Why CIOs should treat SaaS sprawl as a process and compliance risk, and how a digital adoption platform reduces audit findings and operational drag.
When boards talk about saas sprawl, the conversation usually starts with money and security: too many tools, too many licences, too many unmanaged data flows. Less often does it start with process. Yet if you sit in the CIO, CFO, or Head of Internal Audit seat, that is where the pain shows up: inconsistent purchase approvals, messy access control, incomplete HR data, weak evidence trails, and audit findings that trace back not to one bad system, but to five half-used ones.
Recent reports show just how big the problem has become. Torii’s 2026 benchmark found that the average company now uses around 830 applications, with large enterprises using more than 2,000. More than 61% of these tools are considered shadow IT, meaning they are adopted without formal approval. Zylo’s 2026 SaaS Management Index also shows that software spending continues to increase, even when the total number of tools stabilises. This is largely driven by AI features and more complex licensing models.
What these numbers don’t fully show is the operational risk behind them: every additional tool creates another opportunity for processes to be bypassed, steps to be missed, or compliance records to become incomplete.
This article looks at saas sprawl as a hidden process and compliance problem, and argues that you cannot fix it with contracts and policies alone. You also need an adoption-led control layer, delivered through a Digital Adoption Platform (DAP) like Lemon Learning, that sits directly on top of ERP, HRIS, CRM, and other critical tools to guide people while they work.
Most control frameworks were designed for a much simpler software environment: one HR system, one finance system, one CRM, and maybe one compliance tool. Policies and audit processes were built around this small number of core platforms.
Today, the reality is very different. Companies use dozens of additional tools across departments such as, purchasing apps, local HR tools, smaller CRMs, AI tools, workflow plug-ins, and older systems that are still in use.
From an IT perspective, this creates what PDQ describes as too many admin dashboards and repeated workflows. From a governance perspective, the impact is wider:
Employee information might exist in the main HR system, in local tools, and in spreadsheets. Customer data might live in the main CRM, an older CRM, and several marketing tools. Finance teams may rely on reports that do not match local trackers. Processes are designed around one reliable source of information, but in reality, several versions exist.
When core systems feel slow or complicated, teams often create shortcuts. For example, a purchasing team might use a separate tool to avoid long approval processes. HR teams may track onboarding in spreadsheets because the official workflow is unclear. These workarounds often lack the same approvals, controls, or visibility as the main systems.
Even when tools are approved, processes are not always followed consistently. Different regions or teams may use different tools or configure them differently. A policy that assumes all approvals happen in one system becomes less reliable when some requests are handled elsewhere or through email.
Audit and risk teams need to understand who approved what and when. When actions are spread across many tools with inconsistent tracking, it becomes harder to reconstruct decisions. This makes audits slower and increases the risk of issues being missed.
In this environment, SaaS sprawl is not just a cost issue. It affects how reliably processes are followed. Many employees turn to alternative tools simply because they are trying to work efficiently when official systems feel complex or difficult to use.d
Reducing the number of tools through stricter approvals and contract reviews can help control SaaS sprawl over time, but this alone will not ensure that people follow the right processes. To truly reduce the risks created by SaaS sprawl, the correct way of working must also be the easiest way for employees to complete their tasks. This is where a Digital Adoption Platform (DAP) plays an important role.
A DAP such as Lemon Learning works directly inside your existing software, HR systems, finance tools, CRM platforms, Microsoft 365, and internal portals, to guide users step by step. Instead of leaving employees to figure things out alone or turn to additional tools, in-app guidance helps them complete tasks correctly within the systems your organisation has chosen. This helps limit the need for workarounds that often contribute to SaaS sprawl.
From a process and compliance perspective, the approach is practical:
Start by identifying workflows where errors, workarounds, or duplicate tools create risk. SaaS sprawl often affects processes linked to finance, HR, approvals, or system access, for example:
• Purchase requests and approvals
• Supplier onboarding or updates
• HR changes that impact payroll or access rights
• Time tracking submissions
• Sales approvals or contract validation
• User access requests or offboarding steps
These processes often become fragmented when teams adopt additional tools outside the main systems.
