Ultimately, value creation is at the heart of any investment thesis, and looking at IT from a “business relevance” standpoint is critical to making sound investments. This requires viewing IT as a driver of the broader organization and examining how effectively and efficiently it enables operations and corporate functions. An IT due diligence partner can provide PE investors with this critical business-driven insight, leveraging the following best practices:
Performing IT due diligence goes far beyond counting IT assets. It instead seeks to broadly and comprehensively evaluate the target’s current state of IT capabilities and solutions to determine whether it will help enable the achievement of the investment thesis. This will help set the stage for successful integration down the line. PE investors should take a “business first” approach to the IT evaluation, asking the following questions:
To understand whether the target’s IT solutions and capabilities are suited to the long-term investment vision, it can be helpful to compare against companies of similar scope or stage in their lifecycle.
Benchmarking against common-sized firms can offer data-backed insights to help PE investors form connections between risks and opportunities. It is critical to review IT strengths, weaknesses and opportunities of portfolio companies through a combination of analytical tools and forward-looking industry perspective. Armed with this intel, PE investors can gain a customized understanding of the business-specific impact of existing IT, the short and long-term risk propositions, and the context within which both exist—all while assessing and confirming value.
After conducting a deep exploration of the target company’s overarching IT vision and goals and ensuring standardization is a core strategic tenant, evaluating the organization’s current ERP system is a critical next step. ERP systems sit at the center of the IT universe, making them either an essential driver of value or a major roadblock in an acquisition investment. As part of the diligence process, PE investors should do a “health check” of the target’s current ERP system, keeping the following questions front and center.
In the event that the target company does not have an ERP system in place, investors should look to determine whether or not their IT infrastructure is enabling key business practices and effective data use.
Conducting a full cybersecurity audit of the target prior to purchase is not always necessary or strategic, as they are often costly and time consuming. Before moving forward with a deal, however, PE investors must find out how the target is managing cybersecurity, including key capabilities and areas of risk, and whether the business is a sound investment.
Finding out whether the target has engaged a third party for a cybersecurity audit in the last year and/or developed a multi-year prioritized Cybersecurity Improvement Plan based on the findings is the most important step to take. With that intel in hand, investors can then explore questions such as:
PE investors should evaluate how data is being managed within the target company to uncover risks and opportunities associated with the acquisition investment. Questions to ask include:
The target company’s IT leadership should have strong business acumen and a clear focus on business value creation. To gauge leadership capabilities, PE investors should ask:
The days are long gone when leaders could run a business without IT. PE investors know that if IT does not adequately support the portfolio company, value creation may not go as planned, and their investment may be at risk.
IT is not peripheral—it’s core to the success of any investment. Doing the diligence to see whether the target company’s IT function will help or hinder the achievement of the investment thesis is critical to making sure deals are done right.