How to Find Ghost Users & Save Budget with a SaaS Audit Tool

Watch the Full Video

The Problem: IT Is Always the Last to Know

One of the most frustrating challenges for IT leaders is being the last to know when employees leave the company. A manager in a remote office terminates someone on Friday. HR doesn't get notified until the following week. Meanwhile, that former employee still has an active account, access to company systems, and maybe even a laptop sitting in their home office.

This isn't just an IT problem—it's a compliance risk, a security vulnerability, and a budget drain.

The disconnect between HR, field managers, and IT creates what I call "ghost users"—accounts that remain active long after employees have left, consuming licenses, accessing systems, and creating liability. Add to that the duplicate and underutilized software licenses most organizations carry, and you have a significant opportunity to demonstrate IT's value to the C-suite.

The Ghost User and SaaS Audit Tool is designed to solve exactly this problem.

Why This Matters: Earning Your Seat at the Table

The main reason IT professionals join the Rocker IT Leadership Academy is to ensure IT has a seat at the management table. One of the easiest ways I've found for my clients to achieve this is by showing they're "keeping their eye on the ball."

When you can walk into an executive meeting and say, "I've identified $32,000 in annual savings by cleaning up inactive accounts and optimizing our software licenses," you're no longer the tech person who fixes computers. You're a strategic partner who protects the business and manages the budget responsibly.

This tool helps you:

• Build a bridge to the CFO: You're bringing money back, not just asking for it
• Prove your value: Demonstrating cost savings and risk reduction in concrete terms
• Protect the house: Eliminating security vulnerabilities from inactive accounts

Whether you're an IT manager trying to move up, an established leader reinforcing your value, or an MSP/auditor conducting client assessments, this tool gives you the data you need to have meaningful conversations with executives.

Who Should Use This Tool?

This Ghost User and SaaS Audit Tool is designed for:

• IT managers and directors in organizations with 50 to a few thousand machines
• Emerging IT leaders who want to demonstrate strategic thinking beyond technical execution
• MSPs conducting client audits to identify cost savings and security risks
• Internal and external auditors assessing IT compliance and license management
• Distributed organizations with employees across multiple states or countries where communication gaps are common

If your organization doesn't have an advanced asset management system or integrated SaaS tracking platform (and most don't), this Excel-based tool is the perfect starting point.

The Tool: A Multi-Tab Approach to Finding Savings

The Ghost User and SaaS Audit Tool is a multi-tab Excel worksheet available free in the Rocker IT Leadership Academy. It consists of four main sections:

1. Introduction: Overview and goals
2. SaaS Audit: Tracking software licenses and identifying savings
3. Staff Intro: Process for auditing user accounts
4. Staff Audit: Detailed tracking of active, inactive, and terminated accounts

Let's walk through each section and how to use it effectively.

Part 1: The Staff Audit (Finding Ghost Users)

Step 1: Export HR Data

Start by getting two critical lists from HR:

• Terminations list: All employees who have left the company in the past 90-180 days
• No-show list: Employees who were hired but never started (surprisingly common)

Depending on your country and industry, employment rules vary, but the principle is the same: you need to know who should no longer have access to company systems.

Step 2: Dump the IT Data

Export user data from your primary systems:

• Microsoft 365 / Azure AD (Entra ID): Active accounts, last login dates, license assignments
• Google Workspace: User status, last login, assigned licenses
• Other critical systems: HR systems, ERP platforms, CRM tools, file storage (Box, Dropbox, etc.)

Even if you're not directly responsible for managing a particular system (like the HR system), you'll get questions about it. Proactively including it in your audit shows you're thinking holistically about the organization.

