Procurement vs Operations Ownership: Who Decides on SaaS and When
The operations team had been evaluating project management tools for six weeks. They'd done demos, run a pilot, scored vendors, and identified a clear winner. The contract was ready to sign.
Legal flagged it. Procurement was simultaneously evaluating three of the same vendors for a company-wide deployment. The operations team hadn't known. Procurement hadn't known the ops team was running a parallel process. And the vendor the ops team had chosen was actually the vendor procurement had ranked third.
The COO now had to make a decision that was politically difficult regardless of which way it went: override the operations team's six weeks of work, or override procurement's in-progress evaluation. Either option consumed goodwill and set a precedent.
The root cause wasn't a bad decision by either team. It was an undefined authority structure. Nobody had answered the question: when does operations decide, when does procurement lead, and how do they hand off when the size or scope crosses a threshold?
That's the question this guide answers.
Key Facts: SaaS Procurement vs. Operations Ownership
- 65-75% of SaaS purchases at mid-market companies bypass procurement entirely, with line-of-business buyers (operations, sales, marketing, HR) making direct purchasing decisions (Gartner SaaS spend research, 2024).
- The average mid-market company runs 40-60% more SaaS apps than IT is aware of — shadow IT inflates the real portfolio well beyond the sanctioned inventory (Productiv State of SaaS Sprawl, 2024).
- Duplicate SaaS spend averages 10-30% of total SaaS budget at mid-market companies with no central registry — two teams buying overlapping tools is the single largest source of preventable waste.
- Average procurement approval cycle time for tools over $25K is 6-10 weeks at companies with formal procurement, versus 2-5 days for operations-led decisions below threshold (Deloitte CPO Survey).
- Companies that formalize SaaS ownership between 150-500 employees spend roughly 40% less per employee on SaaS at the 500-person mark than those that defer governance until a crisis forces it (Forrester technology governance maturity research).
The Decision-Owner Split Model
The Decision-Owner Split Model assigns SaaS buying authority based on two axes: contract value and functional specificity. Procurement leads when contract value exceeds a material threshold (typically $50K+) or when the tool is cross-functional infrastructure where portfolio consolidation matters more than user-specific fit. Operations leads when the tool is department-specific, below threshold, and use-case knowledge dominates the decision. Joint ownership applies in the middle band ($10K-$50K), where operations defines requirements and runs evaluation while procurement manages the RFP, contract terms, and vendor diligence — with explicit tiebreaker rules (operations wins on capability, procurement wins on price/terms, security wins on risk).
Why SaaS Authority Is Undefined at Most Mid-Market Companies
Mid-market companies typically don't build formal procurement functions until they're experiencing procurement problems. By then, the informal buying culture is established and difficult to change. Deloitte's Global Chief Procurement Officer Survey consistently finds that companies without formalized procurement authority at the mid-market stage spend 20–35% more on technology categories than comparably sized companies with defined ownership structures.
The evolution usually looks like this:
- 0-50 employees: Founder or COO approves everything. Informal but functional: the CEO knows every tool.
- 50-150 employees: Informal approval at manager level, with finance spot-checking. Most purchases happen below the visibility threshold.
- 150-500 employees: IT, Finance, and Operations are all involved in different purchases with no consistent process. Conflicts emerge. Shadow IT is significant.
The 150-500 range is where SaaS authority needs to be formalized. The organization is too large for CEO-level visibility on every purchase, but not yet structured enough to have built the governance rails. And the SaaS spending is large enough (typically $300K-$1M+ annually) to warrant the structure. Forrester's research on technology governance maturity identifies the 150–500 employee range as the highest-risk window for technology spend management. Organizations that formalize authority structures during this growth phase show 40% lower SaaS spend per employee at the 500-person milestone than those that defer governance until a crisis forces it.
The Three Ownership Models
Model 1: Threshold-Based Authority
The most common and practical model for mid-market companies. Authority is assigned based on contract value:
| Value Threshold | Authority | Process |
|---|---|---|
| Under $2,000/year | Team lead can approve | Self-service: register in SaaS portal within 5 days |
| $2,000-$10,000/year | Department head approves | Lightweight checklist: security review + IT registration |
| $10,000-$50,000/year | COO or CFO approves | Full checklist: diligence + legal review |
| Over $50,000/year | Executive team approves | Full RFP process; procurement leads with operations as stakeholder |
Advantages: Simple to communicate, easy to enforce, maps to financial materiality.
Disadvantages: Threshold gaming. Teams break purchases into multiple smaller contracts to stay under the threshold. Requires a "look-back" rule: purchases from the same vendor, or tools serving the same function, are aggregated for threshold purposes regardless of how they're structured. This is also how SaaS sprawl compounds. Small under-threshold purchases that individually seem fine accumulate into a portfolio nobody is overseeing.
