What is Due Diligence?
Due diligence is considered as a process of investigation and research on a particular process or transaction. The main aim of due diligence is to find out any form of inconsistency in the process or operation. Due diligence exercises are carried out to find out any kind of potential problems within a business. Research conducted on the business is to understand whether the investment is beneficial for the firm. IT due diligence is a form of due diligence that is carried out by an organization.
Different types of Due Diligences
In a complex M&A transaction, the following due diligences have to be carried out:
- Financial Due Diligence - In this due diligence, the target company's financials are investigated. The buyer has to know if there are flaws on the financial aspects of the target company.
- Legal Due Diligence - This is conducted to understand whether the target company has any form of legal suits against it. Apart from this, this due diligence also looks into requirements such as permissions from the respective regulatory authorities.
- Tax Due Diligence - This is conducted to understand whether the target company has paid tax returns and complied with the relevant income tax laws.
- IT Due Diligence - This is conducted to get to know the IT infrastructure offered by the target company. IT infrastructure would include the following:
a) IT Systems Infrastructure.
b) Access to Servers.
c) Physical Integration.
Why are IT due diligence services conducted?
IT due diligence services are carried out for the following reasons:
- IT systems within a company are complex. They are also interlinked with all essential business functions of an organization. An organization would want to have uninterrupted access to business. Hence due diligence survey is conducted into the present systems in an organization.
- Due Diligence survey is usually conducted by an external consultant or a third-party organization. An organization cannot waste time and expense in recruiting an in-house team to carry out due diligence. Hence an external consultant such as an accounting firm, consulting firm, law firm or an investment bank is recruited to carry out due diligence on the target company.
- Due diligence is carried out to understand the complexities of the target company. If there are any potential threats present in a target company, this can only be understood by carrying out a due diligence exercise.
- The due diligence process for an organization is crucial, as it determines whether the purchase is viable or not.
- Due diligence is carried out to enhance the business's present goals and concentrate on improving the functions of the business.
- IT due diligence is critical as it involves integration with all systems in an organization. Carrying out this form of due diligence would be a complicated task, especially if the transaction is involving global takeovers.
Importance of carrying out IT due diligence
As mentioned earlier, IT forms an essential part of the business structure. All business functions in an organization are interlinked with one another. This would include the finance department, the Legal Department, the Human resource department, and the business development department.
Hence, when a company is acquiring another company, it is crucial to carry out a detailed due diligence exercise on the target. The buyer will want to know the company's performance and analyze the facts from the due diligence report. The company would determine the ownership cost of the IT infrastructure. Apart from this, the due diligence conducted must showcase that the company IT infrastructure will not be an issue to further transactions carried out by the company.
Procedure for IT Due Diligence
There is no particular procedure for an organization to conduct IT due diligence. An organization requiring IT due diligence must approach an external consulting firm with its requirements. The organization's requirements would vary depending on their operations, size and the types of softwares used. The due diligence process for IT is divided into pre-merger and post-merger services.
- Step 1- First and foremost, the IT and software requirements of an organization must be understood. A due diligence questionnaire is exchanged between the parties. In this process, the third-party due diligence provider must understand the company’s goals and future business plans.
- Step 2- In the next step, the organization should provide details of all the databases and software used. This would make the work of a due diligence consultant easier. The consultant will analyze the buyer’s requirements (organization) and the offerings made by the target company. If the requirements are matched, then the organization can go ahead in carrying out the transaction.
- Step 3- In modern and sophisticated due diligence exercises, data rooms are used to store crucial information of the target company. The use of cloud-based management tools and drives has improved the due diligence process of an organization. Organizations can use cloud storage to improve their access. Software and applications of the target would be synchronized and stored in the cloud.
- Step 4- The consultant will assess and analyze the support services present in the target and potential business contracts which the target has entered into for securing software services.
- Step 5- Following the above four steps, the buyer can proceed with the final step of going ahead with the transaction. Integration is the key to IT systems within a company. Once the transaction is complete, the consultant will prepare a report on the post-merger IT problems faced by the organization. If there are any post-merger issues, it will be resolved by the IT experts of the organization.
