IT due diligence
An IT due diligence, which is an assessment performed on any company with a business that is supported or sometimes enabled by IT/digital capabilities, seeks to uncover performance, liabilities, key risks and opportunities as well as potential investment needs associated with the target company’s IT organisation and IT engine.
The aim is to ensure better valuation, risk mitigation as well as understanding of whether the target’s IT has what it takes to support the business in achieving its (future) strategic objectives.
It can be a challenge to get a clear and comprehensive understanding of the risks and opportunities related to the target’s IT organisation and IT platform prior to a merger or acquisition.
To ensure better valuation and risk mitigation and to determine whether IT has the necessary assets, resources and processes to support the business in achieving its future strategic objectives, it is essential to perform an IT due diligence.
An IT due diligence should therefore aim to uncover performance, liabilities, key risks and opportunities as well as potential investment needs.
Thus, an IT due diligence is the process of reviewing and evaluating the target’s IT strategy, IT architecture, application portfolio, infrastructure, IT procedures and security, IT organisation and IT financials.
IT and business are becoming increasingly intertwined, making it difficult to succeed with one without succeeding with the other.
Now more than ever, companies depend on IT to support business operations, manage transactions and enable new business opportunities.
Nevertheless, many due diligence projects still lack the required emphasis on IT – this despite the fact that 45-65%* of the expected value creation from acquisitions is directly linked to the success of IT integration.
Hence, it is a necessity to have an adequate focus on due diligence to uncover any potential risks and synergies in IT and prevent any hiccups in the transaction or during a potential integration later.
To derive relevant and valuable insights from an IT due diligence, it is essential to get access to certain information via key stakeholders and documents. The IT areas that need to be emphasised will be determined based on objectives of the transaction and the primary characteristics valid for the target’s industry.
An assessment of how well the IT strategy and roadmap align with the business aspiration and strategic objectives.
How are IT/digital capabilities used in the context of the target’s business?
Where does IT play a key role in supporting value creation?
What is the focus and relation to new technologies?
An assessment of how well the IT project portfolio is executed (including health check) and aligned with the overall strategy
What functions, processes and tools are in place to manage business requirements?
How does IT engage with business to co-drive requirement specifications?
How has IT performed in the latest corporate/customer satisfaction survey?
An assessment of the health of the application portfolio and the underlying architecture.
An assessment of the IT infrastructure and how well it supports current operational demands as well as future initiatives and expansions.
An assessment of the maturity level of the security and how well IT can withstand unintentional loss of information.
An assessment of the organisational structure and resources and how well they support the business operations.
Are past and planned IT expenditures in line with the IT strategy and business aspiration?
Typical IT due diligence at Implement takes approximately 2-3 weeks. The approach is hypothesis-driven with intense focus on data collection and validation through desk research and interviews with target and industry experts.
A core team experienced in performing IT due diligence is complemented by consultants with M&A or industry experience, and subject matter experts on the target industry are consulted as well.
In the first phase, we focus on building the right foundation, i.e. mobilising the right resources and identifying key focus areas and hypotheses.
Following this, we conduct a series of data collection activities. During this process, we test and validate key assumptions – which the chosen hypotheses are based on – and develop the actual report. In the final phase, we refine the report based on new insights.
"Since IT due diligence is very often severely constrained in terms of time and access to acquisition target personnel, it is often beneficial to articulate a number of critical IT hypotheses to test early and then broaden the capability overview to extend coverage as time and resources permit."Implement, M&A with Impact, 2018
The IT due diligence report shows the key findings of the investigated areas and main conclusions
An introduction to Technical due diligence
Technical due diligence
An introduction to technical due diligence: an audit, investigation or review performed on a technical/software company.
Implement Consulting Group