IT Due Diligence
A due diligence assessment of an organization’s IT function is often required by investors, as part of a merger or acquisition. It may also be required from time to time by the owners of a business, to ensure a better understanding of the opportunities, costs, and risks involved in the IT function. In either case, there are benefits to having a specialized and independent third party perform the assessment.
In the case of acquisitions or mergers, investors often treat IT due diligence as part of the general activities performed by the accounting team. Although there is independence, this can be a mistake if the professionals involved do not have in-depth knowledge of IT or routine experience conducting IT-specific due diligence.
In the case of an internal assessment, the business owners may assign the job to the IT organization or to consultants who work with the IT group on a day-to-day basis. Although this approach involves IT specialists, they are not independent consultants and have a vested interest in the outcome of the IT assessment.
Clearly then, the responsibility for IT due diligence should be assigned to a consulting firm that has both the specialized expertise as well as the independence to ensure that the job is done right.
Our IT due diligence consulting service evaluates the current state of the organization’s IT systems, IT infrastructure, people and processes, identifies opportunities for cost savings, assesses risks, and outlines scenarios for future systems. Our IT due diligence assessment covers the following areas:
Current State of IT Capabilities
We begin with an existing IT systems assessment, and IT infrastructure assessment, an IT organizational review, and an IT process evaluation.
IT Systems Assessment. What application systems are installed, and what shape are they in? Are they suitable for a company of this size, in this industry? If they are packaged systems, how well are they supported by existing staff or vendors? Are users satisfied?
IT Infrastructure Assessment. What IT hardware or lease obligations are on the books? What network infrastructure is in place? Who are the service providers? What problems or issues are there? Are there any issues with software license transfer when corporate ownership changes? What is the market or liquidation value of certain equipment?
IT Organizational Assessment. What is the size and skill level of the existing IT staff? How does IT headcount and staff mix compare to others in this industry?
IT Process Evaluation. What are the current processes for applications development, IT operations, disaster recovery, IT security, and cost management? What IT management best practices should be implemented?
Based on our assessment of the current IT capabilities at the target company, we can assess whether the IT infrastructure is scalable to support its anticipated growth. Our IT consultants can also identify corrective actions needed to fix current problems and outline future scenarios for IT. Future scenarios could include expanding, upgrading, or replacing certain systems, integrating IT operations with a new corporate parent or other division, outsourcing some or all of the IT function, or adopting a new enterprise IT architecture. Scenario planning can be done as part of the initial IT assessment, or as a follow-on project in more depth.
During a merger or acquisition, an effective IT due diligence process can minimize risk, improve the odds of success, and increase the value of the deal. The same considerations also apply when we perform an IT assessment for internal purposes.
Disaster recovery and business continuity. Are IT systems adequately secured against intrusion or known vulnerabilities? Is there a disaster recovery plan? Are backup/recovery procedures implemented and tested? In regulated industries (e.g. life sciences), are there risks of non-compliance?
New initiatives. What system development projects are underway? What is the status? Should they continue? What should be done to ensure successful implementation?
Key personnel. Who are the key resources, who need to be retained? What actions should be taken to mitigate the risk of loss of these key personnel?
In some cases, IT organizations may have a cost structure that is higher than necessary. In other cases, the organization may be underspending relative to its industry peers.
IT spending and staffing benchmark. How do overall IT spending and staffing levels compare with others in this industry? Should this company be spending more, or less, on IT?
Opportunities for cost savings. Are there opportunities for data center or server consolidation to create value or improve performance? What maintenance, telecom, and service contracts are in place? Are rates competitive? Is there unneeded or unused coverage? Can certain IT capabilities be more cost-effectively performed by outsourcing? If outsourcing is currently in place, can certain functions be more cost-effectively delivered internally?
Our structured methodology allows us to deliver an IT due diligence within short deadlines. And our strict independence from technology vendors gives us an unbiased perspective that is essential, whether for investor due diligence or for an internal assessment.