IT due diligence is often one of the most overlooked processes in M&A activity. Although many PE professionals are extremely thorough with their financial and legal diligence, IT matters tend to barely enter the conversation.
This is surprising and, in my opinion, a mistake. As Mark Cattini, President and CEO of AutoTask so aptly put it “You respect what you inspect.”
The Case for IT Due Diligence
Standard due diligence is usually performed at the request of a purchaser or investor. Clearly, the investor wants to make sure they are getting value for money and that they are not sinking their cash into a deal that is plagued with financial, legal or operational problems.
Before they invest, it is common practice to engage a lawyer, accountant, operations specialist, or a team of people to review the company’s records, interview the directors, officers, and key staff members, and to investigate all critical areas of the business and its operations.
A broad-based due diligence audit will normally consider such items as whether:
- intellectual property is securely held
- key trading contracts are in place, dependencies on a few large customers and/or suppliers
- key employee employment contracts exist
- leases are accurate and locked in
- litigation is in progress or is being contemplated
But what about Information Technology? From the perspective of the Private Equity firm it is therefore essential that any potential investor in a business understand the merits or potential pitfalls of the target company’s technology landscape and its future road map before any investment is made.
IT costs are a significant part of a company’s operational costs, and must be a serious factor in transaction cost assessment. Effective IT investment management directly impacts a company’s stability and value. Therefore, it is vital for the buyer and the seller to obtain full information on potential IT risks and problems including infrastructure and cyber security issues. Oversight of these crucial matters will often lead to unanticipated IT investment and possible regulatory or software compliance issues post deal.
What is involved in IT Due Diligence?
IT due diligence is focused on spotting and anticipating future problems and costs. The process can:
- Validate that current technology is scalable with the business
- Ensure that seller technology is not a high-risk legacy or proprietary offering
- Identify significant expenses that could be expected in future years
- Ensure compliance with licensing and service contracts
- Validate transition assumptions and prepare a transition plan
- Prepare a remediation plan for any issues uncovered
- Perform a security assessment to uncover any potential issues
Implications
Of course, virtually any technology issue can be remediated with adequate capital, which makes knowing about issues and doing something about them before the deal that much more important. Doing so allows you to incorporate it into how you ultimately price and/or discount the deal.
In the PE space it is now more important than ever to be proactive with IT due diligence. Do the work ahead of time to avoid pain later and don’t let hidden IT costs or risks sink your deal.