IT/Cyber Due Diligence

This topic contains 5 replies, has 6 voices, and was last updated by  Hanen Dada 6 hours, 42 minutes ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #117669

    Kevin Ng

    Traditionally, it is easy to engage advisors to conduct financial, legal and tax due diligence. However, IT due diligence is a fairly new field that is important but seems overlooked by most buyers.

    With increasing digitalization and cyberattacks (i.e. customer data stored online, proprietary information and knowhow stored digitally) how does your organization go about engaging in IT due diligence for potential targets?


    Ceri Barton

    In the past, we have engaged sector experts/operators with proven successes who have strong technical experience related to the target’s nature of business.


    Luka Mladinov

    I am working for an IT consulting company. This is what we usually do in terms of IT DD.

    Define IT applications and systems owners for relevant business functions
    Create inventory of IT applications and systems
    Document hardware inventory
    Document infrastructure landscape:
    – Computing platforms (mainframe hardware, server hardware, operating systems, etc.)
    – Data storage and hosting (data center facility, disaster recovery, etc.)
    – End-user computing (client hardware, client operating system, etc.)
    – Collaboration tools (e-mail, handheld devices, office automation, etc.)
    – IT security (audit tools, authentication, directory services, encryption, virus protection, etc.)
    – Systems management (configuration / asset / change management, service/help desk, etc.)
    – Telecommunications (firewall, wireless, voice, data, etc.)
    – Identify business critical applications and infrastructure components


    Jerome Baumgartner

    we used to work through our traditional tax & finance experts who did develop in-house IT expertise. They would then mandate some experts for specific area where high expertise is required.


    Kar Wee Pee

    I think this is an area where cyber security companies are actually stepping in and providing reports that can aid in such evaluation.


    Hanen Dada

    I agree with you that this is an important area that companies needs to spend more effort in it. Depending on the deal, IT due diligence needs to be conducted internally if the resources available and/or through advisors externally.

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Loading.. Please wait