01 Independent Audit

Verify
vendor. Mitigate
risk. Protect
budget.

Independent IT project audit. Vendor proposal review, project scope, technical architecture, and risk, before you sign a contract you don’t fully understand.

Book audit
Send a proposal · first response within 48 h
02 Manifesto

Four truths.

  1. Thesis 01

    The most expensive technology decisions are the ones already made. The decisions land before anyone independent gets a chance to challenge them.

    Stage · pre-contractCost-impact · highest
  2. Thesis 02

    A larger scope does not mean a better project. It means a larger invoice.

    Observed in · 8 of 10 proposalsAvg. overscope · 35–60%
  3. Thesis 03

    Your vendor optimises for their revenue. Nobody on that side of the table optimises for your budget.

    Structural incentiveMoney mechanics
  4. Thesis 04

    Sometimes the best recommendation is to stop the project. The board knows. Your lawyer knows. You are the one nobody told.

    Last 24 audits · 3 stop recommendationsAvg. saved · $1.4M
03 Diagnostic · Anonymised case

A vendor quote of $1.8M.
A right-sized rebuild at $540K.

SECTOR B2B SaaS
STAGE Pre-contract
VERDICT Stop & rebuild
SAVED $1.26M · 7 months
FIG. 03.01 REV · 02 SCALE · 1 : 1 SK · AUDIT
A · VENDOR PROPOSAL · OBSERVED 12 MONTHS · 14 ENGINEERS React SPA · Next.js · Storybook · Design System CLIENT API Gateway · Kong · Auth Service · BFF EDGE users µs auth µs billing µs notify µs search µs ml µs Kafka · Event Bus · Schema Registry MSG · OVERSIZED PostgreSQL 5 shards MongoDB cluster ×3 Redis cache + queue Elasticsearch + Kibana Kubernetes · Istio · Terraform · ArgoCD · Datadog INFRA DIAGNOSIS · OVER-ENGINEERED ML µ-svc · no use-case + $180K · 2 engineers Kafka · 200 req / day + $220K · oversized Elastic · not needed pg_trgm is sufficient 23 components · 8 unjustified at current scale. Pre-emptive scaling for traffic that does not yet exist. B · POST-AUDIT · RECOMMENDED 5 MONTHS · 4 ENGINEERS Next.js · stock build · server components CLIENT Modular Monolith SINGLE DEPLOY · ENFORCED MODULE BOUNDARIES › module · identity + auth › module · billing › module · notifications › module · search (pg_trgm) › module · core domain › async · worker queue APP PostgreSQL · primary + read replica JSONB · FULL-TEXT · LISTEN/NOTIFY · pgvector ready DATA Render · Fly.io · Cloudflare · GitHub Actions INFRA RECOMMENDATION · RIGHT-SIZED − 70% TCO from $1.8M to $540K − 7 months time to market − 10 engineers on long-term maintenance 9 components · scalable to 100× current load. Further decomposition only if and when needed.
04 Risk calculator · Indicative

How much is on the table right now?

Based on benchmarks from 24 audits. Indicative only. Pre-contract projects with stack overengineering and scope creep typically run 32–48% above necessary cost.

CALC · 04.01 INDICATIVE MODEL
A · Quoted budget $1,200,000
$100K $5M
B · Vendor team size 12
3 40 engineers
C · Project stage Pre-contract
D · Complexity signal µ-svc / Kafka
Estimated overspend
0 %
$0
Right-sized estimate
$0
After audit benchmark
Median · 32%
0%20%40%60%80%

Indicative only · benchmarked against 24 anonymised audits · actual diagnosis requires proposal review

05 Cost trajectory · Benchmark

Cost grows where it isn’t challenged.

Two trajectories of the same hypothetical project. Numbers are illustrative, drawn from the median pattern across recent audits.

Typical · vendor-led · no audit Same scope · post-audit · right-sized
$2.0M $1.5M $1.0M $500K $0 USD M0 M3 · KICK-OFF M6 M9 · MVP M12 · LAUNCH M15 M18 · STEADY $1.92M VENDOR-LED · 18 M $680K POST-AUDIT · 11 M Δ AUDIT POINT M3 · TYPICAL ENTRY
$1.24M
Δ Saved · $
−65%
vs vendor trajectory
M3
Optimal audit entry
M9
Last useful entry
06 Method

Four steps. No workshops.

A finding inside a week. A recommendation you can act on.

  1. Step 01 Day 0

    Intake.

    Proposal, scope, architecture, business context. Mutual NDA signed before any material changes hands.

    • Standard NDA, countersigned in 24 h
    • Single point of contact on your side
    • Secure document drop
  2. Step 02 Day 1–5

    Diagnostic.

    Component-by-component review. Cost validation against benchmarks. Architecture stress-test against actual load expectations.

    • Quantitative breakdown
    • Vendor pricing benchmark
    • Architecture overengineering audit
  3. Step 03 Day 6–7

    Report.

    Written diagnosis with line-item recommendations. One unambiguous verdict at the end: proceed, renegotiate, simplify, or stop.