Step 3: Build Your Staff Audit Spreadsheet

The Staff Audit tab includes the following columns:

• First Name, Last Name: Employee identification
• Department: Helps identify patterns (e.g., high turnover in a specific department)
• Termination Date (per HR): When HR says the employee left
• AD/Entra or Email Account Status: Is the account still active?
• Last Login Date: When did this person last access systems? (Critical for compliance)
• Hardware Assigned: Do they have a laptop, phone, or other equipment?
• Remote Office: If yes, has hardware been returned?
• Estimated Risk Cost: For high-risk roles (finance, executive access), what's the potential cost if this account is compromised?
• Action Required: What needs to happen next? (Disable account, retrieve hardware, etc.)
• Notes: Additional context for follow-up

Conditional Formatting: Red Flags

The spreadsheet uses conditional formatting to highlight problems automatically. If someone has been terminated but their account is still active, or if their last login was over 90 days ago but they're still employed, the row turns red.

This visual system makes it easy to spot issues at a glance and prioritize action items.

Example Scenarios

Scenario 1: Terminated employee with active account

• Employee left 45 days ago according to HR
• AD account is still active
• Last login was 3 days ago
• Action required: Immediate account disable and investigation—someone may be using this account inappropriately

Scenario 2: Active employee who hasn't logged in

• Employee is listed as active in HR
• Last login was 120 days ago
• Hardware is assigned but location unknown
• Action required: Contact manager to verify employment status, locate hardware, assess whether account should be disabled

Scenario 3: Remote employee with unreturned equipment

• Terminated 60 days ago
• Account disabled properly
• Laptop marked as "not returned"
• Action required: HR/Finance follow-up to retrieve equipment or charge employee

The Compliance and Insurance Angle

This isn't just about cost savings—it's about compliance and cyber insurance.

Many industries have regulations about how quickly you must disable access for terminated employees. If you're in finance, healthcare, or any field handling sensitive data, auditors will ask for this documentation.

Cyber insurance providers are increasingly requiring proof that you have processes in place to manage user access. Being able to show a quarterly or monthly audit of active accounts can directly impact your ability to secure or renew coverage.

Part 2: The SaaS Audit (Optimizing Software Licenses)

Step 1: Identify the Big Rocks

Don't start by auditing every $5/month tool. Focus on the systems with the highest cost and broadest usage:

• Microsoft 365 / Google Workspace: Often the largest single software expense
• ERP systems: SAP, Oracle, NetSuite, etc.
• CRM platforms: Salesforce, HubSpot, etc.
• Collaboration tools: Slack, Zoom, etc.
• File storage: Box, Dropbox, OneDrive, etc.
• Industry-specific platforms: Whatever is core to your business

The goal is to find the areas where even small percentage improvements yield significant savings.

Step 2: Export License Data

For each major system, export:

• List of all users
• License type assigned to each user
• Cost per license type
• Last login date (if available)
• Role or permission level

Work with your account managers or system admins to get this data. Many vendors can provide usage reports that show who's actively using the platform versus who has a license but hasn't logged in.

Step 3: Calculate the Savings

The SaaS Audit tab tracks:

• Vendor: Who provides the software
• License Type: E3, E5, Business Premium, etc.
• Current Cost: Price per user per month
• Total Licenses: How many you're paying for
• Active Users: How many are actually using it
• Zombie Licenses: Inactive for 90+ days
• Downgrade Candidates: Users who could move to a cheaper license tier
• Savings Calculation: Automatic formulas show annual impact

Example: Microsoft 365 License Optimization

Let's say you have:

• 200 E3 licenses at $36/user/month = $7,200/month
• 50 of those users haven't logged in for 90+ days = $1,800/month wasted ($21,600/year)
• 100 users could downgrade to Business Premium at $22/user/month = $1,400/month savings ($16,800/year)

Total potential savings: $38,400/year from one system alone.

Now multiply that across your ERP, CRM, and other major platforms, and you can easily find $50,000-$100,000+ in annual savings.

The "Small Potatoes" Add Up

While you should focus on the big-ticket items first, don't ignore the smaller subscriptions entirely. A $30/month tool might not seem significant, but if you have 20 of them that are unused, that's $7,200/year.