Model 2: Category-Based Authority
Authority is assigned by tool category rather than by value:
| Category | Default Owner | Escalation Rule |
|---|---|---|
| Business productivity apps | Operations | Escalate to IT if > 20 users |
| Infrastructure and cloud | IT | Escalate to CTO if > $10K |
| Data tools and analytics | IT/Data team | Escalate if customer data involved |
| HR and people management | HR | Escalate to COO if > $20K |
| Sales and revenue tools | Revenue Operations | Escalate to CRO if > $50K |
| Finance and accounting | CFO's office | CFO approves all |
| Security tools | IT | CISO or IT director approves all |
Advantages: Category expertise drives the decision. HR owns HR tools, revenue operations owns sales tools. Better decisions in specialized domains.
Disadvantages: Category boundaries are fuzzy. A CRM is a sales tool. But it's also an IT tool. And a customer data tool. Category disputes require a tiebreaker.
Model 3: Hybrid Model (Operations Decides Below Threshold, Procurement Advises)
A pragmatic middle ground that works well for companies with an emerging procurement function:
- Below $10K: Operations decides with IT registration requirement. Procurement is available as an advisor but doesn't have approval authority.
- $10K-$50K: Operations leads the evaluation; procurement advises on RFP process, contract review, and negotiation. Joint decision with escalation to COO if unresolved.
- Above $50K: Procurement leads the process; operations is the primary stakeholder who defines requirements and evaluates capability. Joint decision.
The key principle: Procurement's value-add is process expertise (RFP management, contract negotiation, vendor diligence) and portfolio oversight (preventing duplicates, managing aggregate spend). Operations' value-add is use case knowledge (what the tool needs to do and how it fits into workflows). The model fails when procurement becomes a bottleneck rather than an accelerator, or when operations bypasses procurement to avoid perceived slowdown. For tools above the threshold, how to run a SaaS RFP is the three-week process template that keeps the procurement-led evaluation moving quickly enough that teams don't route around it.
Choosing the Right Model
| Company Profile | Recommended Model |
|---|---|
| No formal procurement function | Threshold-based; simple, doesn't require a procurement team |
| Existing procurement function with category coverage | Category-based; leverages existing expertise |
| Procurement team exists but is perceived as a barrier | Hybrid; procurement as advisor, not gatekeeper |
| History of shadow IT and buying conflicts | Hybrid or category-based with explicit process enforcement |
The SaaS Authority Matrix Template
Build this matrix for your company. Fill in every cell before publishing the policy.
| Decision Type | Under $2K | $2K-$10K | $10K-$50K | Over $50K |
|---|---|---|---|---|
| Initial approval authority | Team lead | Dept head | COO/CFO | Exec team |
| IT notification required? | Within 5 days | At approval | Before approval | Before RFP |
| Security review required? | No | Basic (10-item checklist) | Full review | Full review |
| Legal review required? | No | No | Yes (standard MSA) | Yes (full review) |
| Procurement involvement? | Advised | Optional | Advisory | Lead |
| RFP process required? | No | No | 3-vendor minimum | Full RFP |
| CFO visibility? | Monthly report | On approval | On approval | On approval |
The Post-Purchase Ownership Assignment
A question almost as important as "who decides": who owns the vendor relationship after the contract is signed?
This is where most governance frameworks stop. They define the approval process and leave ownership undefined. Then the original champion leaves, the renewal approaches, nobody knows the terms, and the contract auto-renews by default.
Post-purchase ownership assignment template:
| Role | Responsibility |
|---|---|
| Business owner | Accountable for adoption, ROI, and business value. Makes renewal decision. Reviews 90-day ROI report. |
| Technical owner | Manages integrations, provisioning, and IT support. Owns security review at renewal. |
| Commercial owner | Manages contract terms, renewal calendar, and vendor relationship. Handles pricing negotiation. |
| Escalation path | Who gets called if the business owner, technical owner, and commercial owner disagree? |
For purchases under $10K, one person may fill all three roles. For purchases over $50K, these should be separate people.
This assignment should be documented when the contract is signed, stored in the SaaS registry, and reviewed annually.
The Escalation Decision Tree
When operations and procurement disagree on a SaaS purchase decision, the escalation path needs to be defined before the conflict occurs.
Standard escalation tree:
Is this a new purchase or a renewal?
├── New purchase
│ ├── Under threshold? → Operations decides per authority matrix
│ └── Over threshold?
│ ├── Both ops and procurement agree? → Joint recommendation to exec
│ └── Ops and procurement disagree?
