What is a Third Party IT Due Diligence Assessment?

Knowing the state of the IT function for your own company or one that you are thinking of buying can be assessed with IT-specific due diligence.  

For companies in the midst of a merger or acquisition, a due diligence assessment of their IT department is routine. There are other reasons to ask for due diligence including by the business owners to get a better picture of costs, risks and opportunities regarding the function of IT. In these scenarios, having an independent third party perform the assessment is beneficial.

• Regarding mergers or acquisitions, investors may lump technical due diligence in with the general activities performed by an accounting team. While independent, it doesn’t allow a thorough assessment with professionals that have in-depth knowledge and experience with IT-specific due diligence.
• Regarding an internal assessment, business owners may assign the task to their own IT professionals or IT consultants outside their offices. These may not be the best choice because they aren’t independent due diligence consultants and have a vested interest in the outcome.

This reasoning highlights why the responsibility for technical due diligence should be given to an independent IT consulting firm with specialized technical expertise. A proper IT due diligence consulting service will evaluate IT infrastructure, IT systems, processes and people, and also assesses risks, opportunities for saving money, and potential scenarios for the future.

What is Included in a Technical Due Diligence Assessment?

What is the Current State of IT Capabilities?

Every assessment should include the following:

• IT Systems Assessment. What applications are installed, and how well are they working? Do the currently installed applications make sense for a company of this size? Does the company maintain their applications properly with either internal staff or outside vendors? Do current users like the applications?
• IT Infrastructure Assessment. What hardware is leased and what is owned? What network infrastructure is currently used and who provides service? Are there any problems or issues? Who has the license? What is the market value of the IT equipment?
• IT Organizational Assessment. Does the organization have the right staff with the right skill levels? Are they comparable to other companies in this industry?
• IT Process Evaluation. Is there currently in place processes for developing applications, disaster recovery, operations, cost management and security? What best practices are missing that this company needs?

Is the IT Function Scalable?

After the initial assessment has been compiled, an IT-specific consultant can further assess whether the infrastructure is scalable for continued future growth. In addition, corrective actions required to fix any current issues are identified, and future IT scenarios are discussed. These can include upgrades, expansions, replacements of systems, integrations of operations with corporate parents or divisions, outsourcing any or all of the IT function or adoption of an enterprise IT architecture. Future planning can be done during the initial assessment or at a later date.

What Risks are Present?

An effective IT-specific due diligence can outline risks along with determining how to minimize them during a merger or acquisition or internal assessment.

• Disaster recovery and business continuity. Are the IT functions and systems adequately secured? What disaster recovery plan is in place? What backup procedures are implemented and when were they last tested? Are there any instances of non-compliance to regulations?
• New initiatives. Are there any system development projects currently? What should be done to make sure of successful completion?
• Key personnel. Which staff are the important resources to the IT function? What should be planned to mitigate the loss of key personnel?

What is the Budgetary Analysis?

How does the company’s budget compare to others in the same industry?

• IT spending and staffing benchmark. What is the budget for IT staffing and how does it compare to other companies? Should they spend more or less to be competitive?
• Opportunities for cost savings. Where are there opportunities to save money in hardware, software or managed services? Are all the outside contracts within normal spending for a company this size? Can any of the budget for the department be trimmed without sacrificing effectiveness?

Conclusion

This is the outline for a professional IT-specific due diligence assessment. Individual assessments are customized for each business to encompass all functions of the IT department including any outside vendors who service it. Independent due diligence offers an unbiased perspective for any situation that requires it.

Wil Buchanan