Key Elements of Tech Due Diligence

Key Points

• Tech due diligence is the process of evaluating a business’s technology, software and related components. The output presents the risk and potential value of tech regarding your opportunity, company, and industry.
• Tech due diligence is important as it assists the potential investor or buyer gain an accurate picture of a company, including its true value and potential for growth and risks.
• Key elements of tech due diligence include reviewing areas such as the IT strategy, software, hardware, and customer support.

What is Tech Due Diligence?

Technical (or tech) due diligence is the process of evaluating the tech, software, architecture and related components of a company. This includes its software, products, product differentiators, product roadmap, security, systems, and practices. It usually occurs in tandem with large corporate events, such as initial public offerings (IPOs), mergers & acquisitions, buyouts by private equity funds or during fundraising rounds led by venture capital firms and growth equity investors. The output presents both the risk and potential value of tech concerning your opportunity, company, and industry.

Simply put, it is a discovery process, and group of best practices and recommendations that provide help and guidance on important risk mitigation needs as well as opportunities for value creation. It highlights critical separation or integration areas that may affect the value of the deal. It also evaluates all the separate tech components in a company and everything needed to utilise that technology to find hidden threats.

The aim is to note down anything that could lead to less profitable transactions. By conducting tech due diligence, businesses can make quicker and better-informed decisions that impact value creation directly. Tech due diligence is part of the information-gathering steps in the M&A (merger and acquisition) and fundraising cycle. By conducting thorough tech due diligence, you will:

• Comprehend the true value of the target business
• Get a broad idea of risks in every area
• Make financial planning that is informed
• Develop a value-driven plan that compliments your value creation thesis

Why is Tech Due Diligence Important?

Tech due diligence is important as it assists the potential investor or buyer in gaining an accurate picture of a company, including its true value and potential for risks and growth. It considers factors including competitors, product differentiators, protections on intellectual property (IP), risks from the use of third-party software, and technological processes. Therefore, tech due diligence’s main outcome is identifying business and technology risks. The process notes costs, investments and opportunities and gives information on both growth and scalability for a private equity company. Moreover, the potential for tech to make or break deals in private equity has never been bigger. Here is why tech due diligence is essential for both the buying and selling side of M&A:

• The buy-side: The buyer (or investor) needs to understand the risks and potential costs that could affect the business. To have this understanding, the buyer requires detailed information on the target company’s IT capabilities, infrastructure, software, devices, potential security risks, tech stack, potential technical debt, and more. It also gives them a better understanding of the complexity levels regarding the carve-out or integration onto current platforms. Essentially, this process offers buyers peace of mind before committing to an acquisition.
• The sell-side: Tech due diligence is also the responsibility of the seller. Indeed, by providing a tech due diligence report to the buyer, the seller will find the process will become more streamlined and can ultimately result in a higher valuation overall. Identifying any issues and finding solutions before the sale is highly prudent as it will ease any stress and prevent unforeseen obstacles that might appear during the transaction process.

Tech due diligence checklists might have hundreds of items to consider depending on the company’s maturity and size. As we cannot feasibly cover every possible area of investigation in this article, below we have instead compiled a list of several crucial dimensions regarding conducting tech due diligence prior to any acquisition.

Key Elements of Tech Due Diligence

IT Strategy

It is important that you start by considering your IT strategy and roadmap across the entire organisation. Having good Strengths, Weaknesses, Opportunities, and Threats (SWOT) competitive awareness is also key. If you do not understand the current tech strategy, you will fail to comprehend the extent of the investment opportunity. This includes understanding how far this strategy can scale. An excellent IT strategy is one that ensures there is a strong and extended vision that presents a roadmap. This roadmap should line up primary business strategies, aims, and initiatives with IT initiatives, and should also have the support of budgets and programme schedules. Below are some main areas to address when considering this key element:

• Existence of a strong roadmap with propagation and documentation
• Roadmap viability of execution by the team
• Both alignment and collaboration with the business strategy and roadmap
• In-depth product strategy that includes how tech evolves
• Total SWOT awareness (and inclusion in the roadmap)
• Capability to address the needs of the market with transparency on product or service gaps

Cybersecurity and Network

Ensuring that your company has the ability to defend against data breaches can strengthen its reputation. Therefore, reviewing all cybersecurity and network procedures and processes is imperative. The aim is to explore privacy and security as a total layer end-to-end, including controls, practices, design, policies, mitigation, implementation, and vulnerability detection. Below we detail several areas to consider:

