Part 3 takes a deeper dive into IT due diligence by examining a case study. By utilizing a comprehensive solution for calculating TCO and risk – ParaVerify IT – we were able to bring tremendous value to this acquisition process.
Let’s examine a private equity firm looking to acquire a national medical services company. By examining infrastructure and applications, IT security, service delivery and support, one can assign value to data and quantify risks that can impact acquisition priorities.
For this particular acquisition, the investor reviewed and catalogued all server-based applications, scrutinized hardware and software infrastructure architectures as well as voice and data network infrastructures, reviewed policies and procedures, identified major ongoing technology expenses, and reviewed all automation processes to determine if they were effective and enhancing productivity.
Some of the more significant efficiencies and deficiencies indentified included:
- A moderate to high risk to the company’s infrastructure environment due to explosive growth coupled with a poorly defined backup and recovery process.
- Spam filtering was adequate and viruses were rare and well contained.
- Data centers were not operating according to industry best practices.
- Hardware and software infrastructure architectures were modern and current, but interfaces between applications were inconsistent and required constant attention.
Business risks included:
- A disaster recovery plan that was incomplete, unclear and untested. Likewise, the company had no physical security plan. Mission- and business-critical systems were operating on a single, non-redundant platform.
- Power supplies were vulnerable and limited.
- There was a lack of succession planning.
- System interfaces were poorly integrated into financial software.
- There was no asset management or configuration management plan.
- Formal budgeting and planning processes were lacking.
- No external security audits were being performed.
By getting a clear picture of the entire organization prior to the purchase of this company, the investor was able to lower the purchase price by more than $1 million and gain a comprehensive understanding of IT infrastructure security threats and vulnerabilities. This was consistent with a typical assessment saving the acquiring company at least five times the assessment’s cost, and often much more.
So, the next time you are going through a merger or acquisition and want to make the best possible business decisions, include IT due diligence in the process. It will identify pitfalls that can save you a significant post-acquisition investment and, in some cases, could save you millions of dollars.