IT Due Diligence – How To Part 1
When you think due diligence you probably think of accountants going through the books, verifying sales and bank balances, checking for legal issues and pretty much everything but IT. But IT due diligence is just as important to a successful acquisition or merger. Even when the company is not in the IT sector itself.
And at some point as IT Manager or Head of IT you may be asked to assist with the due diligence process.
If you think the IT side of things is not important, think again. I personally have been involved in uncovering £150,000 worth of additional IT costs. This was due to a number of factors:
- Old kit not up to the job needing immediate replacement.
- A number of large contracts due for renewal just after the proposed sale date.
- Hardly any legal software anywhere in the building.
The above is the tip of the iceberg when it comes to getting IT due diligence right. If your due diligence work is comprehensive it can also help after the acquisition or merger. Integrating disparate systems and processes will be a lot easier if your IT due diligence is complete.
So let’s dig a little deeper. What do we need to cover?
Hardware would seem like a simple first step. How many desktops do they have? How many servers? What is the current value? To ensure you’re able to get all the figures you need you’ll need to inventory everything.
- Desktops, laptops, tablets.
- Servers and backup devices.
- SAN, NAS and other storage devices.
- Mobile phones, desk phones.
- Internal network devicess.
Your inventory should cover manufacturer and model, current value, replacement timescale. And don’t forget to list who owns it. It could be leased. Also a risk factor. Is there some specialist piece of kit or end of life device the organisation relies on?
Capacity and scalability? Will the network or storage be needing an upgrade anytime soon. Are systems already struggling. How many of those desktops are really up to the job.
Hot on the heels of Hardware comes software. This doesn’t just cover what they have but what they should have. For instance if your company policy includes an Antivirus application on every device, do they have the same? Maybe they don’t have any antivirus software, so that’s an immediate cost.
Again, we need an inventory of the software.
- Operating systems.
- Office software (Word processor, spreadsheet etc).
- Bespoke / custom software.
- CRM systems.
- ERP systems.
- Payroll software.
- Accounting software.
- Open Source applications.
- Anti-virus software.
- Email software.
Your software inventory should list the vendor and application name, version, upgrade and support costs. Anything out of date should be flagged as requiring upgrades and the costs. Remember, you are looking for costs to help reduce the purchase price of the other company. And to plan for what you will need to put in the budget for the next few years.
Make sure you understand all the software license agreements. Is the software transferable? What are the restrictions on its use? Is the company following the license agreement at the moment?
Again are there risks to any software in use? Is the vendor still in business? Is that critical piece of software abandonware?
Infrastructure and Communications
For our purpose this section covers the internal network, internet and phone systems. As with the previous sections, the inventory is our friend. It may not be fun and it may not be sexy, but it’s what you need.
- Network diagram of internal network and WANS.
- Internet Provider and contracts for all offices and interconnects.
- Details of the phone systems and support contracts.
- Details of any unplanned downtime (and planned) for the above.
And once again, we want to know capacity and scalability. Is the internet line fast enough or does it keep staff waiting? What are the costs for upgrades? Will an upgrade need a bigger pipe, or bigger router? If we merge will THAT increase line usage as communications between the business increase? Is there a backup line? Do we need one?
Not to be confused with the previous section. Here we are looking at SAAS, IAAS, hosting, AWS, Azure etc. What do you mean more stuff to inventory? You could make it into a fun game …. I’ve no idea how. But if you can think of how let me know ;-).
With Cloud services, your life is in their hands. The remote nature of SAAS means that you have little control over the service provision. Reliability and trustworthiness are big factors here.
At a minimum, your cloud services inventory should cover the following.
- Websites and eCommerce sites.
- Domain names and renewal dates.
- SAAS monthly charges – Salesforce, Office 365 etc.
- Cloud Backup services.
- Email Services
- Storage provider – Dropbox, Onedrive, Googledrive.
Cloud services are a critical component of many of today’s businesses. You need to understand how reliant the business is on these services. If the website is down will you loose sales (think additional cost for implementing high availability)? If an SAAS vendor is offline, how will this affect the business? How much control do you have when needed? Can you restore backups from the cloud vendor yourself or do you have to raise a ticket? Do you own the domain names? Does the marketing company manage them for you?
Just because a service is in the cloud does not mean it’s reliable. We need to consider the Disaster Recover and Business Continuity plans to survive outages.
To Be Continued
OK, I think that’s a good place to pause for now. There’s a lot to take in and think about so we’ll continue this in our next post.
Next time we’ll cover security, disaster recovery, staff and policies and procedures.