No items found.

IT Due Diligence: A Best Practice Guide

Kison Patel

Kison Patel is the Founder and CEO of DealRoom, a Chicago-based diligence management software that uses Agile principles to innovate and modernize the finance industry. As a former M&A advisor with over a decade of experience, Kison developed DealRoom after seeing first hand a number of deep-seated, industry-wide structural issues and inefficiencies.

CEO and Founder of DealRoom

Information Technology Due Diligence plays a key role in the value derived from M&A transactions. A common misconception is that a thorough IT due diligence process is only required in deals involving software and tech companies.

To some extent, every modern company is technological. Hence, if you want a deal that maximizes value creation, you cannot overlook IT due diligence.

The DealRoom platform has been used by hundreds of companies across all industries for their due diligence processes. In this article, we look at how to conduct IT due diligence, and provide a checklist of the items that require attention to ensure this part of your company’s overall due diligence process passes successfully.

What is IT due diligence?

IT due diligence is an audit of a company’s technology stack, IT architecture, and processes. IT due diligence may also include an evaluation of the company’s IT team and their technical competencies.

The growing importance of data to companies means that IT due diligence now includes an analysis of how a company retrieves, utilizes, and stores data. IT due diligence may also include an evaluation of the company’s IT team and their technical competencies.

Why is IT due diligence important?

IT due diligence is important because IT is now central to most companies’ operations. The typical ‘non-technology’ company uses email, CRM and ERP systems, information management systems, transaction logging systems, and more. Each of these systems is to a greater or lesser extent, a value driver in a company.

IT due diligence enables companies to gain a comprehensive understanding of various systems and how they mesh with their existing infrastructure. Best practices in IT due diligence involve recognizing the key value drivers in the IT landscapes of both entities and harnessing that value with utmost efficiency. Alongside this, paying heed to specific aspects like security protocols, assessing database performance metrics, and examining data redundancy measures can highlight areas that may require optimization or additional investment.

One more reason why IT due diligence has taken on increasing importance over the past decade is that companies have begun to hold ever larger amounts of stakeholder data.

The IT due diligence checklist

Most companies use a company-wide IT infrastructure as well as some department-specific IT tools and processes.

A thorough due diligence process will analyze all of them, and assess which aspects can be integrated into the buying company, taking into account the difficulty of moving people and data onto new systems, how the changes will affect stakeholders such as suppliers, and of course, a cost-benefit analysis of the changeover.

The following is a general checklist for IT due diligence that should serve as a guideline for companies conducting M&A:

Related: Our comprehensive general due diligence checklist

1. Review of your own company’s IT infrastructure

  1. Understand its strengths and weaknesses and which areas could be improved upon and/or changed entirely.
  2. Understand where the risks are (e.g. in data security) when integrating your systems with those of another company.
  3. Assess what would need to change if the company took on extra clients, employees, data, etc.

2. Conduct an inventory of the target company’s IT systems  

  1. Request a diagram of the target company’s IT network and a description of its internal communication system.
  2. Who managesr the target company’s hosting requirements, and what benefits do they provide?
  3. Understand which are better (if any) and how they could be integrated into your own company and whether it can be scaled up easily.
  4. Do legacy systems  need to be updated?
  5. Understand the cost and benefits of each system. 
  6. Conduct interviews with target company employees to identify pain points in the existing IT systems.
  7. Identify synergies in systems (particularly CRM and ERP).
  8. Identify key personnel to implement and oversee an improved IT architecture.

3. Understand the target company’s IT vendor contracts and agreements

  1. Can these contracts and agreements be renegotiated?
  2. How do these contracts and agreements affect the timing of the IT systems’ integration?

4. Evaluate the target company’s IT staff

  1. What training and certifications does each member of the IT team possess?
  2. Which of the team has had access to the company’s source code?
  3. What other sensitive information does the IT team have access to?
  4. Organizational chart of the IT team and (if relevant) outsourced IT team.

5. Understand the target company’s technical maintenance procedures

  1. What has their downtime been over the past year?
  2. Is technical maintenance all conducted in-house or outsourced?

6. Evaluate the target company’s security and data controls

  1. What firewall protection is in place?
  2. Are there intruder protection systems in place?
  3. Are they using security software on company cell phones and other mobile devices?
  4. Do they have online payment systems and what are the security programs and procedures in place?
  5. Understand whether the target company uses data encryption.
  6. Are there strict policies in place on remote working with sensitive data?
  7. Understand who has access to sensitive data.
  8. Understand how the company stores (and retrieves) its data.

7. Understand the role IT plays in customer communication at the target company

  1. Where do customer emails go?
  2. How are new customers integrated into the IT system?
  3. Is there an artificial intelligence interface to deal with customers?
IT due diligence playbook

Conducting IT due diligence with DealRoom

The technical detail that is inevitably involved with IT due diligence makes it tempting for many M&A team members to skip through the process.

This is a mistake: there is a huge correlation between good systems and operational excellence, and this should be motivation enough for conducting a thorough IT due diligence process.

DealRoom has designed its due diligence component with this in mind. To start your IT due diligence simply start a trial, select a needed template and you are ready to go.

  1. Request a demo account
  2. Choose a template from the templates gallery. DealRoom has a range of templates for different due diligence functions - each one created based on feedback from experts in the field, and specially tailored to a particular kind of due diligence.
IT template
  1. DealRoom provides prompts for information through its unique Requests feature . The uploaded documents are then stored in a safe environment and linked to the relevant requests.
request a demo

Contact M&A Science to learn more

Get your M&A process in order. Use DealRoom as a single source of truth and align your team.