Upcoming event - JUNE 23 - 24
M&A Science Summer Summit - Beat the heat & stay cool!
Learn more!

How to Efficiently Conduct IT Due Diligence

Show Notes Of Podcast

What is IT due diligence?

IT due diligence is an audit of a company’s technology stack, IT architecture, and processes. The growing importance of data to companies means that IT due diligence now includes an analysis of how a company retrieves, utilizes, and stores data - an area that DealRoom has particular expertise in.

IT due diligence may also include an evaluation of the company’s IT team and their technical competencies.

These days, every company is to some extent a technology company.

Despite this reality, a solid understanding of technology and how it drives value in a company evades most people from non-IT backgrounds.

This is one of the reasons why IT due diligence is so important when conducting M&A, and why it should be carried out by people that know where the value drivers are in both companies’ technology stacks.

In this article, we look at how to conduct IT due diligence, as well as provide a checklist of the items that require attention to ensure this part of your company’s due diligence process passes successfully.

These days, every company is to some extent a technology company.

Despite this reality, a solid understanding of technology and how it drives value in a company evades most people from non-IT backgrounds.

This is one of the reasons why IT due diligence is so important when conducting M&A, and why it should be carried out by people that know where the value drivers are in both companies’ technology stacks.

In this article, we look at how to conduct IT due diligence, as well as provide a checklist of the items that require attention to ensure this part of your company’s due diligence process passes successfully.

What is IT due diligence?

IT due diligence is an audit of a company’s technology stack, IT architecture, and processes. The growing importance of data to companies means that IT due diligence now includes an analysis of how a company retrieves, utilizes, and stores data - an area that DealRoom has particular expertise in.

IT due diligence may also include an evaluation of the company’s IT team and their technical competencies.

Why is IT due diligence important?

IT due diligence is important because IT is now a central component of how most companies operate.

Even companies that aren’t considered technology companies per se now use IT for most day-to-day tasks to some extent. This means email, CRM and ERP systems, information management systems, transaction logging systems, and more.

Gaining a proper overview of these systems and how they will fit into your own will help ensure that everyone is operating on the same system almost as soon as the transaction has closed.

IT due diligence has taken on increasing importance over the past decade as companies have begun to hold ever larger amounts of stakeholder data.

This data, while possessing the potential to add significant value for the company, can also be hugely damaging in the wrong hands. Companies such as Sony, LinkedIn, and Adobe, have all been victims of large data breaches and suffered huge stock market falls as a direct consequence.

Good IT due diligence seeks to identify the gaps that could lead to such breaches.

The IT due diligence checklist

Most companies use a company-wide IT infrastructure as well as some department-specific IT tools and processes.

A thorough due diligence process will analyze all of them, and assess which aspects can be integrated into the buying company, taking into account the difficulty of moving people and data onto new systems, how the changes will affect stakeholders such as suppliers, and of course, a cost-benefit analysis of the changeover.

DealRoom has been able to put together a template for IT due diligence that addresses all of the tax issues you’re likely to encounter in your M&A process that can be accessed here.

The following is a general checklist for IT due diligence that should serve as a guideline for companies conducting M&A:

1. Review of your own company’s IT infrastructure

  1. Understand its strengths and weaknesses and which areas could be improved upon and/or changed entirely.
  2. Understand where the risks are (e.g. in data security) when integrating your systems with those of another company.
  3. Assess what would need to change if the company took on extra clients, employees, data, etc.

2. Conduct an inventory of the target company’s IT systems  

  1. Ask for a diagram of the target company’s IT network and a description of its internal communication system.
  2. Who looks after the target company’s hosting requirements?
  3. Understand which are better (if any) and how they could be integrated into your own company. Can their technology be scaled up easily?
  4. Does their infrastructure need to be updated? (several companies remain legacy systems for several years).
  5. Understand the cost and benefits of each. Conduct interviews with target company employees to identify pain points in their technology.
  6. Look for synergies in systems (particularly CRM and ERP) and people (you’re unlikely to need your current number of IT technicians).

3. Understand where they are in their IT vendor contracts and agreements, and how much they have been negotiated for.

4. Evaluate the target company’s IT staff

  1. What training and certifications does each member of the IT team possess?
  2. Which of the team has had access to the company’s source code?
  3. What other sensitive information does the IT team have access to?
  4. Organizational chart of the IT team and (if relevant) outsourced IT team.

5. Understand the target company’s technical maintenance procedures

  1. What has their downtime been over the past year?
  2. Is technical maintenance all conducted in-house or outsourced?

6. Evaluate the target company’s security and data controls

  1. What firewall protection is in place?
  2. Are there intruder protection systems in place?
  3. Are they using security software on company cell phones and other mobile devices?
  4. Do they have online payment systems and what are the security programs and procedures in place?
  5. Understand whether the target company uses data encryption.
  6. Are there strict policies in place on remote working with sensitive data?
  7. Understand who has access to sensitive data.
  8. Understand how the company stores (and retrieves) its data.

7. Understand the role IT plays in customer communication at the target company

  1. Where do customer emails go?
  2. How are new customers integrated into the IT system?
  3. Is there an artificial intelligence interface to deal with customers?

Find the full IT due diligence playbook here

Conducting IT due diligence with DealRoom

The technical detail that is inevitably involved with IT due diligence makes it tempting for many M&A team members to skip through the process.

This is a mistake: there is a huge correlation between good systems and operational excellence, and this should be motivation enough for conducting a thorough IT due diligence process.

DealRoom has designed its due diligence component with this in mind. To start your IT due diligence simply start a trial, select a needed template and you are ready to go.

