IT Due Diligence for M&A – A Value Creation Approach

Most senior executives would agree that a company’s information technology (IT) capabilities can be a significant strategic asset. Yet all too often M&A IT due diligence efforts are narrowly scoped to simply identify any “skeletons in the closet” – the potential value destructors. In our M&A consulting work across a range of industries, we find that taking a more holistic approach to IT due diligence yields greater insights about how the target company’s current and future IT assets and resources can create unique value and enable profitable growth.

This value creation approach to IT due diligence is organized into three key assessment work streams: market fit, scalability, and risk. For sure, the effort must take a hard inside look at the IT systems, internal users, and organizations responsible for them so as to validate the statements in the seller’s offering memorandum and to flush out any skeletons. At the same time, the approach seeks an outside market- and competitor-driven perspective of the company’s IT. Combined, the outside and inside perspectives drive the value creation approach.

IT due diligence step 1: Market fit assessment

The market fit assessment uncovers how well the company’s IT capabilities match current and future market needs, align with Management’s growth strategies, and stack up to competition. Taking this outside-in approach also can identify new avenues for growth and competitive advantage enabled by information technology.

To assess market fit, we recommend:

Customer research: IT functionality and performance directly impact customers, whether they are hands-on users of the systems or benefit indirectly through enhanced products or services. Conducting customer interviews during due diligence provides invaluable insights about how customers use and derive value from the IT, how competitors compare, and ideas for improvements. Questions about evolving information needs and preferences can be woven into customer satisfaction interviews, giving customers another avenue for feedback and helping Management frame the IT roadmap.

Supplier/business partner research: Likewise, suppliers, business partners, and other intermediaries may also deliver more value to the company and its customers when backed by the right company IT capabilities. Telephone interviews or site visits can uncover performance or functional gaps. At the same time, business partners are often eager to share competitive insights and how closing gaps or enhancing IT might fuel more mutual growth.

Competitor benchmarking: Interviews with selected competitors and their customers and suppliers can be quite revealing. When these are combined with public information and proprietary research reports on IT capabilities, this benchmarking identifies strengths/weaknesses, spending trends, development priorities, and use of third-party solutions.

Third-party IT provider research: For some companies, the kinds IT systems used to run their business may also be offered by third-party software providers, and indeed such systems may be used internally and by competitors. In this step, the company’s IT capabilities are assessed against these third-party technology providers’ current offerings, future releases and development plans. This research can be executed directly with these providers and by accessing industry and technology research reports. Insights gleaned here can also help provide guidance to the buyer and the Management team regarding IT make vs. buy decisions post deal close.

Internal user research: Internal users, particularly those with close proximity to customer “moments of truth” are well positioned to provide feedback. This entails the user interface, functional and performance gaps (and related customer service gaps and complaints), improvement ideas, and what they might know about competitors. Individual interviews or focus group-style, consultant-led sessions are common and effective research approaches.

Customer, supplier and internal user research into the IT market fit can often be efficiently tucked into a broader due diligence research program. For further insights, please see: Middle Market Missteps: Lessons from acquisition due diligence.

IT due diligence step 2: Scalability assessment

The scalability assessment work stream addresses key questions about the ability of the company’s IT capabilities to support growth. That is, can the components – software, hardware, applications management, maintenance processes, the IT organization itself – scale up? How well can the company accommodate new functionality, handle increased transaction and data storage volumes, integrate into new internal/external systems, migrate to new technology platforms and protocols, and add new users and geographies?

Key technical areas to consider in the scalability assessment are:

Systems architecture and applications stack
Hardware (internal or externally provided, i.e., outsourced/Cloud)
Transaction capacity
Functional add-ons
Integration
Mobility
User interface
Asset management and maintenance
IT team talent and management strength
IT spend history and planned budgets

Sellers often provide a wealth of information in the VDRs that can be confirmed with on-site inspections, systems demos, and interviews with IT management. In some cases, supplemental data requests are required to complete the assessment.

Material scalability concerns may then require a deep dive into potential post-close IT development programs. Such costs, resourcing, and project timetables are likely to impact final deal terms.

IT due diligence step 3: Risk assessment

While the scalability assessment may identify some IT risks impacting the viability of the buyer’s and Management team’s business growth plans and profitability targets, the risk assessment outlined here is targeted at flushing out those skeletons and any other surprises. We recommend examination of:

Business continuity planning: What are the backup and recovery arrangements and procedures in the case of unplanned outages and disasters?

Application and environment stability: Are there issues related to unplanned downtime, processing speeds, latency, bugs, and frequent and unreliable software and hardware patches?

Application and environment support: Is the software and hardware under a manufacturer or third-party support agreement, or out of support? Are there resources available in the market skilled in the languages, technologies and architectures used? Are industry standard, open-source or proprietary technologies deployed?

Third-party lock-ins, ownership and other dependencies: Could system performance or functionality be restricted or curtailed if a provider goes bankrupt, pulls service, or refuses to renew a maintenance agreement? Are any third-party IT providers at risk?

Security: Have there been any prior security breaches? Is confidential data adequately protected? Are industry standard security protocols, virus protection, and intrusion monitoring services in place?

Asset management: Are the IT assets properly maintained and aged? Are asset upgrades or replacements overdue?

IT staff stability: Will an unplanned departure of an IT resource put support or future development at risk?

For many industries, information technology is becoming increasingly central to enabling the target company’s growth strategies and creating competitive advantage. Taking a value creation approach to M&A IT due diligence ensures that the company’s IT capabilities are fully vetted and properly valued.

* * * * *

Dave Frentzel is a Partner at New Harbor Consultants. Dave brings 25 years of management consulting and hands-on executive leadership experience to improve business outcomes. Prior to joining New Harbor, he held various senior management positions in industry, consulting, and information technology companies. Dave has extensive global management expertise having spent more than ten years living and working internationally helping companies with their global go-to-market, organizational, sourcing, manufacturing and supply chain strategies and operations.