In part two of our due diligence blog series, we lay out the essential elements of conducting an IT due diligence assessment.
Due diligence is the best method for a company to protect itself during the merger and acquisition process. Often, companies overlook technology as part of the overall scope of due diligence, but we can’t overstate its importance.
Technology, and the risks it incurs, plays a major role in the operation of companies today. It has a direct impact on the overall well-being of a company. Conducting IT due diligence up front can help acquiring companies avoid unplanned costs, circumvent hidden vulnerabilities, and aid in negotiations between the involved companies.
In the first part of our series, we discussed the value of incorporating IT and business process reviews into due diligence, but what are the steps in conducting an IT due diligence assessment? Below, we’ve outlined the first two steps in a successful assessment approach:
Step 1: Initiate and Scope Effort
While this step may seem simple, you’ll set your due diligence assessment up for success if you ensure you’ve clearly defined your project and adequately prepared.
- Identify the Scope: The scope of any due diligence process should involve leaders from both companies, who come together to make sure there’s a shared understanding of the process and expected outcomes. Goals may vary by the scale of the transaction, risks involved and opportunities that you will realize through the merger or acquisition.
- Select an Approach Method or Style: What does your approach include? Because each negotiation is different, parties at the target company may be friendly or hostile. Have a conversation about what you should or shouldn’t say and how to work with members of the team. It’s important to tailor your due diligence methodology and approach style with the target company culture.
- Create a Resource Plan: Identify key players on the team and establish contact information and calendars. These people will help define strategic objectives, set direction and ensure you can resolve issues promptly.
- Issue a Document Request: Issue a request for necessary documentation. These might include architectural diagrams, contracts and license agreements, partnership agreements, employee information, and other technology-related documents of value.
- Review Privacy Requirements: Acquiring companies should ensure IT understands the confidentiality and privacy requirements of the target company. Various laws govern the use and disclosure of personal information during and after an acquisition, all of which you should make sure you thoroughly understand.
- Build a Project Charter: Build a charter document that outlines the project plan, resource requirements, timing, objectives, stakeholders, and how you will carry out the project. The project charter recaps the project’s scope into a comprehensive document you will use throughout the due diligence process.
Step 2: Assess Current State
To assess the current state in your IT due diligence, the acquiring company must gather information through interviews, system audits, and relevant documentation. Evaluating the IT infrastructure, including business operations software and licensing, will allow the acquiring company to better understand whether the interests of the two businesses align strategically and provide insights into the target company’s system capabilities, future investment needs and IT risks.
As mentioned, other key areas when assessing the current state include the target company’s IT risks. Cybersecurity, data loss protection, contract liabilities, technology, cost base and employee flight risks are some of the areas you should evaluate.
Because the acquired company’s legal obligations may transfer to the purchasing company, ensuring a comprehensive current state assessment will help keep companies from engaging in time-consuming and costly legal disputes.
Once you’ve had conversations with leaders, IT staff and other parties and carefully documented your findings, you’re ready for analysis. This is the final step of assessing the current state and will prepare you to create a final report you can present to both acquiring company and target company leaders.
Review all information collected and answer critical questions such as:
- How do the IT governance process, architecture and budget align with the objectives of the company?
- Are there gaps in technology that will require significant investments?
- What risks and vulnerabilities exist?
This process also enables you to find opportunities, whether it’s to prepare for company growth, to acquire technology, to synergize operations, or other driving factors for the acquisition, which will help you integrate post-merger.
It’s easy to overlook technology in due diligence, but taking the right steps to evaluate processes is essential in planning post-merger activities as the deal progresses. And while conducting due diligence is not easy, it’s well worth the effort to identify assets and risks that may assist in overall negotiations and help ensure there are no surprises after the merger or acquisition.
In the final blog in this series, we’ll discuss post-merger integration, which covers the final two steps in our assessment approach: designing the future state and building a roadmap and execution plan.