Consider assigning this work to an intern or junior team member you're mentoring. It's a great learning opportunity for them, and the cumulative savings can be substantial.

Zombie Savings vs. Downgrade Savings

Zombie savings: Licenses for users who haven't logged in for 90+ days. These can often be eliminated entirely (with some exceptions for seasonal workers, auditors, etc.).

Downgrade savings: Users who have premium licenses but only use basic features. For example, someone with a Microsoft E5 license who only uses email and calendar could drop to Business Basic.

Both categories represent real money you can return to the organization.

How to Present This to Executives

Once you've completed your audit, you need to present the findings in a way that resonates with non-technical leaders.

Frame It as Risk Reduction + Cost Savings

Wrong approach:
"We found 50 inactive AD accounts that need to be disabled."

Right approach:
"We identified a compliance risk: 50 former employees still have active access to company systems, including 5 in finance roles. Disabling these accounts immediately reduces our cyber insurance risk and saves $18,000 annually in unused licenses."

Quantify Everything

Executives think in dollars, not technical details. Every finding should have a number attached:

• "Eliminating zombie licenses saves $32,000/year"
• "Downgrading 100 users to appropriate license tiers saves $17,000/year"
• "Retrieving unreturned hardware from terminated employees recovers $15,000 in assets"

Propose a Recurring Process

Don't present this as a one-time cleanup. Position it as an ongoing process that demonstrates IT's commitment to stewardship:

• Monthly: Quick review of terminations and new hires
• Quarterly: Full audit of ghost users and inactive licenses
• Annually: Comprehensive review of all software contracts and vendor relationships

Involve Other Departments

This isn't just an IT project—it's a cross-functional initiative:

• HR: Needs to improve offboarding communication
• Finance/Accounting: Wants to see cost savings and budget optimization
• Legal/Compliance: Cares about access control and data protection
• Department managers: Should be accountable for notifying IT when their team members leave

By framing this as a collaborative effort, you position IT as a partner, not a gatekeeper.

Special Considerations for MSPs and Auditors

If you're an MSP or external auditor, this tool is invaluable for client assessments.

For MSPs:

Use this audit as part of your onboarding process for new clients:

1. Discovery phase: Run the ghost user and SaaS audit within the first 30 days
2. Present findings: Show the client exactly how much they're wasting and what risks exist
3. Propose solutions: Offer to implement a quarterly audit process as part of your managed services
4. Build trust: You're not just selling services—you're saving them money and reducing risk

Many MSPs find that the savings identified in the initial audit more than pay for the first year of managed services.

For Auditors:

This tool provides a structured framework for assessing:

• Access control compliance: Are terminated employees properly offboarded?
• License management: Is the organization paying for what it uses?
• Risk exposure: Are high-risk accounts (finance, executive) properly monitored?
• Process maturity: Does the organization have documented procedures for user lifecycle management?

Include this audit in your standard assessment checklist, and you'll consistently find actionable recommendations for your clients.

Automation: When and How

Many IT leaders ask: "Should I automate this process?"

The answer depends on your organization's size and maturity.

Start with Excel

For organizations with 50-500 employees, an Excel-based process is perfectly appropriate. It's:

• Easy to understand: Anyone can open a spreadsheet
• Flexible: You can modify columns and formulas as needed
• Low-cost: No additional software to purchase or maintain
• Transparent: Executives can see exactly how you calculated savings

Consider Automation When:

• You have 500+ employees across multiple locations
• You're running this audit monthly and it's taking significant time
• You have budget for a dedicated SaaS management platform (like Zylo, Torii, or BetterCloud)
• Your organization has mature IT processes and is ready for advanced tooling

The Automation Trade-Off

Remember: automation introduces a new system to manage, maintain, and keep updated. For many mid-sized organizations, the overhead of managing an automation platform outweighs the time savings.