│ ├── Is the disagreement about capability? → Operations wins (they define requirements)
│ ├── Is the disagreement about price/terms? → Procurement wins (their domain)
│ ├── Is the disagreement about vendor risk? → IT/Security wins (risk is their domain)
│ └── Is the disagreement about strategy? → COO decides within 48 hours
└── Renewal
├── Under $10K? → Business owner decides; commercial owner negotiates
└── Over $10K? → Business owner + commercial owner joint decision; COO if disagreement
The "COO decides within 48 hours" rule is critical. Open-ended escalations kill momentum. Build a time limit into the process.
Common Failure Modes
Procurement as gatekeeper, not enabler. When every purchase above a threshold requires procurement sign-off and procurement runs a six-week cycle, teams bypass the process. The fix is service-level standards for procurement: a $20K purchase should have procurement turnaround in five business days, not three weeks.
Authority policy without process. Defining who can approve what doesn't help if there's no system for tracking approvals, no SaaS registry for registering new tools, and no renewal calendar for managing upcoming expirations.
Policy that operations ignores. A policy that isn't enforced is worse than no policy. It creates the appearance of governance without the reality. Build the policy around a workflow that teams actually follow: an approval form, a Slack channel, a SaaS registry. The policy should require minimal extra steps, not a bureaucratic detour.
Undefined ownership at contract signature. The moment a contract is signed, the business owner, technical owner, and commercial owner should be assigned and recorded. If this isn't done at signature, it becomes harder to do retroactively. This is especially important for contracts with complex renewal terms. The SaaS contract red flags guide covers the auto-renewal and notice window clauses that only matter if someone actually owns the renewal calendar.
Making the Policy Stick
The most common reason governance policies fail is that they're designed as documents rather than workflows. A document can be ignored. A workflow is part of how work gets done. McKinsey's research on organizational change in procurement functions found that procurement policies embedded into existing approval workflows achieve 3–4x higher compliance rates than standalone policy documents, regardless of policy content.
For the policy to stick:
Build the registry. Every approved tool goes into a central tool (a spreadsheet is fine to start; a proper SaaS management platform as you scale) with owner, cost, renewal date, and status.
Automate the renewal alerts. Ninety days before every renewal above $5K, the commercial owner gets an automated reminder. This one change eliminates most renewal surprises.
Make compliance the easy path. The approval workflow should take ten minutes for a $3K tool, not thirty. If the process is painful, teams route around it.
Review exceptions publicly. When a team buys a tool outside the process, address it in a forum where other team leads see it. Shadow IT persists when it has no consequences.
Report on the portfolio quarterly. A brief portfolio review (total spend, tools added, tools removed, upcoming renewals) keeps leadership visibility current without requiring a deep audit every time.
Measuring Whether Governance Is Working
| Metric | Target |
|---|---|
| Purchase approval cycle time (under threshold) | Under 48 hours |
| Purchase approval cycle time (over threshold) | Under 10 business days |
| Shadow IT incidents per quarter | Declining toward zero |
| Conflicting vendor evaluations per year | Zero |
| Renewal surprises per year | Zero |
| Ops satisfaction with procurement process | 4+/5 on quarterly survey |
The ops satisfaction score is worth tracking explicitly. If operations consistently rates the procurement process poorly, the policy is creating friction that will generate workarounds. That friction is worth diagnosing and removing.
How Rework Work Ops Supports Procurement-Operations Coordination
Governance breaks down when procurement and operations work from separate systems — procurement lives in spreadsheets and ticketing queues, operations lives in project tools and shared inboxes. The handoff between them is where duplicate evaluations, shadow IT, and renewal surprises originate.
Rework Work Ops gives both functions a shared surface. The vendor registry lives as a structured database every department can see — every tool, owner, renewal date, spend tier, and approval status in one place. Procurement can filter by "contracts renewing in 90 days over $10K" while operations can filter by "tools in my category currently under evaluation." Duplicate evaluations surface before the second team wastes six weeks on a parallel RFP.
The approval workflow template maps directly to the Decision-Owner Split Model above. A $3K request routes to the department head with a lightweight checklist. A $25K request auto-attaches procurement as an advisor and triggers the RFP template. A $60K request escalates to procurement-led with operations as stakeholder — all without Slack-based chasing or ambiguous ownership. Starting at $6 per user per month, Work Ops is priced to justify itself after preventing one duplicate purchase.
Frequently Asked Questions
Frequently Asked Questions About Procurement vs Operations SaaS Ownership
Who should own SaaS purchasing decisions — procurement or the business?
