Cost Optimization & FinOps
Idle resources, rightsizing, commitment portfolio design, data-transfer waste, storage tiering. Every finding lands with a monthly and annualized dollar figure so your finance team can act on it.
Audit category · 02 of 08
01 Scope
What this audit covers
+
Scope
What this audit covers
A FinOps audit answers one question in three different ways: where is money going, where is it being wasted, and what is the highest-leverage place to act first?
Idle & orphaned resources
Stopped VMs with attached storage, unattached EBS / managed disks, unused IPs, forgotten snapshots, dev resources left running on weekends.
Rightsizing
Compute instance families, database tiers, and container resource limits against actual utilization over a representative period.
Commitment portfolio
Reserved Instances, Savings Plans, Azure Reservations, GCP Committed-Use Discounts. Coverage analysis, layering strategy, renewal planning.
Data transfer
Cross-AZ, cross-region, and egress charges. The invisible line item that rewards architectural attention more than per-service optimization.
Storage tiering
S3 Intelligent-Tiering vs manual lifecycle, Glacier / Archive readiness, snapshot retention audits, log-storage class mismatches.
Unit economics
Cost per tenant, per request, per customer. Makes optimization decisions defensible rather than opportunistic.
02 Why it matters
Cloud waste is structural, not accidental
+
Why it matters
Cloud waste is structural, not accidental
Industry surveys from the FinOps Foundation, Flexera, and the major providers consistently put cloud waste at 20 to 35 percent of total spend. That is not carelessness — it is the natural entropy of an environment where provisioning is fast, deprovisioning is optional, and rate cards change quarterly.
A FinOps audit is not a one-time savings hunt. It is an evidence base: the baseline for a durable FinOps practice, the ammunition for a rate negotiation with your provider, or the optimization wave that funds the next year of platform work without a headcount request.
03 Method
How we assess it
+
Method
How we assess it
We work from your billing data, not marketing assumptions.
Input A
Billing data
AWS Cost and Usage Report, Azure Cost Management exports, or GCP Billing BigQuery export. We load a minimum of six months to see trends and seasonal patterns.
Input B
Utilization data
CloudWatch / Azure Monitor / Cloud Monitoring metrics for compute, database, and storage utilization. Two to four weeks minimum for rightsizing confidence.
Input C
Financial context
Your growth plan, contract terms, and any upcoming architectural changes. Optimization that contradicts strategy is false savings.
We use the FinOps Foundation's Framework (inform, optimize, operate) as our organizing principle. The audit is the inform phase, landed as actionable optimize moves.
04 Deliverables
What you get
+
Deliverables
What you get
- Findings register — every optimization, classified by effort (S/M/L), risk (low / medium / high), and dollar impact (monthly + annualized).
- Quick-wins list — low-effort, zero-risk fixes totaling 5–15% of monthly spend in most engagements. Usually actionable within the week.
- Commitment portfolio recommendation — exact RI / Savings Plan / Reservation ladder with break-even and coverage targets.
- Rightsizing backlog — per-resource recommendations with utilization evidence, grouped by service owner so rollout is not centralized guesswork.
- Tagging & showback plan — if cost allocation is broken, a roadmap to fix it before the next optimization wave.
- Executive summary — one page. Current run rate, achievable savings, recommended first-90-days plan.
05 Patterns
Common findings
+
Patterns
Common findings
Across FinOps engagements, the same categories of waste show up over and over.
Unattached volumes and orphaned snapshots.
A terminated instance leaves the volume, a deleted volume leaves the snapshot, and nobody reviews them. Cost per item is small; the count makes it material. Typical finding: four to eight percent of storage spend.
Stopped instances with attached EIPs and volumes.
Compute charges are zero, storage and EIP charges are not. Dev accounts are the worst offenders.
Reserved capacity mismatched to workload.
Three-year RIs bought at peak scaled down six months later, or no commitments at all on stable workloads. A well-constructed commitment ladder usually lifts discount coverage by 15 to 25 percentage points.
Cross-AZ data transfer on chatty microservices.
Service-to-service traffic routed without topology awareness. A ten-percent reduction in cross-AZ traffic is often a one-week architecture change with five-figure monthly impact.
Log and backup retention set to “whatever the default is.”
Ninety-day CloudWatch retention on Lambda logs nobody reads, lifetime S3 versioning on build artifacts, full DB snapshots retained daily for twelve months. Rightsize retention to actual regulatory and operational needs.
Non-production environments running 24/7.
Dev, staging, and QA clusters idle 128 hours a week. Automated schedulers (Instance Scheduler, start/stop automations, spot for non-critical) typically cut non-prod spend by 40–60%.
06 FAQ
Questions we get asked
+
FAQ
Questions we get asked
What savings can we realistically expect? +
It depends on starting point. For an environment that has never had a FinOps review, 15 to 25 percent of annual cloud spend is typical within the first 90 days of acting on recommendations. Mature FinOps environments settle at 3 to 8 percent annual incremental savings.
Do you take a percentage of the savings? +
No. Fixed fee, disclosed before the engagement. Success fees incentivize short-term optimization moves that create long-term debt. We do not operate that way.
Do we need to install a third-party FinOps platform? +
No. The provider-native tools (Cost Explorer, Cost Management, Billing BigQuery) are sufficient for the audit. We make a build-versus-buy recommendation for ongoing tooling as part of the deliverables.
Will this affect performance? +
Every rightsizing and retention recommendation is annotated with the utilization evidence behind it and a rollback plan. Risk-labeled recommendations (typically medium or high risk) are surfaced separately for your team to weigh in before action.
Can you execute the optimizations for us? +
Yes, as a separate engagement. Separating assessment from execution keeps findings honest and gives your team the option of using internal resources for the rollout.
Related
Based on the FinOps Foundation Framework. Part of the CloudCheck 360° methodology. See also Infrastructure & Architecture and Monitoring & Observability.
Start with a free Cloud Health Check.
A scoped-down CloudCheck 360° of your current environment. Delivered in five business days, no commitment.