If you do automate, keep the Excel template as a backup for handling exceptions and edge cases.

Implementation Timeline

Here's a realistic timeline for implementing this audit process:

Week 1: Data Gathering

• Export HR termination and no-show lists
• Export user data from Microsoft 365, Google Workspace, and other primary systems
• Gather software license information from major vendors

Week 2: Analysis

• Populate the Staff Audit tab
• Identify ghost users and inactive accounts
• Populate the SaaS Audit tab
• Calculate potential savings

Week 3: Validation

• Work with HR to confirm termination dates
• Work with department managers to verify employment status for inactive accounts
• Confirm license types and costs with vendors

Week 4: Presentation and Action

• Present findings to CFO, COO, or executive team
• Get approval to disable ghost accounts and optimize licenses
• Implement changes
• Document the process for future audits

Ongoing: Quarterly Reviews

• Set a recurring calendar reminder
• Repeat the process every 90 days
• Track cumulative savings over time

Common Objections and How to Handle Them

"We don't have time for this."

Response: "This audit will take about 8-10 hours initially, and we'll save $30,000+ annually. That's a 300:1 return on time invested. Plus, it reduces our compliance risk and cyber insurance exposure."

"HR should handle user offboarding."

Response: "Absolutely—and this audit helps us identify where the current process has gaps so we can work with HR to improve it. We're not placing blame; we're solving a cross-departmental problem."

"We have enterprise agreements, so we pay for a set number of licenses anyway."

Response: "True for some systems, but we still need to track who's using what for compliance and security reasons. And for systems without enterprise agreements, we're paying per user, so every inactive license costs real money."

"This feels like busywork."

Response: "I understand it might seem that way, but cyber insurance auditors and compliance regulators specifically ask for this documentation. Plus, it's one of the fastest ways to demonstrate IT's value to the CFO."

Real-World Results

Here are some examples from organizations that have implemented this audit process:

Manufacturing company (250 employees):

• Found 35 ghost users (former employees with active accounts)
• Identified $28,000 in annual SaaS savings
• Recovered 8 unreturned laptops worth $12,000
• Total value: $40,000 in year one

Professional services firm (150 employees):

• Discovered duplicate subscriptions (paying for both Dropbox and Box when only one was needed)
• Downgraded 60 Microsoft 365 licenses from E3 to Business Premium
• Total savings: $22,000 annually

Healthcare organization (500 employees):

• Identified compliance risk: 12 terminated employees in clinical roles still had system access
• Eliminated 75 zombie licenses across multiple platforms
• Total savings: $45,000 annually + major compliance risk mitigation

Getting Started: Your Next Steps

1. Download the tool: The Ghost User and SaaS Audit Tool is available as a free resource in the Rocker IT Leadership Academy (no paid membership required)

2. Schedule time: Block 2-3 hours on your calendar this week to start gathering data

3. Identify your "big rocks": List the 5-10 software platforms with the highest cost and broadest usage in your organization

4. Partner with HR: Set up a 30-minute meeting to explain the audit and request termination data

5. Run the first audit: Complete the Staff and SaaS tabs for your organization

6. Present findings: Schedule time with your CFO, COO, or executive team to share results

7. Set up recurring process: Add a quarterly reminder to your calendar to repeat the audit

Join the Community

Whether you're an IT manager looking to demonstrate value, an MSP conducting client audits, or an auditor assessing IT maturity, the Rocker IT Leadership Academy provides the tools and community to help you succeed.

Free Community Access:

• Download the Ghost User and SaaS Audit Tool
• Participate in discussions
• Share wins and challenges

Paid Academy Membership ($99/month with 7-day trial):

• In-depth training content
• Advanced tools and templates
• One-on-one coaching options
• Monthly live Q&A sessions

Fractional CIO Services:

• For organizations needing ongoing strategic IT leadership
• Custom engagements tailored to your specific needs

Join the Rocker IT Leadership Academy →