No items found.

Creating a Technology Due Diligence Checklist

Hazem Abolrous

Preparation is the key to a successful diligence. It is important to know what to expect and the context of what to explore.

It is important to know what to expect and the context of what to explore. This article focuses primarily on technical due diligence best practices and a checklist.

If you are a tech-enabled company, the technical due diligence will primarily focus on the IT backbone that enables the business along with any in-house software you have built or acquired.

If you are a software company, the depth of the focus will be on the architecture of the software you have built and how it is deployed.

In addition, other key aspects and pivotal points of the diligence assess risks including strategy and leadership which are both critical to the execution and market risks. Anything goes wrong in those areas; the details below won’t matter much.

We all know the consequences of companies that have a weak strategy and the importance of solid leadership which can make or break a company.

The software architecture and IT infrastructure suitability will significantly hinder a potential investment or delay the benefits causing missed opportunities or inability to compete.

Weakness in any of the top three core areas can hinder most investment thesis or require significant investments to mitigate.

  1. Strategy and Roadmap: There must be a healthy strategy in place. As a business, you bring the subject matter experience and the path ahead. The roadmap process and ensures the strategy has legs and can be achieved.
  2. Organization and Leadership: There must be a solid, collaborative and cohesive leadership and aligned organization in place. 
  3. Software Architecture and IT: The architecture and IT backbone must align and enable the business strategy. A broken or inadequate architecture or one riddled with technical debt can severely handicap the organization and investment.

Tips for Preparing and Conduction Due Diligence

Technology due diligence checklist

Roadmap & Strategy

The goal is to evaluate the existence of a clear and cohesive strategy and roadmap process across the organization with a healthy SWOT competitive awareness.

The Top Areas to Prepare Checklist

  • Full SWOT awareness and inclusion in roadmap
  • Alignment and collaboration with the business roadmap and strategy
  • Existence, documentation, and propagation of a reasonable roadmap
  • Roadmap feasibility of execution by the team
  • Ability to address market needs with clarity on product/service gaps
  • Product strategy deep dive including how technology evolves
  • Product management planning mechanics and abilities
  • Execution discipline and maturity (e.g. backlog epics, backlog health, etc.)

Organization and Leadership

The goal is to explore the technology team setup and health. Understand whether the right skills in the team and leadership are in place to implement the roadmap with cost efficiencies.

The Top Areas to Prepare Checklist

  • Understand the end-to-end organizational setup and reporting structure
  • Evaluate the inter-disciplinary and functions balance
  • Understand the ability to attract and retain talent (e.g. attrition trends)
  • Understand the level efficiencies in place

Cybersecurity

The goal is to explore security and privacy as a complete layer end-to-end including design, controls, practices, policies, vulnerability detection, mitigation, and implementation.

The Top Areas to Prepare

  • Policies and procedures
  • Cyber security tools
  • Security controls
  • Security approach (e.g. Zero-tolerance)
  • Security education in the organization
  • Third-party assessments and mitigation approach
  • Inventory including inventory tracking system and ownership
  • Data privacy and security (e.g. PCI, PHI, PII, GDPR) policies
  • Data storage and access permissions
  • Infrastructure security
  • Monitoring and intrusion detection strategy
  • Physical security strategy
  • History of breaches and management
  • Compliance requirements and domain-specific compliance needs

Software Architecture

The goal is to explore the end-to-end architecture suitability for the current business, fit for the investment thesis, efficiency of design, stability, and ability to evolve and stay competitive.

The Top Areas to Prepare Checklist

  • Architecture design patterns, robustness, limitations, and roadblocks
  • Maintainability process for the architecture and codebase
  • Scalability strategy, limitations, and performance with KPIs
  • Exploration of the levels of technical debt and management approach
  • Security design, vulnerabilities, and secure programming principles
  • Integrations and extensibility of the architecture
  • Data architecture and management lifecycle (collection, cleansing, etc)
  • Database, data security including handling of sensitive data, encryption, etc.)
  • Open-source usage, licensing, and intellectual property ownership
  • Quality processes and ability to deploy and time to market

IT Infrastructure

The goal is to explore the understanding of the infrastructure deployment model (on-prem, type of cloud) and whether it is adequate for investment thesis and the current/future architecture needs with reasonable costs. For a technology-enabled business, the focus should be on line-of-business tools, cross-data leverage, and Cybersecurity.

