Sesai - the Wisdom of Change
Home Is your IT fit? Our blog CIO corner Site map Contacts

IT Due Diligence : ensuring "Fit to Buy"

In a previous post, I talked about detailed IT integration planning starting with a solid IT assessment. This should be provided by a thorough due diligence process. So what is due diligence, and how should it be undertaken from an IT perspective?

What is Due Diligence?
Your company has decided to grow by acquiring another company. It will want to make an investment decision based on the worth of, and the risks associated with, the target company. Due diligence informs this decision-making process of the risks, exposures, financial requirements and opportunities relating to the acquisition. A key objective is to uncover any material issues that would cause your company to cancel the deal or to revalue the purchase price. You will find issues (every company, including your own, has them). The key here is whether they are material or not.

Due diligence can take from 30 to 90 days to complete, depending on the size and complexity of the target company. It is undertaken in the period after the initial approach has been made and before the deal is closed. Some acquiring companies focus just on the financial aspects of a deal and don't leave sufficient time for a thorough due diligence. Caveat emptor - let the buyer beware.

Undertaking IT Due Diligence
The IT due diligence report provides an assessment of the target company's IT, quantifies any risks to business continuity, outlines the required operational and capital expenditure for the first 12 months of the merged company, identifies the opportunities for synergy and defines the high level integration plan. The steps in its development are:
  • understanding your business's expectations and assumptions relating to the acquisition (for example: will the target company be fully integrated, kept as two separate entities, or a hybrid; are cost savings being factored into the deal business case; and is there a timetable associated with the integration?)
  • collecting and reviewing the available IT documents relating to the target company's business applications, IT infrastructure, IT organisation, operating & capital budgets, and current IT projects
  • conducting interviews in the target company of senior/department management and key individuals in the IT organisation. Providing the interviewees an outline ahead of time will enable them to prepare and bring along any appropriate detailed information
  • reviewing the non-IT business documents collected by the other due diligence streams to see if anything impacts the technology assessment (for example, procurement agreements and office space contracts)
  • analysing your findings, which includes quantifying the key business risks you've identified
  • producing the IT due diligence report and presenting the executive summary to your company's deal team
Except where Stock Market disclosure requires it, due diligence is often undertaken before a formal announcement is made. The target company will be nervous about word getting out to its customers and employees before the agreement to sell has been reached. You could be competitors. Uncertainty creates unrest. So be discreet (something for which IT folk are not best known!). Don't mention due diligence in any interaction with the target company. And have agreed answers to their employees' questions such as "Who are you?", "What are you doing?", and "Why do you need this information?".

One last point. The availability and quality of the documents you request will tell you a lot about how well the target company's IT organisation is run. If the boot was on the other foot, what impression would an acquirer get of how well you run your company's IT? [For example, when I was CIO of PwC Consulting in Europe, I undertook a regular assessment of our IT. As well as providing a very useful review point for us, it positioned the IT team extremely well during the company's flotation and subsequent acquisition by IBM.]