What a Readiness Audit Should Test Before Renewal
A renewal quote is not the right place to discover weak evidence. This guide shows what a readiness audit should test so Finance, IT and Procurement can enter renewal talks with cleaner facts.

Test 5: Security and governance that affect renewal risk
A Salesforce renewal is not a full cybersecurity audit, but it should include enough governance testing to avoid renewing blind.
At minimum, the audit should look at privileged users, admin access, connected apps, integration users, inactive accounts, audit settings, backup arrangements and any third-party applications that touch Salesforce data. These checks help the team understand whether the renewal should include remediation work, contract protections, product changes or internal governance decisions.
For official platform status and security resources, Salesforce maintains Salesforce Trust, which is a useful reference point for availability, compliance information and security-related updates.
It can also help to compare your internal checks with broader risk-based audit thinking. For example, this guide to cybersecurity audit priorities for 2026 highlights identity, cloud exposure, backups, detection and governance, all areas that can become relevant when a renewal includes access, data or operational resilience concerns.
The key is proportion. Do not let security checks derail the commercial audit. But do not ignore them either. If a renewal commits the organisation to a platform for another one, two or three years, weak access governance and unmanaged integrations deserve attention before signature.
Test 6: Internal alignment before the vendor meeting
A readiness audit should test whether the internal team is aligned before the first serious vendor conversation.
This sounds obvious, but it is often missing. Finance may want cost reduction. IT may want continuity. Business teams may want more capability. Procurement may want optionality. None of these positions is wrong, but they need to be reconciled before negotiation begins.
The audit should clarify which outcomes are essential, which are preferred and which trade-offs are acceptable. For example, the business may accept a longer term if flexibility improves, or it may accept fewer products if critical integrations are protected. These decisions should not be improvised in a vendor call.
Strong negotiation is not loud. It is prepared. The organisation should know its evidence, its constraints and its alternatives before discussing price. SaaSed has written separately about Salesforce negotiation tactics that improve leverage, but the readiness audit is where much of that leverage is created.
What the audit should produce
A useful readiness audit should produce more than observations. It should leave the renewal team with materials they can actually use.
The first output is a clean renewal baseline. This should summarise current commitments, renewal dates, products, quantities, spend, known uplift risk and contractual constraints.
The second output is a usage and demand view. This should separate essential use, questionable use, likely shelfware and validated future demand. It should also show where more business input is needed.
The third output is a decision log. This is often the most valuable part. It records which items the company will retain, reduce, challenge, defer or escalate. It should name owners and deadlines, because unclear ownership is one of the quietest ways to lose time before renewal.
The fourth output is a negotiation brief. This should not be a script. It should be a concise summary of the company’s position, evidence, risks and desired outcomes. A good brief makes the renewal conversation calmer because the team is no longer reacting to every vendor prompt from scratch.
Who should be involved
A readiness audit should not sit with one function alone.
The CFO or finance lead brings budget discipline and tests affordability. The CIO or IT lead brings operational context and platform risk. Procurement brings commercial structure, timing and negotiation control. Business owners validate whether usage and forecast demand reflect reality.
Legal may also need to review specific clauses, especially around renewal mechanics, data, liability, audit rights or termination. Security may be needed where access, integrations or compliance obligations are part of the renewal risk.
The group should be small enough to move quickly, but broad enough to avoid blind spots. A renewal audit becomes slow when everyone is invited. It becomes weak when the wrong people are missing.
When to run a readiness audit
The honest answer is: earlier than most teams do.
For a simple Salesforce estate, a focused readiness audit can be relatively quick. For a larger estate with multiple clouds, business units, amendments and integrations, it should start months before renewal. Large or politically complex renewals often need 120 to 180 days of preparation, especially if notice periods, budget cycles or executive approvals are involved.
If the vendor quote has already arrived, the audit is still useful, but the scope should narrow. Focus on the decisions that can still change the outcome: quantities, product mix, uplift challenge, term length, payment timing and any clauses that create avoidable risk.
The worst option is to skip the audit because time is short. Even a compressed review can identify errors, unsupported demand and negotiation gaps.
Signs your organisation is not renewal-ready
There are a few clear warning signs.
If no one can explain the current contract structure without forwarding a folder of PDFs, the baseline is not ready. If licence counts are known but usage is not validated by business owners, the demand view is not ready. If Finance, IT and Procurement each have a different definition of success, the negotiation position is not ready.
Another warning sign is dependence on the vendor to tell you what you own, what you use or what you should renew. Vendor input has its place, but it should not be the only version of the truth.
A readiness audit gives the organisation its own view first. That does not make the renewal adversarial. It makes it more balanced.
Frequently Asked Questions
What is a readiness audit before renewal? A readiness audit is a structured review of contracts, usage, demand, commercial risk and internal alignment before a SaaS renewal. For Salesforce, it helps the renewal team understand what to retain, reduce, challenge or renegotiate.
When should a readiness audit start? For larger Salesforce renewals, start 120 to 180 days before the renewal date where possible. Smaller estates may need less time, but the audit should still happen before the vendor quote anchors the discussion.
Is licence usage data enough for a readiness audit? No. Usage data is important, but it needs contract context, business validation, future demand checks and commercial risk review. A login report alone will not tell you what can safely change at renewal.
Should a readiness audit include security checks? Yes, but in proportion. It should review access, admin rights, integrations, connected apps and governance issues that may affect renewal risk. It does not need to replace a dedicated cybersecurity audit.
What if the renewal quote has already arrived? Run a compressed audit focused on the decisions still available. Prioritise quantities, licence mix, uplift terms, renewal clauses, unsupported demand and internal approval gaps.
A calmer way to enter renewal talks
A readiness audit will not remove every difficult decision. It will make those decisions visible earlier, with better evidence and fewer surprises.
If your Salesforce renewal is approaching and you want an experienced outside view, SaaSed can help review the contract, usage picture and negotiation position before talks harden. To start with a low-pressure discussion, book a complimentary Salesforce audit conversation.
Want this kind of intel on your renewal?
Don’t head into your next software negotiation alone
Talk to the team