Buy vs. Build: Accessibility Audit and Remediation Capacity

Accessibility conformance has moved from a corporate responsibility checkbox to a direct revenue variable. When an enterprise prospect's legal or IT team sends a vendor questionnaire that includes WCAG conformance status, the answer determines whether the deal advances to contract—not whether it will close eventually, but whether it moves at all. Product leaders who have not yet made a deliberate decision about accessibility capacity are making one by default: they are choosing to absorb the deal-loss cost rather than the investment cost.

The central question is not whether to address accessibility, but how to build the organizational capacity to do it. The build-versus-buy framework applies here exactly as it does to any infrastructure or compliance function: the right answer depends on deal volume, internal skill density, the pace of change in the underlying standard, and total cost across a multi-year horizon.

What Building Internal Accessibility Capacity Actually Requires

Choosing the build path means more than adding accessibility skills to a job requisition. It means creating durable organizational capacity that can audit new features before release, remediate existing issues at a controlled pace, train other engineers, and track WCAG as it evolves.

The minimum viable build is one dedicated accessibility engineer—not a developer with accessibility as a secondary responsibility, but someone whose primary function is accessibility. This person needs a Certified Professional in Accessibility Core Competencies (CPACC) or Web Accessibility Specialist (WAS) credential from the International Association of Accessibility Professionals (IAAP), or equivalent demonstrated depth. In most US markets, a mid-level accessibility engineer with those credentials carries a fully-loaded annual cost of $180,000 to $250,000.

Beyond headcount, the build path requires internal testing infrastructure: screen reader licenses (JAWS, NVDA), mobile assistive technology testing environments (iOS VoiceOver, Android TalkBack), keyboard-only test protocols integrated into the QA workflow, and an automated scanning layer embedded in CI/CD. Setting up this infrastructure takes two to three months and adds $8,000 to $20,000 in annual tooling cost.

The most underestimated cost of building is ongoing maintenance. WCAG is not static. WCAG 2.2 added nine new success criteria in 2023. WCAG 3.0 is in development with a fundamentally different conformance model. EU accessibility legislation updates its technical annexes on a separate schedule. An internal accessibility engineer must budget meaningful time for continuing education and standard tracking—this is not optional upkeep, it is the core of the job.

What Buying Accessibility Audit Services Looks Like

The buy path means engaging a specialized accessibility firm to perform structured evaluations of your product against WCAG criteria. The three firms that dominate the enterprise-grade accessibility audit market are Level Access, Deque Systems, and TPGi (formerly The Paciello Group). Each operates a distinct service model.

Level Access positions itself as an end-to-end accessibility management platform, combining manual audits with their AMP platform for tracking remediation over time. Their engagements typically begin with a scoped audit of high-priority user flows, followed by an optional subscription to ongoing monitoring. Deque is known for its deep investment in automated tooling—their axe-core engine is the de facto standard for automated WCAG scanning—and their manual audit practice extends that tooling expertise into comprehensive manual reviews. TPGi brings strong roots in assistive technology testing and is particularly prominent in media and publishing verticals.

A comprehensive manual audit from any of these firms covers all WCAG 2.1 AA success criteria across a defined scope of pages and user flows. The deliverable includes a prioritized issue list with WCAG criterion references, severity ratings, and code-level remediation guidance. Most engagements also produce a Voluntary Product Accessibility Template (VPAT), now formally called an Accessibility Conformance Report (ACR), which enterprise procurement teams require as a vendor approval document.

Audit costs scale with scope. A focused audit of five to ten critical user flows runs $15,000 to $30,000. A comprehensive audit covering the full product at WCAG 2.1 AA against multiple assistive technology and browser combinations runs $40,000 to $75,000. Firms that employ testers who use assistive technology as part of their daily lives—not as trained evaluators using it artificially—sit at the higher end of the cost range and produce meaningfully more reliable findings.

The Hybrid Approach: Automated Tooling Plus External Expertise

For the majority of growth-stage SaaS teams, neither the full build nor the full buy path is optimal in isolation. The hybrid model has emerged as the practical default for teams between $1M and $10M ARR.

The hybrid approach has two layers. The first layer is an automated tooling subscription—axe DevTools Pro, Deque's browser extension in developer workflows, or a CI-integrated scanning tool like Accessibility Insights or IBM Equal Access Checker. These tools catch 30 to 40 percent of WCAG failures automatically, at low cost, integrated into the development process. They do not replace human judgment, but they prevent regressions and provide developers with real-time feedback as they build.

The second layer is a periodic external audit for meaningful product events: initial baseline before pursuing enterprise deals, major version releases that change navigation or information architecture, new feature launches that introduce new interaction patterns, and annual conformance refreshes to maintain VPAT currency. External audits are scoped and budgeted as project events rather than ongoing headcount.

This model gives the team continuous automated coverage, institutional knowledge of where the issues are, a current VPAT for procurement purposes, and access to expert review when the complexity of manual testing exceeds internal skill. The total annual cost—$8,000 to $15,000 for automated tooling plus one audit per year at $20,000 to $40,000—lands between $28,000 and $55,000, a fraction of the fully-loaded cost of a dedicated internal hire.

Refer to the WCAG conformance roadmap for product teams for a structured plan to sequence conformance work across sprints without disrupting roadmap velocity.

When Each Option Makes Sense by Company Stage

Stage-appropriate decision-making avoids both under-investment and over-investment in accessibility capacity.

Pre-PMF through $1M ARR: Accessibility is not yet a blocker if the ICP is SMB or mid-market without compliance requirements. The appropriate move is a focused one-time audit of the top three user flows—purchase, onboarding, core workflow—to establish a baseline and identify blockers that would surface in enterprise evaluations later. Budget $15,000 to $25,000 for this as a one-time cost. Do not hire a full-time accessibility engineer. The opportunity cost is too high relative to the probability that enterprise deals requiring conformance materialize at this stage.

