5 Simple Ways to Reduce Risk Before Technical Due Diligence

There are many things to consider when a business owner prepares for a business sale. In addition to measures like cleaning up accounting books and optimizing expenses, today’s owners should consider the condition of the technology side of the business as well. As technology becomes more prevalent across all areas of business, it is crucial to plan for the technical due diligence that will come with a sale and thereby reduce risk of material impact to the sale process.

1. Create a hardware and software inventory. 

One of the fundamental questions of the acquirer is “What am I getting?”. In the technology portion of the business, it’s the same.

Business owners should prepare a software and hardware inventory listing the servers, networks, software packages, and third-party software, hardware, and cloud vendors that are being used by the business. When you list the hardware assets, note if they are leased or owned and what the warranty or on-site service situation is.

Having a comprehensive IT system inventory ready to go at due diligence will speed the process and make a favorable impression on your acquirer.

2. Audit software licenses. 

For the software in your inventory, list the software with the license it uses. Some software is purchased outright and you usually have a license key. Other software may be leased from a larger vendor. Some ERP software is sold this way. Some software, particularly SaaS (Software as a Service), like Office365, is sold by charging a monthly access fee.

Some vendors (e.g., Microsoft) have online portals that help organize what you have purchased. Your technology team should be able to assist in creating this.

Doing a pre-sale internal license audit can save time and potential embarrassment if the acquirer finds you deficient in the licensure of your software.

3. Verify custom code rights. 

Many businesses use custom-created software for products, services, or internal management. When it comes time to sell, it is important to show the acquirer that you have legal ownership of this custom software.

Many times, this software is created by a third-party contractor. If you signed a typical work for hire agreement or other similar contract, it should state you own the resultant work product. Make sure you gather this proof during your preparation for sale.

If you have custom code, it is also worthwhile to have your code source files formatted with a standard header clearly showing ownership, copyright, and other pertinent details.

Again, presenting explicit proof that you own custom software your business depends on will speed the due diligence process and build the confidence of the acquirer.

4. Document data stores and flows. 

Customer, product, and internal data is also key when preparing for a sale. You should know the locations and technologies used to house your company’s important data. Try to list all relevant data stores and flows, since this data can impact post-merger integration. This includes accounting systems, customer databases, finished goods databases, manufacturing recipes, etc.

If you have systems that integrate by sending key data back and forth, you should also have flow diagrams of those transactions.

Showing the acquirer a complete and accurate set of key data stores and flows will help build trust.

5. Strengthen security policies. 

Computer and network security should be top of mind for any business. Almost daily comes news of data breaches and hacking incidents. The U.S. National Cyber Security Alliance found that 60% of small companies are unable to sustain their businesses over six months after a cybercrime attack.

Your security condition and practices can also have a material impact on the outcome of your sale. Recently, Verizon revised an offer to purchase certain assets of Yahoo from $4.83 to $4.48 billion in the wake of two large data breaches there.

Implementing security training for employees and making it a regular part of corporate dialogue before a sale can go a long way to demonstrating that tangible steps are in place to protect corporate information technology assets.

Owners considering sale should also conduct an information system security audit, in which a reputable third-party firm comes in to assess risks and provide the owner with a full report. The owner can then take preventative steps to address the concerns found well before the acquirer starts due diligence.