    • Executive summary · 1 page
    • Line-item findings · 8–14 pages
    • Verdict · single sentence
  4. Step 04 Day 7+

    Debrief.

    90-minute session. I walk through findings in plain business language. Decision support for the harder calls.

    • Findings in business language
    • Scenarios · cost / risk / timeline
    • Follow-up · fractional CTO available
07 Cases · Anonymised

Six audits. Real numbers.

Identities under NDA. All figures verified by clients post-engagement. Available in full upon a countersigned NDA.

§SectorStageDiagnosisVerdictOutcomeSaved
01 Fintech · B2C Pre-contract Microservices premature · DB choice mis-sized Renegotiate Stack simplified · vendor retained −38% · 4 mo
02 SaaS · B2B Pre-contract No market validation · proposed scope speculative Stop Project not started · pivot to discovery $1.20M avoided
03 E-commerce · DTC In-flight Vendor mis-aligned with domain · scope inflation Replace vendor New vendor · 40% scope cut $620K · 5 mo
04 Logistics · enterprise Pre-contract Proposal adequate · benchmarks within range Proceed Contract signed unchanged Confirmed
05 HR Tech · SaaS In-flight 22 microservices for 80 req/s · maintenance bleed Re-architect Migration to modular monolith −2 FTE · stability ↑
06 Media · streaming Pre-contract Custom CMS proposal · no business case vs SaaS Reframe Headless SaaS adopted · integration only $740K · 8 mo
Totals · last 24 months · 6 of 24 audits shown ∑ 2.58 M + $1.20M avoided
08 Scope of engagement

Six audits. Pick the one that fits.

08 / 01 Quote

Proposal audit

Estimation realism. Line items open to negotiation. Visible and hidden cost layers.

~5 days · pre-contract
08 / 02 Scope

Scope audit

What corresponds to a real business need. What can be deferred or removed without impact.

~5 days · any stage
08 / 03 Stack

Architecture audit

Whether the proposed system fits the actual scale. What has been over-engineered.

~7 days · any stage
08 / 04 Vendor

Vendor fit

Vendor selection. Lock-in exposure. Domain alignment. Dependency map.

~7 days · pre-contract
08 / 05 In-flight

Project recovery

Budget creep. Slipping timelines. Where cost is still avoidable from here forward.

~10 days · in-flight
08 / 06 Post-audit

Fractional CTO

Decision support for organisations that need experienced technical judgement. Monthly retainer, not a full-time hire.

retainer · monthly
09 Deliverables

What you receive.

  1. § 01 One-page executive summary.
  2. § 02 Line-item findings, 8 to 14 pages.
  3. § 03 Cost benchmark table: quoted vs. right-sized.
  4. § 04 Negotiation map: items, leverage, alternatives.
  5. § 05 Risk register: technical, organisational, commercial.
  6. § 06 Architecture simplification proposal where applicable.
  7. § 07 One sentence: verdict and recommended action.
10 Fit

When it makes sense.

Engage
  • You’ve received a high vendor quote
  • You’re about to sign with a software house
  • Budget is creeping on a live project
  • No senior technical leader on your side
  • You want negotiation leverage
  • You suspect overengineering
Skip
  • You’re looking for a build vendor
  • You need engineers by the hour
  • You want confirmation of an existing decision
  • You aren’t open to questioning scope
11 Experience

15 years. 11+ demanding organisations.

Selected names from a career inside software houses, as engineer, tech lead, and decision owner on technical matters.

HBO Discovery
Media
Deutsche Bank
Banking
Panasonic
Electronics
BASF
Chemicals
Media Markt
Retail
Heathrow Express
Transport
Virgin Trains
Transport
J.S. Hamilton
Accredited lab
MHR Global
HR Tech
Pockit
Fintech
Loady
Logistics
+ others
On request · NDA
12 Subject
Sebastian Kubiak
S. KUBIAK · 2026 FIG. 12.01

Sebastian
Kubiak.

Independent IT Auditor · Fractional CTO

Fifteen years inside software houses. I know exactly how proposals are built, where margins are buried, and which decisions get rushed past clients who have no one technical at the table.Today I sit on the other side. Yours.

Deployment Engineering · May 2026

Bob the Forward Builder

A story about fintech, support queues, and the kind of engineer companies don’t know they need yet.

Read on Substack
Deployment Engineering · May 2026

Europe Does Not Need to Kill Visa and Mastercard

It needs to make them optional.

Read on Substack
Deployment Engineering · May 2026

Field note: a European commercial lab

Two days. Ten dollars in tokens. Six-figure software contracts replaced over a weekend.

Read on Substack
13 Engage

A proposal worth
a second opinion?

Send the proposal, scope, or project brief. Independent IT audit response within 48 hours, NDA-first.

Send a proposal 13 · CONTACT

Briefly describe what is on your desk. I will reply within 48 hours, NDA-first.

By sending this message you accept the privacy policy.

NDA countersigned before any material changes hands.
Email
contact@sebastiankubiak.tech
LinkedIn
linkedin.com/in/sebastiankubiak
Languages
English · Polish