The Top Areas to Prepare

  • Cloud and data centers approach for deployment of physical infrastructure
  • Infrastructure scalability to accommodate the intended thesis
  • Infrastructure resilient, reliable with the ability to recover from failure 
  • DevOps maturity, deployment processes/tools, and frequency
  • Business continuity and disaster recovery plans and testability
  • Internal line of business applications management and suitability
  • Compliance standards and audit frequency
  • Cybersecurity practices and process (e.g. monitoring, intrusion detection, incident response, employee access, fire-walling, intrusion detection, penetration testing, vulnerability scanning)

Read more on IT due diligence

Product Quality

The goal is to explore the overall product quality in terms of feature offerings, design, UX, bug backlog, and production issues.

The Top Areas to Prepare

  • Approach to testing and quality assurance
  • Level of automation, code coverage, and ability to catch bugs upstream
  • Test case management process and tools
  • Quality organization health and inclusion in the team
  • Bug backlog management and feedback into product
  • Metrics for product health across the software development lifecycle from definition to production

Ways of Working, SDLC, and Tools

The goal is to explore the understanding of the team and engineering practices (PM, Dev, QA) execution capabilities and maturity.

The Top Areas to Prepare

  • Agility mindset and ability to improve
  • Ability to stay the course with continuous improvement
  • Release planning and management process
  • Sprint planning and management process
  • Delivery trends across the release cycles
  • Tool’s ecosystem adequacy and rationalization for productivity
  • Ability to deliver quality on time to meet the roadmap and investment thesis
  • KPIs employed across the lifecycle

Customer Support Excellence

The goal is to explore the customer-focus mindset, efficiency of services, product quality hot issues, and competitiveness.

The Top Areas to Prepare

  • End-to-end customer support process
  • Defect rates and management process
  • Escalation rates and management process
  • Delineating between support and engineering responsibilities
  • Support tools ecosystem and rationalization
  • Feedback into the product

Professional Services

The goal is to explore the approach and health of the professional services arm.

The Top Areas to Prepare

  • Configuration vs customizations mindset
  • Professional services structure and delivery approach
  • Utilization efficacy, delivery metrics, hot-product issues
  • Collaboration with engineering and IT
  • Feedback mechanism into the product

Corporate IT

The goal is to explore the internal line of business tools, infrastructure suitability, data architecture, and data strategy for suitability to the target.

The Top Areas to Prepare

  • Line of business tools overview and rationale
  • Data flow, architecture, and integrations across tools and system
  • Buy vs Build mindset
  • Costs efficiency across the tools and systems
  • Roles and responsibilities for the internal IT team
  • Business continuity and disaster recovery approach and testability

Carve-Out Situations

The goal is to explore the ability of the organization to function as a stand-alone entity and understanding end-to-end capabilities, intellectual property ownership, and dependencies.

The Top Areas to Prepare

  • Organizational chart after the split
  • Roles and responsibilities
  • Line of business tools dependencies
  • Security gaps
  • Hosting and deployment independence
  • Contractual agreements and IP concerns

Large Portfolio Companies

The goal is to explore the portfolio investment balance across the lifecycle (planning to deployment). Understanding synergy, strategy, planning, and efficiency across the portfolio (e.g. resource sharing).

The Top Areas to Prepare

  • Ability to scale product planning across different products
  • Architectural uniformity across products
  • Level of efficiency for code leverage and reusable components strategy
  • Prioritized team structure and health across products

The most common areas to prepare for tech due diligence

People involved: Target executive team and deal team

Difficulty: Medium

Materials Needed: Data Room, Strategy and Roadmap Documents, Architecture Documents, IT Documents, Software Development Lifecycle and Working Documents, KPIs, Data Report and Insights.

Time: Spend one day using the list to devise a strategy on the materials gap and what needs to be prepared. The amount of time spent will depend on the specific gap.

due diligence checklists

Contact M&A Science to learn more

Get your M&A process in order. Use DealRoom as a single source of truth and align your team.