Save 20% on Your Next Website •
ITCROC20 Copy Icon
• Limited Time
Save 20% on Your Next Website •
ITCROC20 Copy Icon
Limited Time

The five-step audit we run on every SaaS signup flow

A complete walk-through of the friction audit we run for every new engagement, the tooling it takes to run it yourself in an afternoon, and the patterns that recur in roughly nine out of ten SaaS funnels we look at.

Adnan Islam Majumder

Chief Executive Officer (CEO) • June 14, 2026

Share the article

Most signup flows lose 60–80% of the people who start them. The teams shipping those flows rarely know where the loss happens — only that the conversion rate is “low.” This piece walks through the exact audit we run on every new SaaS engagement, what it costs us in time, and the three findings that show up in roughly nine out of ten audits.

Fig 1 is from a real audit we ran in Q1 2025 for a B2B analytics company. Notice the verification step: it loses 71% of the people who reached it. That single step costs the company more than the previous three steps 
combined. Every audit we run finds at least one of these.

Why funnels leak in predictable places

A signup funnel is not one decision — it’s a sequence of micro-decisions, each with its own cognitive cost. People don’t drop because the product is bad; they drop because the next step is more expensive than the perceived reward at that moment. The job of the audit is to find the steps where cost outruns reward.

Why funnels leak in predictable places

A signup funnel is not one decision — it’s a sequence of micro-decisions, each with its own cognitive cost. People don’t drop because the product is bad; they drop because the next step is more expensive than the perceived reward at that moment. The job of the audit is to find the steps where cost outruns reward.

Fig 1 is from a real audit we ran in Q1 2025 for a B2B analytics company. Notice the verification step: it loses 71% of the people who reached it. That single step costs the company more than the previous three steps 
combined. Every audit we run finds at least one of these.

“The biggest leak is almost never the step the team thought it was. It's the one nobody instrumented because "of course people complete it."

The five-step audit

1. Instrument every step (not just the funnel summary)

If your analytics only tracks "signup_completed", you're flying blind. You need an event for every transition: step_viewed,step_submitted, andstep_errored with the field name.


2. Map cognitive load, not screen count


Two-screen signups can outperform one-screen signups if the one-screen version asks for nine things at once. Score each field by how much thought it requires (1–5), then plot

it

In this map, the two terracotta nodes — password rules and email verification — account for 84% of total drop-off in the funnel above. They're also the two steps the team had flagged as "easy" in their internal review.


3. Watch ten session recordings, end-to-end

Not summaries, not highlights. Ten complete sessions, with your phone face-down. You will notice three patterns the numbers can't tell you: hesitation before specific fields, the moment someone reaches for help, and the field people retype.

4. Read the support tickets from the last 30 days

Filter for the word "signup", "sign up", "register", or "can't get in". The volume here is a direct measure of friction — and the language people use tells you which mental model broke down at which step.

5. Compare to your own re-signup test


Sign up for your own product in an incognito window, on a 4G connection, on a phone you don't normally use. Time it. If it takes you — the person who built it — more than three minutes, it takes a cold user more than ten.

Running a friction audit on your own signup?

We do these for clients every week — book a free 30-minute consultation and we’ll look at yours together.
No deck, no pitch.

The three findings we see every time

After running this audit on more than forty companies, three findings recur with almost comic regularity. We now flag them in the kick-off call before we look at the data.

Finding 1: The verification step is the silent killer

Email or SMS verification routinely loses 40–70% of users. The fixes are well-known — magic links instead of codes, deferring verification until after first value, sending from a domain that doesn't trip Gmail's promo tab — and yet most teams have not implemented them. This is the single highest-ROI change we recommend

Finding 2: Password rules are written for the wrong threat model

"Must contain a number, a symbol, a capital, and a haiku" is theatre. Modern guidance (NIST SP 800-63B, 2020 onward) recommends length over composition. Replacing your password rules with "12+ characters, anything you want" typically recovers 8–15% of started signups

Finding 3: The "tell us about your company" step belongs after activation

Asking for company size, role, and use case before the user has seen the product is a classic value-before-cost inversion. Move these questions to a profile prompt after the first successful action. We've seen completion rates jump 20+ points from this change alone.

What this audit actually costs to run

Internally, a full audit takes us about 14 hours over two weeks: 2 hours on instrumentation review, 4 hours on session recordings, 2 hours on the support-ticket read, 4 hours on the synthesis doc, and 2 hours presenting it back. If you run it yourself, budget closer to 25 hours — most of the extra time goes into the instrumentation you’ll wish you’d had.
 
The output is a doc, not a deck. Five findings, each with the leak measured, the proposed change, and the expected lift. That’s it. Anything more is decoration.

Keep reading

A teardown of the trust gaps, UX friction, and messaging mistakes we repeatedly uncover during redesign audits.
A practical breakdown of the trust gaps, messaging issues, and UX friction points we analyze before redesigning any website.
The exact performance decisions, asset optimizations, and structural fixes that dramatically improved load speed and usability.