Neither owns it alone. Operations owns capability fit and use case knowledge — they're accountable for whether the tool solves the problem. Procurement owns process, price, contract terms, and portfolio oversight — they prevent duplicates and negotiate leverage. Below $10K, operations decides with light IT registration. Above $50K, procurement leads the process with operations as the stakeholder defining requirements. The $10K-$50K middle band is a joint decision. Assigning one side or the other blanket ownership produces predictable failures: procurement-only buys tools operations won't use; operations-only produces duplicates and auto-renewal surprises.
When does procurement slow down the right deal?
When procurement's cycle time for mid-value purchases exceeds 2-3 weeks, or when procurement treats every purchase with the same rigor regardless of strategic importance. A $15K departmental tool should not require a 6-week RFP. If procurement cannot turn around a $20K decision in 5 business days, operations will route around them — and the governance structure will collapse. Build explicit procurement SLAs by contract value tier, and track them publicly.
How do we stop shadow IT from the business side?
Shadow IT persists when the sanctioned path is painful and the unsanctioned path has no consequences. Fix both. Make the approval workflow take 10 minutes for a $3K tool, not 30. Require a central registry for every tool — no registry entry, no expense reimbursement. Review exceptions publicly in leadership forums so team leads feel the social cost of bypass. Automate discovery via SSO, expense report keyword matching, and network traffic analysis so shadow tools surface within 30 days. The goal isn't zero shadow IT on day one — it's a trend line moving toward zero.
What's the handoff between procurement and the operations owner post-purchase?
Assign three roles at contract signature, documented in the SaaS registry: a business owner (accountable for adoption and renewal), a technical owner (IT provisioning, security reviews), and a commercial owner (contract terms, renewal calendar, pricing). Under $10K, one person fills all three. Over $50K, these are separate people. Procurement hands off to the commercial owner at signature and re-engages 90 days before renewal. Without this assignment, the champion leaves, the contract auto-renews, and nobody notices until finance flags the charge.
At what spend threshold must procurement be involved?
Three common thresholds. At $10K annual spend, procurement becomes an advisor — available for contract review and RFP guidance, without approval authority. At $25K-$50K, procurement is a required stakeholder with joint decision authority. At $50K+, procurement leads the process with operations as primary stakeholder. Below $10K, procurement should be notified monthly via a registry report, not engaged per-purchase — they'll drown in $3K approvals otherwise. Some companies set a cumulative threshold: any vendor where total annual spend exceeds $50K across contracts requires procurement, preventing threshold gaming.
How do mid-market firms typically structure this split?
Mid-market (150-500 employees) most commonly uses a hybrid threshold-plus-category model. A typical structure: Operations decides below $10K for department-specific tools. IT/procurement decides for infrastructure regardless of threshold. HR decides for HR tools under $20K. Revenue operations decides for sales tools under $50K. Above the threshold in any category, it's a joint procurement-led process. Companies that try pure category-based ownership run into boundary disputes (is a CRM a sales tool or a customer data tool?). Companies that try pure threshold-based ownership lose category expertise. The hybrid captures the benefits of both with explicit tiebreaker rules.
What's the single biggest mistake mid-market companies make here?
Defining authority in a document without embedding it in a workflow. A policy that lives in a Notion page gets ignored within 90 days. The policy needs to live in the approval tool, the expense system, and the SaaS registry — so compliance is the default path, not an extra step. McKinsey's research on procurement policy adoption found that workflow-embedded policies achieve 3-4x higher compliance rates than standalone policy documents, regardless of content quality.
Learn More
- The SaaS Buying Decision Tree: When to Buy, Build, or Bolt On: the decision framework that operates within the governance structure
- How to Run a SaaS RFP That Doesn't Waste 6 Weeks: what the procurement-led process looks like for purchases over the threshold
- The SaaS Sprawl Problem: Signs You Have It and How to Fix It: what happens when governance is absent for too long
- SaaS Consolidation: When to Cut a Tool vs. Keep It: the cleanup exercise that good governance prevents from being necessary
- Measuring SaaS ROI 90 days after purchase: how to tie business owner accountability to measurable outcomes at 90 days
- AI governance policy for departments: how to extend the authority framework to govern AI SaaS purchases specifically
Head of Enterprise Solutions
On this page
- The Decision-Owner Split Model
- Why SaaS Authority Is Undefined at Most Mid-Market Companies
- The Three Ownership Models
- Model 1: Threshold-Based Authority
- Model 2: Category-Based Authority
- Model 3: Hybrid Model (Operations Decides Below Threshold, Procurement Advises)
- Choosing the Right Model
- The SaaS Authority Matrix Template
- The Post-Purchase Ownership Assignment
- The Escalation Decision Tree
- Common Failure Modes
- Making the Policy Stick
- Measuring Whether Governance Is Working
- How Rework Work Ops Supports Procurement-Operations Coordination
- Frequently Asked Questions
- Learn More