IT Due Diligence – An Introduction (Different Than You Might Expect)

September 2, 2022 Rafał Jasiński

Three hundred percent – that’s how much investments into tech-enabled businesses have grown during the last 5 years. In 2022, deals for pure-play technology companies compromise 31% of all buyouts. 

However, even in this tech-dominated landscape, IT due diligence is still performed by only a small percentage of investors.

And since today – more than ever – technology can make or break a deal, diligent IT due diligence is pivotal. Considering that nearly every company is now becoming a tech company, the importance of tech due diligence will only continue growing.

That’s why in this article, we’ll take a look at what IT due diligence is – and how to best approach it.



What is IT Due Diligence?



What is IT Due Diligence?


IT due diligence aims to assess the state of a company’s IT. Some view it as a subcategory of due diligence, performed before a merger, an acquisition, or an investment in any organization. Others see it as a completely different, independent process.

But regardless of the linguistic nuances, IT due diligence always seeks to uncover several indicators –like performance, liabilities, key risks and opportunities, and potential investment associated with the company’s digital products and IT stack.

The goal is to ensure better valuation, mitigate risks, and understand if the target’s IT is sufficient to support the business in achieving its objectives related to the M&A.


IT Due Diligence – Scope. What’s Included?


IT due diligence analyzes a number of factors and focuses on several areas. As mentioned, by uncovering potential issues, the acquiring party gets a picture of the state of the existing IT structures. Frequently, one of the most often (and/or closely) examined domains is security.

Overall, IT due diligence usually includes the review of:

  • data management and security,
  • security testing,
  • technical debt,
  • technical risks,
  • software licensing and open source components.

Historically, IT due diligence has been conducted with the most care on pure-play technology companies. Since their entire business model and technical capabilities usually were the main reason for the potential merger and acquisition, analyzing these parts of the organization was pivotal. However, since the use of technology in any organization only continues to grow – after all, we’re experiencing unprecedented digitization – and some have been arguing that currently, every company is a tech company, the use of IT due diligence is gradually becoming essential at every M&A.


New call-to-action


IT Due Diligence Checklist


A widely popular way of doing IT due diligence consists of relying on an IT due diligence checklist.

Many due diligence and consulting companies will have their own templates. The content of these pre-defined lists will often be similar. Most of them will start with listing the key IT resources – including hardware, software, and people. They’ll also provide an overview of annual costs related to IT hardware maintenance, detail current and planned IT initiatives (especially key projects), describe network systems, rate the capacity for growth in the target’s current IT environment, and more.

Yet, in our opinion, an IT due diligence checklist shouldn’t be the way to approach M&A in 2022. Especially if the investment in question is a pure-play technology company.

Of course, an IT due diligence checklist will provide some information about the acquired party’s current IT capabilities. It will probably give you a basic overview of the common technological aspects. This includes general IT administration, IT security, hardware, software, data privacy management, operations procedures, and more. So, at its core, an IT due diligence checklist will first and foremost provide an inventory of IT elements.

But crucially, what it won’t do – it won’t give you an answer if the M&A is a good investment from the perspective of your investment thesis.


IT Due Diligence Checklist – If Not It, Then What?


First, IT due diligence should be tailored to the specifics of your investment thesis and overall goals. For example, IT due diligence shouldn’t concentrate simply on a series of interviews, aimed to fill in a questionnaire, and a codebase scan, concentrating on the number of lines of code to assess the software quality and technical debt.

As we’ve mentioned, the above approach will of course give you SOME feedback about the discussed company’s technology. Yet, since it’s a very generic approach, it will only provide you with a general overview of an organization’s technological situation. Thus, such an assessment doesn’t offer much insight (not even to mention actionable recommendations). What’s even worse, such a broad review doesn’t rate the company from the perspective of the investment thesis and future business plans.

That’s why, in our opinion, a better way to approach IT due diligence is contextualized IT due diligence.


Contextualized IT Due Diligence


Contextual IT due diligence means analyzing a business’ technology from the perspective of the investment thesis.

That’s why the first step should also be – to establish why you want to invest in a given company. Then, perform IT due diligence to see if your investment thesis holds up.

Let us give you an example.

In some cases, a company’s flagship digital product or the way they are developing software may be flawless. Yet, at the same time, all these qualities could turn out to be without use from the perspective of your investment plans.

If, for instance, you’d be considering acquiring a company solely for one of their lesser-known products because you believe it would be a great solution to upsell to your existing customer base. However, it may very well happen that although the solution itself will be working fine at the moment, it has no scaling potential – and simply won’t work well technically for a larger group of users.

An contextualized IT due diligence can identify these issues and eliminate investment flops before they occur.

And since IT due diligence should be performed by people who develop software themselves, spotting these potential technology deal-breakers is way easier.

As a result, well-conducted contextualized IT due diligence can answer critical business questions related to the acquired party’s technology. Most importantly: 

  • identifying and describing potential technology deal breakers,
  • identifying technology-related risks (and the costs of addressing them),
  • listing the strengths of the target software, 
  • helping you to get a comprehensive overview of IT costs – both current and future (especially from the perspective of your investment plans). 


Get The Most Out of IT Due Diligence


IT due diligence seeks to uncover several IT indicators – including performance, liabilities, key risks and opportunities, and potential investment needs associated with the acquired company’s digital products and IT stack.

But importantly, a (sadly) industry-standard IT due diligence checklist won’t always protect you from the key dangers associated with mergers and acquisitions. That’s why you should consider going with contextualized, highly precise, tailored IT due diligence instead. Importantly, performed by IT experts who develop digital solutions themselves.


The Power of Outsourcing - Take the full advantage of tailor-made software

Latest posts