3 Key IT Due Diligence Questions and a Checklist

This article on IT due diligence is the fourth installment of Axial’s series on the Best Practices in Due Diligence. Previous articles have discussed the importance of tax due diligence, legal due diligence, and cultural due diligence.

When it comes to buying lower middle market companies, IT due diligence can be one of the most overlooked processes in the pre-close stages. Although many deal professionals are thorough with their financial and legal diligence, IT matters tend to barely enter the conversation.

We recently interviewed Jim Hoffman, a trusted authority on IT Due Diligence and author of the IT Due Diligence Guide. He began the conversation by indicating that “IT due diligence is a total afterthought when compared to more traditional diligence categories, like legal and financial.”

Hoffman continued by explaining that many investors do not have the resources to easily conduct IT diligence. “Many PE firms do not have a tech expert on staff, meaning any IT diligence is a very proactive decision — especially since the good consultants are expensive.”

But, Hoffman sees a trend emerging as technology becomes more and more pervasive in the lives of every consumer and business. “It is getting harder and harder for investors to ignore IT due diligence. Technology is becoming integral to every business — even if it is just their website or their email. These most basic aspects present real potential risks.”

A Checklist and Three Questions

Although technology diligence may seem complicated, it is actually easier to execute than one might think. Hoffman explained, “While IT due diligence is important, it rarely kills a deal.” As a result, it is more feasible for the average investor to begin the IT diligence process on his own.

Hoffman recommended starting the process with a simple checklist. “Even if you are unfamiliar with technology, you can use a checklist to apply your strategies from financial or legal due diligence to infer if there are any areas of concern. You will likely be able to sense which items are causing the company concern or may be incomplete. If you feel there is an area that needs a deeper dive, it is advisable to bring in an expert.”

These are three of the most vital IT due diligence items that every professional should explore thoroughly during the tech diligence process.

1) Does the company really own its supposed product? While this question is likely covered during other diligences, it is critical to dig into it in IT diligence as well. “Verifying this information is critical and probably the greatest risk to the business model and flow of money,” said Hoffman. “If you are reviewing a software company, for example, and they claim to have a certain product you must ensure that they actually have the functional piece of technology and the customer base they claim.”

2) Is the technology integrated/constructed in the right way? The second question to ask in the diligence process is about quality of the product. “In addition to proper infrastructure, there are issues like licensing, IPs, and sustainability,” explained Hoffman. “Was the technology built/implemented by employees or contractors? Are those people still available? These questions help to avoid any major legal or operational challenges once the deal has been closed.”

3) Can their technology scale? While each integration plan is unique, it is important to ensure that the technology of the acquired company is scalable. Hoffman encouraged the importance of ensuring that the, “technology can scale and integrate with new marketing and sales organizations. If the technology requires a complete re-architecting to accommodate scaling, that is something important to include in the contract.”

When covering these matters, don’t forget to ask the current technology and IT team. Those employees “are the most knowledgeable about the technology and are usually very open. Since they do not have the preconceived notions of what should be shared during a due diligence process, they often reveal the most important information.”

Changing Tide

Hoffman is happy to admit that IT due diligence is not the same as legal and financial due diligence. “IT diligence is more focused on spotting and anticipating future hurdles and costs. Unless the technology is not scalable with the business or not the presented technology, almost anything can be resolved.” he explained.

However, it is for that reason that IT diligence must begin as early as possible. He explained, “Almost any technology issue can be remediated with enough capital — which makes doing it before the deal that much more important so that you can incorporate it into how you ultimately price the deal.”

Even websites are becoming venues for IT diligence. Hoffman offered up this example: “I know of a company whose website was the primary use of technology, but IT due diligence identified half a million dollars of savings.  An entrenched piece of custom technology for which they were being overcharged was easily replaced with off the shelf software. Even at a non-tech company, there are significant cost saving and risk avoidance opportunities.”

He continued, “Even a manufacturing company or a distributor will have some tech component in their supply chain or logistics management systems. There are likely cost-saving benefits and security precautions that can be uncovered during diligence.”