Elements of IT Due Diligence
IT due diligence would not only deal with investigations into IT architecture and infrastructure. It would also include dealing with day-to-day IT matters that affects the organization's operations.
The following elements have to be carried out in information technology due diligence process:
This will involve the functioning of the servers in the organization. An analysis will be conducted on the working of the organization. Whether wired servers or wireless servers are used? On this day, businesses around the world use wireless servers for conducting businesses. There are various loopholes and glitches in using these servers. Therefore general IT administration and support investigation must be carried out by the due diligence consultant. This will cover all interfaces used in the organization. The consultant will have to look into the interface used by the target. Looking into the general administration of IT for the target would completely be an onsite process. Apart from this, the following have to be looked into:
- Information on any form of project which involves IT products and infrastructure.
- List of the critical IT products, software’s and key personnel involved in the organization.
- Diagrammatic or Graphic representation of the connections, servers, and storage devices used by the firm. The use of servers will also include any form of cloud-based servers.
- Information on hardware and network administration of the target company.
- Information related to any suppliers or vendors used by the company.
- Information on the amount spent on IT infrastructure annually.
- Cost for maintaining IT software and hardware.
- Any form of supply chain contracts where IT is involved.
- IT growth plans of the buyer.
- Information on the target company plans.
Administration of Software Services
This is another important facet of IT due diligence. Software is essential for any organization. An organization cannot run without any software interface. Some of the key things to find out are what software the target company uses. Apart from this, the buyer also has to find out information on relevant hosting systems used by the company.
The company also has to look into the following:
- The target company uses current interfaces and software.
- Information on the Service Level Arrangements (SLAs) which the target company has entered into.
- Information on Databases used by the company.
- CRM Software’s used for-
a) Human Resources.
b) Payroll Management.
c) Project Management.
d) Document Management.
- Information on current spyware and antivirus used by the organization.
- Activities and information on the use of any form of open-source system by the target.
- Third-Party Software Support Services that are used by the company.
- Reviewing and Vetting current and future software contracts.
- Analyze the use of any form of back end software.
- Information on the current level of automation, which is used by the organization.
- The software's used for supporting Artificial intelligence, the Internet of Things, and Big Data.
- Information on the target’s software development plan.
Evaluation of Hardware Systems in a Company
- Information on the Number of Laptops, Desktops, Smart Devices, and Mobile Phones used by the company.
- Amount of tablets used by the company.
- Information on the number of hardware servers used by the company.
- Diagrammatic representation of the IT configuration.
- Information on the maintenance of IT systems.
Privacy and Data Access Management across the Company
- Ensure that there are qualtity standards of data protection across the company.
- Ensure that there is no breach of company data or customer data.
- Ensure compliance is followed as per the General Data Protection Regulation (GDPR) and relevant domestic law.
- Carry out any forms of audit on the data management by the company.
Operation and Procedures
- Measure and take statistics on the number of cyber threats.
- Alertness time for incident response.
- Differentiate between various systems and users of an organization.
IT Infrastructure Security
- Information on the security protocols followed by the organization.
- Testing and Monitoring Measures, followed by the company.
- Classifying Data as personal and non-personal data.
- Carrying out stress testing and identity access management in a company.
- Information on antivirus software’s in the company.
- Information on the number of issues lodged by the company.
IT Team Development
- Understand the IT team hierarchy.
- Whether a technology officer heads the staff.
- Information on strategies followed by the staff.
- Current details of the projects on which staff are working.
- Understand whether the IT team is in-house or outsourced.
- Forms of training carried out for IT development.
- Look into the disaster management policy of the organization.
- Ensure that there are sufficient backup systems for handling any form of disaster.
Enterslice Benefits -IT Due Diligence services
- Enterslice is a recognized management consultant in providing due diligence services.
- We have experience in the IT due diligence process, which will help your organization.
- Experts at Enterslice have conducted due diligence exercises with the primary objective of adding value to your organization.
- Multi-faceted teams of professionals comprising of Chartered Accountants, IT professionals, lawyers, and company secretaries.
- We have extensive experience in handling matters related to mergers, taxation, and accounting matters in India.