1. Request a free trial account at dealroom.net/signup

2. Choose a template from the templates gallery

DealRoom has a range of templates for different due diligence functions - each one created based on feedback from experts in the field, and specially tailored to a particular kind of due diligence.

IT template

3. DealRoom provides prompts for information through its unique Requests feature

The uploaded documents are then stored in a safe environment and linked to the relevant requests.

request a demo

These days, every company is to some extent a technology company.

Despite this reality, a solid understanding of technology and how it drives value in a company evades most people from non-IT backgrounds.

This is one of the reasons why IT due diligence is so important when conducting M&A, and why it should be carried out by people that know where the value drivers are in both companies’ technology stacks.

In this article, we look at how to conduct IT due diligence, as well as provide a checklist of the items that require attention to ensure this part of your company’s due diligence process passes successfully.

What is IT due diligence?

IT due diligence is an audit of a company’s technology stack, IT architecture, and processes. The growing importance of data to companies means that IT due diligence now includes an analysis of how a company retrieves, utilizes, and stores data - an area that DealRoom has particular expertise in.

IT due diligence may also include an evaluation of the company’s IT team and their technical competencies.

Why is IT due diligence important?

IT due diligence is important because IT is now a central component of how most companies operate.

Even companies that aren’t considered technology companies per se now use IT for most day-to-day tasks to some extent. This means email, CRM and ERP systems, information management systems, transaction logging systems, and more.

Gaining a proper overview of these systems and how they will fit into your own will help ensure that everyone is operating on the same system almost as soon as the transaction has closed.

IT due diligence has taken on increasing importance over the past decade as companies have begun to hold ever larger amounts of stakeholder data.

This data, while possessing the potential to add significant value for the company, can also be hugely damaging in the wrong hands. Companies such as Sony, LinkedIn, and Adobe, have all been victims of large data breaches and suffered huge stock market falls as a direct consequence.

Good IT due diligence seeks to identify the gaps that could lead to such breaches.

The IT due diligence checklist

Most companies use a company-wide IT infrastructure as well as some department-specific IT tools and processes.

A thorough due diligence process will analyze all of them, and assess which aspects can be integrated into the buying company, taking into account the difficulty of moving people and data onto new systems, how the changes will affect stakeholders such as suppliers, and of course, a cost-benefit analysis of the changeover.

DealRoom has been able to put together a template for IT due diligence that addresses all of the tax issues you’re likely to encounter in your M&A process that can be accessed here.

The following is a general checklist for IT due diligence that should serve as a guideline for companies conducting M&A:

1. Review of your own company’s IT infrastructure

  1. Understand its strengths and weaknesses and which areas could be improved upon and/or changed entirely.
  2. Understand where the risks are (e.g. in data security) when integrating your systems with those of another company.
  3. Assess what would need to change if the company took on extra clients, employees, data, etc.

2. Conduct an inventory of the target company’s IT systems  

  1. Ask for a diagram of the target company’s IT network and a description of its internal communication system.
  2. Who looks after the target company’s hosting requirements?
  3. Understand which are better (if any) and how they could be integrated into your own company. Can their technology be scaled up easily?
  4. Does their infrastructure need to be updated? (several companies remain legacy systems for several years).
  5. Understand the cost and benefits of each. Conduct interviews with target company employees to identify pain points in their technology.
  6. Look for synergies in systems (particularly CRM and ERP) and people (you’re unlikely to need your current number of IT technicians).

3. Understand where they are in their IT vendor contracts and agreements, and how much they have been negotiated for.

4. Evaluate the target company’s IT staff

  1. What training and certifications does each member of the IT team possess?
  2. Which of the team has had access to the company’s source code?
  3. What other sensitive information does the IT team have access to?
  4. Organizational chart of the IT team and (if relevant) outsourced IT team.

5. Understand the target company’s technical maintenance procedures

  1. What has their downtime been over the past year?
  2. Is technical maintenance all conducted in-house or outsourced?

6. Evaluate the target company’s security and data controls

  1. What firewall protection is in place?
  2. Are there intruder protection systems in place?
  3. Are they using security software on company cell phones and other mobile devices?
  4. Do they have online payment systems and what are the security programs and procedures in place?
  5. Understand whether the target company uses data encryption.
  6. Are there strict policies in place on remote working with sensitive data?
  7. Understand who has access to sensitive data.
  8. Understand how the company stores (and retrieves) its data.

7. Understand the role IT plays in customer communication at the target company

  1. Where do customer emails go?
  2. How are new customers integrated into the IT system?
  3. Is there an artificial intelligence interface to deal with customers?

Find the full IT due diligence playbook here

Conducting IT due diligence with DealRoom

The technical detail that is inevitably involved with IT due diligence makes it tempting for many M&A team members to skip through the process.

This is a mistake: there is a huge correlation between good systems and operational excellence, and this should be motivation enough for conducting a thorough IT due diligence process.

DealRoom has designed its due diligence component with this in mind. To start your IT due diligence simply start a trial, select a needed template and you are ready to go.

1. Request a free trial account at dealroom.net/signup

2. Choose a template from the templates gallery

DealRoom has a range of templates for different due diligence functions - each one created based on feedback from experts in the field, and specially tailored to a particular kind of due diligence.

IT template

3. DealRoom provides prompts for information through its unique Requests feature

The uploaded documents are then stored in a safe environment and linked to the relevant requests.

request a demo

What is DealRoom?

Join 2,000+ Forward-Thinking M&A Practitioners

Sign up to be on the M&A Science email list and receive notifications on the latest publications

Subscribe for free
Join 2,000+ forward-thinking M&A practitioners

Get weekly updates about M&A Science upcoming webinars, podcasts and events!

7
Subscribe for free
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.