Forty-seven vendors,
one overdue audit.
How a 110-person Canadian energy services operator recovered low six-figures in annual SaaS spend, cut their vendor count from 47 to 14, and tightened cyber posture in the same 90-day window.
FOR: Operators · 80–150 people · vendor sprawl + overdue cyber audit
Quick answer
A 110-person Canadian energy services operator was carrying 47 active SaaS vendors with overlapping capability and an overdue cyber audit. Over a 90-day window, Vencer ran the consolidation: 47 vendors down to 14, low six-figures CAD per year recovered in license waste, and the cyber posture tightened in the same pass. The audit cleared on schedule.
Forty-seven vendors. Nobody knew it was forty-seven.
110 people across two basins. A services operator running mud logging, wireline, and completions support. Two bolt-on acquisitions in the prior 24 months. Nothing got sunset.
The CFO called the day the 2026 cyber renewal questionnaire landed. “I can’t answer half of these honestly because I don’t actually know what we have.” A reasonable answer. Across two bolt-on acquisitions completed in the prior 24 months, the operator had inherited every vendor relationship from both targets. Nothing got sunset. Each acquisition’s IT team had favorites. The CFO’s quarterly close was now reconciling output from three different accounting platforms that had different methodologies for the same line items.
The IT director’s estimate of active SaaS vendors: 15 to 25. The actual number, once we audited, was 47.
Annual SaaS spend was $620K and growing roughly 20% year over year, with no governance review in place. Per-user M365 licensing was sitting at 140 seats against 110 active users. Two EDR products were running on overlapping endpoint sets, neither one with clean coverage. Three cloud backup products. Two CRMs, neither fully utilized.
The cyber renewal underwriter wasn’t going to renew this without significant remediation, and the CFO had a quarter-end approaching with three weeks to clean it up.
Eight categories. Tool overlap in every one.
The IT-and-the-Cycle Review was scoped at five days. Day two was the structured vendor audit - two CFO/IT/operations principals, eight 90-minute sessions across the eight standard categories. By end of day, the full inventory was on paper:
- Identity & Access. Microsoft Entra deployed, plus two separate MFA apps (Duo and Microsoft Authenticator) plus a password manager ( 1Password ). Conditional Access configured inconsistently. Estimated waste: $14K/year.
- Productivity. Microsoft 365 (everyone) plus Slack (one inherited team) plus Webex (the other) plus Zoom (sales). Four project management tools - Asana, Smartsheet, Monday, Microsoft Project. Two file-sharing tools beyond OneDrive. Estimated waste: $58K/year.
- Accounting & Finance. Three production accounting platforms across the three legacy entities. Two AP automation tools. Two expense management platforms. Estimated waste: $42K/year before platform consolidation.
- Communications. Two CRMs (Salesforce and HubSpot), neither fully utilized. One inherited email security tool layered on Microsoft Defender for Office 365 (paying for both). Estimated waste: $28K/year.
- Security. Two EDR products on overlapping endpoint sets - SentinelOne at the parent, legacy Sophos at the acquired entities. Three cloud backup products. A SIEM trial that had become a full subscription nobody monitored. Estimated waste: $51K/year - and material cyber posture risk from tool overlap.
- Infrastructure / OT / HR. Generally clean. Two field-app subscriptions paid for but unused; one old training platform that hadn’t been canceled. Estimated waste: $11K/year.
Plus an additional $40K available from rationalizing M365 license counts (140 seats → 110 seats at renewal). Plus indirect savings from accounting platform consolidation, addressed as a separate Q3-Q4 project. The audit itself was 16 hours of structured work. The recovery was on the table within two days.
A CFO-owned project where Vencer’s strategic advisor facilitated.
The framing was deliberate: this isn’t a Vencer project. The CFO ran the steering. Each tool decision had a named internal owner. Vencer drafted the playbook, negotiation talking points, and migration checklists.
low six-figures recovered. 47 vendors down to 14. Cyber posture improved.
Before and after.
The moment it mattered.
The audit was uncomfortable. Three managers had favorite tools that got cut. The IT director defended decisions in two team meetings. One manager left within 90 days, partly over the consolidation decisions. That’s an honest outcome we’d flag again.
But: low six-figures of annual budget came back. The cyber renewal closed at flat - which by itself paid for the consolidation work three times over. The quarterly governance now catches new sprawl before it accumulates. And the cyber posture got materially better because the tool overlap had been creating monitoring gaps where neither tool quite covered.
The work is two days of audit plus thirty days of execution. The discipline that prevents recurrence is one hour per quarter. The economics are unambiguous; the friction is real but bounded. Operators who run this annually catch sprawl before it compounds. Operators who don’t pay for it through inflated SaaS budgets, cyber renewal pricing pressure, and tool-overlap monitoring gaps.
Does this story sound familiar?
The pattern in this case study has played out across dozens of Canadian oil and gas operators in the mid-market range. If you recognize parts of it in your own operation - or you suspect you might - the next step is a structured conversation with a Vencer engineer.
The IT-and-the-Cycle Review is a 3 to 5 day structured assessment by a Vencer engineer. We look at four things: what you are spending and whether the cost base is rightsized for your operating tempo; where your cyber baseline sits against the controls underwriters check at renewal; what one bad day looks like (ransomware, key vendor failure, partner dispute) at current state; and what you would need to be M&A-ready in either direction (acquirer or target) within 90 days of the cycle moving. You leave with a written report and a prioritized list of decisions, named owners against each. No hype. No vendor pitch. Just an honest read on where you are.
Calgary, AB T2P 3J4
insights@vencergroup.com
Calgary-operated managed IT, cybersecurity, and M&A technology firm. 19 years operating. Zero breaches in 11 years. Read our story.
One operator's outcome. Your situation has different variables. These numbers are real; the applicability to your operation requires conversation. The 30-min review is where that starts.
Notes & Methodology
About these figures: This is a composite case study drawn from multiple actual Vencer Group engagements. Specific dollar amounts, percentages, and timelines are derived from Vencer Group operating data - they are weighted averages or representative examples from comparable engagements with mid-market Canadian energy operators of similar size and complexity. Where the case study cites industry-wide figures (market data, threat landscape numbers, regulatory trends), those are either named external sources cited inline OR Vencer Group estimates based on observations across recent client engagements - and framed as such. Identifying client details have been altered; the patterns and outcomes are real.