• Assessment of personal data and Health Insurance Portability and Accountability Act (HIPAA)
• Data security
• Physical security
• Logical security
• Policies and procedures
• Security approach
• Security education within the company
• Inventory and ownership
• Data storage and access permissions
• History of breaches and management
• Monitoring and intrusion detection strategy

IT Staff Organisation and Leadership

It is important to ensure that your staff are not a liability and explore the tech team setup and health. Technical resources require formal documentation around vendor management, upgrades, support, and platform interdependencies. Identify the main employees on the IT staff who will lead transformation efforts through the M&A process. The following should be assessed:

• Staff maturity
• Staff culture
• Staff readiness
• Operation sophistication
• Key leadership
• IT leadership (and the extended team)
• Supplier and vendor management
• Delivery of service
• IT spend
• Tech debt
• End-to-end organisational setup and reporting structure
• Ability to draw and retain talent (such as attrition trends)
• Level efficiencies in operation

Business Applications

This element of tech due diligence involves a range of core business applications and includes areas such as Human Resources (HR), sales, and finance. The reason for this element is to realise scalability, documentation gaps, reliability, and hindrances that affect speed-to-market. The areas to consider include:

• Maintenance
• Architecture
• Delivery models
• Whether these business applications are manual or automated.

Several risks may arise in this area, such as ineffective procedures and policies, disaster recovery gaps and planning, and business and IT alignments.

Software

Another important item on the checklist is to conduct a software review. This includes:

• IP
• Software development and documentation processes (for instance, enterprise applications and open-source components).
• Proprietary software (review documentation, code strengths and weaknesses, platforms that use the software, and software versions)
• Packaged software (review customisations, security patches, software versions, and processes where the software has been integrated)
• Considering if the software remains supported
• Considering the costs associated and if there are contracts in position
• Determining if the software programmes are vital to business operations

Hardware

Like software, assessing physical equipment is also an essential aspect of tech due diligence. This physical equipment might include phones, computers, servers, printers, vehicle fleets, storage, and production equipment. When considering these, you should review several aspects of the lifecycle of these terms, including:

• End of life considerations
• Support terms
• Related costs and charges
• Replacement timing

This is a critical element of due diligence as it assesses technical debt, which can have an impact on procedure and process in the future. You will conserve resources, finances, and time in the long term by reviewing and managing hardware lifecycles.

IT Infrastructure

The aim here is to explore the comprehension of the infrastructure deployment model and if it is suitable for investment thesis as well as current or future architecture needs with appropriate costs. The focus should be on cybersecurity, cross-data leverage, and line-of-business tools. This element involves looking for any inefficiencies in procedures and policies. Areas to consider include:

• The scalability of infrastructure
• The resilience of infrastructure (does it have the capability to recover from failure?)
• Compliance standards and audit frequency
• Cybersecurity process and practices (e.g. incident response, intrusion detection, vulnerability scanning, and penetration testing)
• Business continuity and disaster recovery testability and plans
• End of life assets
• Evaluation of operating stability
• Telecommunications infrastructure (e.g. call centre data, internet systems, call analytics)

Customer Support

The element considers how employees work with IT to engage with customers. Analysing the customer support systems part of IT infrastructure can inform you of several factors, such as customer satisfaction levels, general customer service workflows, staffing levels, and opportunities for automation or improvement. Customer support is one of the most essential components of tech due diligence and should be seen as a high priority. Because the customer experience is digital, connecting with them through the correct digital channels and technology they prefer is a critical aspect of digital transformation. The top areas to explore for customer support include:

• Feedback on the product
• Rates of escalation and management process
• Defect rates and management process
• End-to-end customer support process
• Delineating between engineering and support responsibilities
• Support tools ecosystem and rationalisation

Carve-Out Situations

Our final key element, carve-out situations, involves exploring the ability of a company to function as a stand-alone entity and comprehending end-to-end capabilities, dependencies, and IP ownership. The primary areas to review include:

• Security gaps
• IP concerns and contractual agreements
• Hosting and deployment independence
• Responsibilities and roles
• Line-of-business tools dependencies
• Organisational chart post-split

Final Thoughts

Technology due diligence is when you evaluate the technology and related components of a business. It presents the risks and potential value of tech relating to your opportunity, company, and industry. It is imperative to conduct tech due diligence as it helps a potential buyer or investor gain a precise picture of a business, such as its actual value and potential for both growth and risks. There are numerous key elements of tech due diligence to review, such as the IT strategy, software, hardware, and customer support.