- This topic has 6 replies, 7 voices, and was last updated 1 year, 6 months ago by
.
-
Posts
-
With the world’s increasing dependence on technology and the internet, no company or organization can function without strategic, dependable, and secure IT sector. Without which a company opens itself up to cybersecurity threats that can be as paralyzing as commercial or legal pitfalls. In your opinion, will IT due diligence increase in its importance and criticality pre-acquisition.
Absolutely, yes. It has become critical in “low-tech” sectors such as utilities and certain infrastructure segments due to the vulnerability of systems to cyber-attacks. As other industries traditionally considered low tech (trucking, transportation, logistics) adopt IoT and smart devices to track and manage assets, it will be increasingly important that their hard- and software infrastructure be closely reviewed by prospective buyers.
Yes – especially pre-acquisition. We see a sharp spike in cyber attacks on our company (or on the company we acquired) once the deal announcement is out.
I think that in every due diligence, baseline IT due diligence has to be conducted as you have rightfully mentioned, most companies would have core IT infrastructure for its operation e.g., software for payroll, CRM and finance, and hardware for its servers and company-issued devices. For deals involved tech companies, then IT due diligence would be all the more crucial as the value in tech companies largely stems from the software it develops and the intellectual property it owns e.g. software patents. Red flags which one should be looking at are – running outdated/vulnerable software on systems, investigation by privacy or cybersecurity regulatory authorities, not holding the appropriate software licences required for the business, not having proper data protection policies and processes in place, failing to protect and enforce the IP comprised in its software products.
I once had a conversation about this very topic with one of the big four. I think IT alongside People and Culture are two of the big rocks around which integration need to be planned.To Dorminic’s point there are key systems often integration into ERP’s and key business metrics that are the backbone of the business. These must be accounted for in the DD process including all aspects of IT.Depending on the type of business, IT can play a central role too. So yes I completely agree that IT as a partner in business transformation and operations is a key part of DD.
I believe that IT Due Diligence could be critical in some cases. For example, if the acquired and acquiring company are having different processes and the goal is to fully integrate both businesses. It would make sense to check if the current IT landscape can manage the required integration.
In my experience, IT due diligence and Finance/Accting Due Diligence are the most time consuming aspects of the pre-acquisition process. Understanding systems, gaps in systems, potential use of unlicensed or improperly licensed software all pose substantial risks. In addition, making a plan for integration post-acquisition that won’t leave the acquirer supporting multiple platforms and workflows, thereby increasing costs and resources required to support the acquired platform, is critical to success.
- You must be logged in to reply to this topic.
