the next invoice lands.
Book a Demo Call
Frequently Asked Questions
Why do companies have uncontracted SaaS spend? Uncontracted SaaS spend accumulates through four predictable pathways: team purchases below the procurement approval threshold, free trials that convert to paid subscriptions automatically, tools brought in by new hires from previous roles, and tools adopted during growth phases before formal procurement processes were established. In each case, the tool enters the portfolio without a formal contract, without a security review, and without a renewal date in any tracking system. The company continues paying for it because there is no automatic review trigger outside of a payment event.
How much of a company's SaaS spend is typically uncontracted? CostRoom's direct portfolio analysis across mid-size companies consistently finds that a material portion of active SaaS and cloud tools are running without formal contracts. The proportion varies by company stage and growth history, but companies that scaled quickly or where teams have budget authority for small purchases are typically more exposed. A company that has not completed a full spend audit, covering all payment sources including corporate cards and direct team purchases, will not have a reliable number for this portion of its spend.
What does uncontracted SaaS spend cost beyond the invoice amount? Beyond the direct cost of paying list price without negotiation, uncontracted spend carries three categories of indirect cost. Compliance exposure arises because any tool processing company or customer data without a data processing agreement is operating outside the regulatory requirements that apply in most markets. Security exposure arises because tools adopted without a procurement process did not go through a security review. Concentration exposure arises because uncontracted tools frequently cluster around the same vendors, creating dependency the company has no formal leverage to manage.
How do teams purchase SaaS tools outside procurement? The most common mechanisms are corporate card purchases below the procurement approval threshold, free trial sign-ups with a work email that convert automatically to paid subscriptions, and direct invoices from vendors where a team member provided a cost centre code without initiating a formal procurement request. In each case, the purchase is legitimate from the team's perspective; they needed a tool and used the most direct path available. The consequence is that the tool enters the portfolio without a contract, a review, or a renewal tracking entry.
What is the first step to identifying uncontracted SaaS spend? The first step is to cross-reference all recurring software and cloud payments from accounts payable against the formal contract database. Any payment without a corresponding contract is uncontracted spend. This exercise typically requires pulling 12 months of accounts payable data, including all corporate card charges, and matching each recurring software line item to a signed contract. Items that cannot be matched represent the uncontracted portion of the portfolio.