$1M to $5M ARR with enterprise pipeline: Once enterprise prospects—government, healthcare, financial services, large technology companies—appear in the pipeline, a current VPAT becomes a hard procurement requirement. The hybrid model is the right approach here: subscribe to automated tooling, commission a comprehensive audit to produce the initial VPAT, and plan one refresh audit per year. If enterprise deals represent more than 30 percent of pipeline by count, consider whether a part-time accessibility specialist contractor (engagement-based) can accelerate remediation without the full fixed cost of a hire.

$5M ARR and above with sustained enterprise volume: When enterprise ARR is material and the product surfaces in procurement processes regularly, the math begins to shift toward building. A single blocked enterprise deal worth $150,000 or more can justify a significant fraction of an accessibility engineer's annual cost. At this stage, one internal accessibility engineer supported by periodic external audits for major releases and annual VPAT refreshes is the right structure. The internal hire handles day-to-day review, developer training, and continuous monitoring; the external firm provides the independent verification that enterprise procurement teams trust.

For more on how accessibility debt accumulates and creates deal blockers over time, see mapping accessibility debt before deal blockers.

Total Cost Comparison: Internal Hire vs. Audit Plus Tooling

A direct cost comparison over a three-year horizon clarifies the decision for most teams.

Full build path (dedicated internal hire): Year one costs include recruiting ($15,000 to $30,000 in fees or equivalent recruiter time), onboarding, tooling setup, and prorated salary—total first-year cost of $220,000 to $290,000. Years two and three stabilize at $190,000 to $250,000 per year in fully-loaded compensation plus $10,000 to $20,000 in tooling and continuing education. Three-year total: $600,000 to $790,000.

Hybrid path (tooling subscription plus annual external audit): Annual automated tooling subscription at $8,000 to $15,000. First-year comprehensive audit at $35,000 to $60,000. Years two and three include an annual refresh audit at $20,000 to $40,000 and tooling continuation. Three-year total: $111,000 to $210,000.

The cost differential over three years is $390,000 to $580,000 in favor of the hybrid path, before accounting for the productivity overhead of managing a specialized hire whose work requires continuous executive context to prioritize correctly.

The hybrid path becomes cost-competitive with the build path only when the internal hire generates measurable revenue protection or deal acceleration that offsets the differential. According to Level Access market research, enterprise deals blocked by accessibility gaps represent an average of $180,000 to $400,000 in delayed or lost ARR per incident. If an internal accessibility engineer prevents two enterprise deals from stalling per year, the build path can justify itself—but that requires both a high enterprise deal volume and clear attribution of wins to accessibility work.

For a deeper look at how to quantify revenue impact, see calculating deal value unlocked by accessibility conformance.

How to Evaluate Accessibility Audit Vendors

Not all accessibility audits produce equal value. The market includes firms with rigorous practices and firms that produce checkbox VPAT documents without meaningful manual testing. Distinguishing between them before signing an engagement saves substantial downstream cost in rework and re-audit.

Four criteria separate high-quality audit vendors from compliance theater providers.

First, ask explicitly whether the audit team includes testers who use assistive technology as part of their daily lives. Evaluators with disabilities who rely on screen readers, voice control, or switch access navigate differently than sighted testers who have learned screen reader operation as a professional skill. Forrester research on build-versus-buy decisions for compliance functions consistently finds that lived-experience testers identify 20 to 35 percent more critical issues than trained non-disabled testers—issues that downstream users with disabilities will encounter in actual use.

Second, ask for a sample audit report before contracting. The report should reference specific WCAG success criteria by number, describe the observed failure in plain language, include a screenshot or recording of the issue, rate severity on a consistent scale (critical, serious, moderate, minor), and provide remediation guidance at the HTML or component level. Generic issue descriptions without code context indicate a low-effort engagement.

Third, confirm that the VPAT or ACR produced at the end of the engagement is authored by the auditing firm and signed by their accessibility expert, not auto-generated from an automated scanning tool. Enterprise procurement teams are increasingly sophisticated about VPAT quality; a document that lists every criterion as "Supports" without evidence is a liability, not an asset.

Fourth, ask about assistive technology coverage. A comprehensive audit should cover at minimum: NVDA with Chrome, JAWS with Chrome and Edge, VoiceOver with Safari on macOS, VoiceOver with Safari on iOS, and TalkBack with Chrome on Android. Keyboard-only navigation without any screen reader should be tested separately. An audit that covers only one screen reader misses compatibility failures that appear under specific user agent combinations.

Conclusion

The build-versus-buy decision for accessibility audit and remediation capacity is a function of ARR stage, enterprise deal volume, and the cost tolerance for deal risk. For teams below $3M ARR without a concentrated enterprise pipeline, buying periodic audits and subscribing to automated tooling provides the necessary coverage at a third to a fifth of the cost of an internal hire. For teams with sustained enterprise volume where accessibility gaps appear in procurement reviews, building one internal specialist supported by external audit expertise for major events becomes the more defensible investment.

The worst outcome is the one many teams fall into by default: no deliberate decision, no current VPAT, no baseline understanding of conformance gaps, and a blocked enterprise deal that triggers an emergency audit engagement under time pressure. That scenario costs more than either the build or the buy path—in dollars, in delayed ARR, and in the reputational signal it sends to procurement evaluators who are assessing whether the organization treats accessibility as a real engineering discipline or as a compliance afterthought.

Treat the accessibility capacity decision the same way you treat any other infrastructure investment: model the total cost across a three-year horizon, assess the demand signal from the pipeline, and make an explicit choice rather than inheriting the default.