Before a company makes an acquisition they perform due diligence. Often they contract with a top accounting firm to perform financial and operational due diligence but today that’s not enough. Most companies are heavily dependent on technology to power their most powerful business processes and business applications such as Customer Management, Billing, Accounts Payable, and Supply Chain Management but many private equity firms and corporations don’t perform due diligence on the IT systems and assets before making the deal. That is why it is important that go through an acquisition IT due diligence assessment to identify the risks and potential integration costs before a final price is agreed upon. There are several areas to review and evaluate prior to a purchase so that you won’t have expensive surprises come up later. The following 4 pillars represent the IT systems and assets you should identify and assess as part of your overall due diligence efforts.
- What applications does the business rely on? Are these purchased applications or in-house developed? Taking an inventory of the apps will uncover many smaller systems that the daily operations relies upon but forgets they’re there.
- What are the dependencies of the apps on each other? Are they tightly integrated or standalone? Are they maintained in-house or by outside vendors?
- What is the opportunity to merge or delete applications? Are there client-side apps that could be done more efficiently in the cloud? What cost savings might be seen by modifying the application portfolio
- How long has the infrastructure been in place? A long-evolved system could be full of custom work, patches and “workarounds”, many of which may be undocumented.
- How accurate is the documentation? Is there a process in place to regularly review and update the documentation?
- What best practices were followed in the creation of the infrastructure? What was the management involvement in the overview of infrastructure changes?
- What type of disaster recovery and business continuity plans are in place and how current are they? How well do the plans match the infrastructure and has there been a live test of the plans?
- What is the status of the data center and network architecture? What security mechanisms are in place? How are changes authorized and implemented?
Service Desk (Automated vs. Manual Processes)
- How is the service desk managed? What situations are handled through automated functions versus manual intervention?
- How are patches and updates handled through the service desk? How are changes scheduled and what kind of downtime notification goes out to employees and, perhaps, customers?
- How are desktops and laptops distributed to staff? How are updates pushed out to the employee equipment?
- What is the status of warranties on the computing equipment? Are repairs being tracked and have warranties been used or renewed?
- What policies are in place for employee equipment? How do the policies manage applications on workstations and/or laptops?
- How is security managed on the workstation? How are data and applications kept safe?
Organization and Business Processes
- How efficient is the IT staff? Does the number and skill set of the staff meet the needs of the company?
- How are the IT skills kept current? What training is available to the IT staff?
- What are the critical IT services provided to the company? How do they relate to the important business processes and applications?
- What does the organizational chart look like for the IT area? Are there duplicate roles and skills?
Tying It All Together
Performing Acquisition IT Due Diligence, on the infrastructure to the decision makers, will give you an idea of what improvements can be made and where inefficiencies will cost you. While a well-managed IT department will be a great asset during an acquisition, one with a lot of issues could make the transition a very expensive prospect, both in dollars and resources.