Skip to content
AuditFront
OPS-5 Tech Due Diligence

Tech Due Diligence OPS-5: Cloud Cost Management and Efficiency

What This Control Requires

The assessor evaluates cloud infrastructure costs, cost trends, cost optimisation practices, unit economics of infrastructure spend, and whether the cost structure is sustainable and scalable as the business grows.

In Plain Language

Infrastructure costs directly hit gross margins and unit economics, which is why cloud spend gets serious attention during due diligence. Investors and acquirers need to understand not just what you spend today, but how those costs will scale as the business grows. Poorly managed cloud costs can quietly erode the financial viability of a SaaS business.

Assessors look at total cloud spend and its trend over time, cost per customer or per unit of value delivered, cost efficiency relative to revenue (healthy SaaS businesses typically spend 10-25% of revenue on infrastructure), optimisation practices like right-sizing and reserved instances, wasted resources, and the cost scaling curve - does spend grow linearly, sub-linearly, or super-linearly with customer growth?

Nobody expects the absolute lowest possible bill. A company spending generously on infrastructure with clear justification around reliability or performance is fine. What raises flags is runaway costs with no visibility, no optimisation practice, and no plan. That is a financial risk that compounds as the business scales.

How to Implement

Get visibility into your cloud spend first. Use native tools (AWS Cost Explorer, Azure Cost Management, GCP Cloud Billing) or third-party platforms (Vantage, CloudZero, Kubecost). Set up cost dashboards showing spend by service, team, and environment. Track trends month-over-month and year-over-year. Tag all resources for cost allocation and configure budget alerts for unexpected increases.

Define and track infrastructure unit economics. Calculate cost per customer, cost per API request or transaction, infrastructure cost as a percentage of revenue, and cost per seat if you use seat-based pricing. Monitor these over time to understand your scaling curve.

Optimise actively. Right-size instances based on actual utilisation data. Use reserved instances or savings plans for predictable workloads (typically 30-60% savings). Use spot or preemptible instances for fault-tolerant jobs. Implement auto-scaling to match capacity with demand. Clean up unused resources - unattached volumes, idle load balancers, orphaned IP addresses. Optimise data transfer costs with same-region traffic and CDN for static content.

Establish a FinOps practice that brings engineering, finance, and operations together around cloud costs. Give engineering teams visibility into and accountability for their own infrastructure spend.

Run monthly cost reviews. Identify top cost drivers, investigate anomalies, and track savings from optimisation work to demonstrate ROI.

Model future costs based on growth plans. Project spend at 2x, 5x, and 10x current load. Identify non-linear cost drivers like data transfer, storage growth, and database licensing, and plan optimisation strategies ahead of time.

Factor cost efficiency into architectural decisions. Serverless works well for variable workloads with pay-per-use economics. Containerisation improves resource utilisation. Caching reduces database and API load. Data lifecycle management keeps storage costs in check.

Evidence Your Auditor Will Request

  • Cloud cost dashboard or reports showing spend breakdown
  • Unit economics metrics (cost per customer, cost as % of revenue)
  • Cost optimisation initiatives and measured savings
  • Resource utilisation reports showing efficient use of infrastructure
  • Cost projection model for business growth scenarios

Common Mistakes

  • No visibility into cloud costs; total spend unknown or surprising
  • Resources provisioned for peak load running 24/7 without auto-scaling
  • Development and testing environments left running when not in use
  • No cost allocation tagging; impossible to attribute costs to teams or products
  • Infrastructure costs growing faster than revenue; unsustainable unit economics

Related Controls Across Frameworks

Framework Control ID Relationship
SOC 2 CC6.1 Related

Frequently Asked Questions

What infrastructure cost as a percentage of revenue is healthy?
For B2B SaaS, infrastructure typically runs 10-25% of revenue. Below 10% is excellent. 25-40% is concerning and suggests you need to optimise. Above 40% is a red flag pointing to architectural inefficiency or a pricing problem. These benchmarks do vary by product type and margin expectations.
Should we use reserved instances?
For predictable, stable workloads running for one to three years, reserved instances or savings plans typically save 30-60% over on-demand pricing. They make strong sense for production database and application server capacity. Just avoid reserving capacity for workloads that may change significantly in the near term.

Track Tech Due Diligence compliance in one place

AuditFront helps you manage every Tech Due Diligence control, collect evidence, and stay audit-ready.

Start Free Assessment