Document how each process should be completed in your core systems. Then identify where employees switch to spreadsheets, email, or additional SaaS tools because the process feels unclear or too complex. These deviations are a common side effect of SaaS sprawl.
Before adding guidance, reduce friction where possible. Remove unnecessary steps, simplify approval flows, and clarify responsibilities. When processes are easier to follow, employees are less likely to introduce new tools that increase SaaS sprawl.
4. Guide users directly inside the software they already use
With a DAP, you can provide on-screen guidance that helps employees complete tasks correctly without leaving the system. For example:
• Step-by-step guidance for submitting compliant purchase requests
• Clear instructions when updating employee information
• Help completing CRM records correctly to ensure accurate reporting
By making processes easier to follow, organisations reduce the need for parallel tools and limit the growth of SaaS sprawl.
5. Track whether processes are followed correctly
A DAP also shows how employees interact with processes. You can see where users struggle, where errors happen, and whether guidance is helping improve consistency. Over time, this helps reduce mistakes and strengthen compliance.
When used this way, in-app guidance becomes a practical layer that supports your policies. It helps employees follow the right steps at the right time, making processes more reliable without adding extra complexity.
For CIOs and CFOs, reframing saas sprawl as a process risk has three practical advantages.
First, it changes the conversation with the business. Instead of telling HR, finance, or operations that they must give up favourite tools “because we have too many,” you can show how side systems create inconsistent processes, weak evidence, and rework when audits hit. You are not just defending centralisation; you are defending their own ability to run clean operations.
Second, it justifies investment in digital adoption as part of your control framework. An adoption layer like Lemon Learning is not a training luxury; it is how you turn written policies and system configuration into day-to-day behaviour. By expressing controls directly in the UI of ERP, HRIS, CRM, and other critical tools, you reduce the dependence on tribal knowledge and static job aids.
Third, it makes audit discussions more data-driven. Instead of vague assurances that “we trained everyone,” you can show guide usage, error trends, ticket volumes, and tool rationalisation before and after specific interventions. When paired with SaaS portfolio data from tools like Torii or Zylo, you can demonstrate how improving adoption in core systems allowed you to retire overlapping apps and reduce control surface area.
Ultimately, the goal is not to eliminate every side tool. It is to ensure that the workflows that matter for compliance, financial reporting, and risk management run predictably in systems you can govern, supported by in-app guidance that makes the the most effective way of working obvious.
Each extra tool is another place a critical workflow can be executed differently, or off the record. When processes like purchasing, payroll changes, or revenue recognition are split across multiple systems, controls become harder to enforce and audits become harder to evidence, even if total licence cost is under control.
Policies and approval workflows are necessary but insufficient. If people find core systems too hard to use or poorly explained, they will look for workarounds regardless of the policy. Embedding guidance directly into ERP, HRIS, CRM, and other tools via a DAP makes compliant behaviour easier than non-compliant behaviour.
A DAP like Lemon Learning provides both preventative and evidential value. Preventatively, it guides users through compliant workflows in real time. Evidentially, its analytics show how often those guides are used and where people struggle, helping you explain control design and effectiveness during audits.
Start with a joint workshop between IT, finance, HR, and internal audit to identify high-risk workflows and the tools they touch. Pick a small number, stabilise them in your core systems, and wrap them with in-app guidance. Measure changes in errors, tickets, and audit findings before expanding
No. Any organisation that relies on accurate financial data, clean HR records, and predictable approvals benefits from reducing process fragmentation. In regulated sectors, the stakes are higher, but the mechanics are the same: fewer uncontrolled tools, clearer systems of record, and better in-app guidance where it matters most.
With so many different PLM (Product Lifecycle Management) solutions to choose from, it can be difficult to make the right choice.
Turn shadow IT inventory into behavioural insight. Learn how to combine SaaS discovery data with digital adoption analytics to prioritise workflows,...
In this article, Lemon Learning explains how to set up your Purchasing IS in 6 concrete steps. On the program: inventory, choice of solution, support...
Be the first to know about new B2B SaaS Marketing insights to build or refine your marketing function with the tools and knowledge of today’s industry.