← All articles

Blog

How to Audit Your Tech Stack Before Making New Bets

A practical playbook for auditing your existing software stack — what to look for, what to fix, and what surprises to expect.

4 min read
  • mid

Most Indonesian SMEs make their next technology decision before understanding their current one. They sign a new SaaS contract while already overpaying for redundant ones. They start a custom build while existing tools cover 70% of the need. They hire a vendor without realising the previous vendor wasn’t actually delivering.

A tech stack audit is the cheap step that prevents these mistakes. Here’s what one actually involves.

What a tech stack audit covers

Five areas, in priority order:

1. Inventory of what you’re paying for

The first surprise: you don’t know. Most SMEs we audit can list maybe 60% of their active software vendors from memory. The other 40% live in expense reports, scattered across departments, or in personal credit cards that never got centralised.

The output: a complete list with monthly/annual cost, owner, contract renewal date, and what the tool is supposed to do.

2. Usage assessment

For each tool, three questions:

  • Is anyone actually using it? A surprising number of subscriptions auto-renew without active users.
  • How many people? Is the seat count right? Many tools are paying for 50 seats when 20 are active.
  • What’s the engagement depth? A tool that 5 people open once a month isn’t earning its keep the way one that 5 people open daily is.

This is where the largest savings usually live.

3. Redundancy mapping

When multiple tools do overlapping things. Most SMEs over 30 employees have 3–5 redundancies. Common patterns:

  • Two file-sharing services (Google Drive + Dropbox)
  • Two project management tools (one team uses Asana, another uses Trello)
  • Two communication tools (Slack + Microsoft Teams)
  • Three note-taking tools (Notion, Google Docs, Coda)

Resolving redundancies is usually 80% organisational and 20% technical. The technical work is easy; the politics of who has to switch is harder.

4. Integration gaps

Tools that should be connected but aren’t. Manual data transfer between accounting and CRM. Order data not flowing back into customer records. Inventory updates not syncing to e-commerce platforms.

Each gap is a place where someone is doing manual work that compounds over time. Mapping them lists the highest-leverage automation opportunities.

5. Risk assessment

Where the stack is fragile:

  • Tools nobody knows how to administer if the current admin leaves.
  • Vendors with concerning financial health (small companies that might not be around in two years).
  • Compliance gaps (data residency, encryption, access controls).
  • Single points of failure (one tool’s outage breaks multiple workflows).

This section is rarely included in vendor-side audits because it’s hard to monetise. Insist on it anyway.

What an audit shouldn’t do

Three things to avoid:

  • Audit by checklist. Generic frameworks miss the specifics of your business. The audit should listen to how your team actually uses things, not score them against a template.
  • Recommend a complete stack overhaul. Big-bang stack replacements fail. The output should be a prioritised list of small interventions, not “rebuild everything.”
  • Conflate audit with vendor pitch. Auditors who happen to sell the alternative they recommend have a conflict of interest. Either get an independent audit or accept that the recommendations need cross-checking.

The output that’s worth what you paid

A good audit produces a written document with:

  • Full stack inventory with costs (the table)
  • Top 10 cost-saving opportunities, ranked by ease and savings size
  • Top 5 integration gaps, ranked by leverage
  • Risk register, ranked by severity
  • 90-day action plan
  • A re-audit recommendation — when to do this again

10–25 pages, written, not a slide deck.

Common findings (and what they cost to fix)

What we typically find in Indonesian SMEs:

  • Rp 50–300 juta/year of redundant subscriptions. Cancellation cost: zero to small.
  • 2–4 unused vendors paying full price. Cancellation cost: zero.
  • 3–5 vendors auto-renewing at sticker price. Renegotiation cost: 1–2 weeks of conversation.
  • 2–4 critical integration gaps. Build cost: Rp 15–80 juta total.
  • 1–2 compliance gaps. Fix cost: Rp 10–50 juta.

The audit itself: Rp 30–80 juta typically, depending on stack size. Almost always pays for itself in the first 90 days.

When to audit

Three triggers that justify it:

  • You haven’t done it in 18+ months and your team has grown.
  • You’re about to commit to a big new technology investment (any single thing over Rp 50 juta/year).
  • You inherited the stack (M&A, founder transition, new operations leader).

How to actually run one

Five-step process that works:

  1. Centralise expense data. Pull every recurring software cost from accounting. This alone usually surprises people.
  2. Survey teams about what they use. A simple form: tool name, who uses it, how often, what for.
  3. Reconcile expenses against survey. The gaps reveal unused or unknown subscriptions.
  4. Interview the active users of each tool. What’s working, what’s not, what they wish was different.
  5. Synthesise into the written deliverable. With ranked recommendations.

Whole process: 2–4 weeks for an SME-scale stack.

If you’re considering a tech stack audit and want to figure out whether it’s worth doing now, an hour of conversation usually clarifies it. We do those at no cost.