6 Critical Elements of IT Due Diligence for Private Equity Investors
Assessing Information Technology (IT) risks, capabilities, and maturity through IT Due Diligence ahead of an investment is critical to understanding whether a target’s technology infrastructure can support your investment thesis.
In an increasingly dynamic technology landscape, determining whether IT is creating, inhibiting, or destroying value is more important than ever before.
In every business, IT should be viewed as a driver of the broader organization and must be examined closely to ensure it is effectively and efficiently enabling operations. Working with a team of sector and technology experts to conduct a thorough review of IT provides investors with invaluable data to enable informed decisions.
1. Get A Holistic View of the Business
Performing IT due diligence goes far beyond counting IT assets. It should broadly and comprehensively evaluate the current-state IT capabilities and solutions to determine whether they will support future growth and potential add-on acquisitions down the line. Investors should take a 360-approach to the IT evaluation, asking questions such as:
- Has the target invested appropriately in IT?
- Does the target have a strategy in place to protect critical processes and intellectual property?
- Are applications that support critical business functions scalable with the company’s planned growth?
- What critical exposures does the company have to cyberattacks or other existential threats?
- Does corporate management have the capability to effectively manage IT costs and planned investments?
- How does the target manage sensitive customer and employee data?
- What is the level and quality of integration of historically acquired businesses?
2. Uncover Value Through Benchmarking
To understand whether the target’s IT solutions and capabilities are suited to the long-term investment vision, it can be helpful to benchmark with a relevant peer group on key IT value drivers including:
- Business enablement
- Application reliability and scalability
- Infrastructure reliability and scalability
- Data services and management
- Cybersecurity services
- IT operations management
- IT organization capabilities and size
- Governance and risk management
This comparative analysis helps investors understand how the target’s current-state IT function lines up with companies of a similar size and maturity to identify gaps or risks that may need to be addressed pre or post close.
3. Evaluate ERP system effectiveness
ERP systems sit at the center of the IT universe, making them either essential to value or a major roadblock. As part of the IT due diligence process, investors should conduct a health check of the target’s current ERP system, keeping the following questions front and center:
- Are applications and database performance interfering with operations or customer needs?
- Is the ERP system sophisticated enough to support the target’s post-close evolution into a strong platform for integration? Can it support bolt-on acquisitions?
- If target is a multi-business unit, are ERP solutions standardized across the business and scalable to support strategic growth?
If the target company does not have an ERP system in place, investors should look to determine whether their IT infrastructure is enabling key business practices and effective data use.
4. Identify Potential Data and Cybersecurity Risks
Conducting a full cybersecurity audit of the target prior to purchase is not always necessary or strategic, as they are often costly and time consuming. During IT due diligence, find out how the company is managing data collection and cybersecurity and if they have cybersecurity insurance – which is sometimes required by lenders.
At a minimum, it’s important to know:
- Does the target’s team include members with cybersecurity certifications?
- Are there plans in place to help detect, respond to, and recover from security incidents?
- How robust are protection policies? Is data encryption required?
- Are there tools and methods in place to prevent and detect insider and external threats?
- Does the target have quality data that can be leveraged for business decisions post close?
- Where is data stored? Is master data centrally stored and secured with robust hygiene practices? Are there any regulatory compliance requirements that apply to data storage or backup?
5. Assess the depth and breadth of the IT team
The target company’s IT leadership should have deep business acumen and a clear focus on business value creation. And investors should ensure the broader IT team has the right capabilities and resources to be effective – both now and in the future. Collaboration and structured training – as well as measurement to value-based KPIs – can be indicators of a strong team.
6. Fulfill reps and warranties requirements
To qualify for Representations and Warranties Insurance, banks will require information concerning the target’s current-state IT capabilities. The insights uncovered during the IT due diligence can directly answer many of these questions and the report provides concise documentation to share with deal stakeholders. Additionally, an IT due diligence service provider may provide representation on behalf of investors on reps and warranties calls.
IT is not peripheral—it is core to the success of any investment. Investors know that if IT does not adequately enable the portfolio company, value creation may not go as planned, and their investment may be at risk. Conducting IT due diligence to see whether the target company’s IT systems and cybersecurity will help or hinder the achievement of the investment thesis is a critical element to navigating a successful investment.
To discuss IT Due Diligence for your next deal, contact us today:
Contact Us Page End CTA
"*" indicates required fields