When it comes to technology due diligence, the core of our job is simple: assess the past to predict the future.
That’s not to say it’s easy—there are many moving parts. At Beyond M&A, we triangulate across a range of areas (as shown in the diagram below) to form a clear, data-backed opinion. Ultimately, you’re paying for our professional judgement—rooted in evidence but sharpened by experience.
Of course, there are always unknowns beyond our control that can affect outcomes post-deal. But our aim is to give investors the most informed and comprehensive view possible at the point of decision.
So—should management “roll your own”?
One of the recurring red flags we encounter in diligence is the temptation for tech teams to “roll their own” systems—either intentionally or out of historical necessity.
Here are some key areas where this happens:
1. Authentication
Probably the most common DIY pitfall. Many teams create their own login and user authentication systems. It works well enough under private ownership, but from an investor’s lens, it’s a risk.
Security best practices evolve constantly. If the login system isn’t built to modern standards (and tested continuously), it’s an open invitation for cyber risk. Since this is the front door to your customers’ data, we always give it scrutiny.
2. Frameworks
Occasionally, teams build entire development frameworks—a sort of in-house foundation for writing software. While it can be powerful, we need to understand:
- Who else uses it (if anyone)?
- Is the current team familiar with it in depth?
- Is the original creator still around or maintainable?
The more bespoke, the higher the learning curve and the more likely it is to pose long-term cybersecurity and maintainability concerns.
3. Business Management Systems
We’ve seen plenty of firms—especially in manufacturing, logistics, and other process-heavy sectors—create their own “quote-to-order-to-cash” workflows.
Why? It’s often cheaper than implementing a large-scale ERP solution, especially in the early days.
But in diligence, we ask:
- Was it built to scale as SaaS?
- Is there a team behind it who can maintain it?
- Can this evolve under institutional ownership?
It may be efficient under founder control, but that doesn’t mean it’s investment-grade.
4. Entire Product Suites
This one stands out: a global SaaS company we reviewed had developed 72 internal tools, from CRM to Helpdesk and more. Why? Because these tools didn’t exist (or weren’t suitable) at the time they started up, and they had the developer firepower to do it themselves.
While that may have worked back then, each internal product adds ongoing maintenance, security, compliance, and cost. We often find the argument that “we might productise this one day” – but the question is: why haven’t you already?
Investor Preference: Off-the-Shelf (COTS)
Most Private Equity investors prefer off-the-shelf (Commercial Off-The-Shelf – COTS) software for a simple reason: it’s battle-tested, secure, and enables teams to focus on business value—not basic infrastructure.
When tech leaders lean too hard into custom solutions, it’s often more a reflection of their DNA than strategic necessity. And to be honest, I get it. When I was hands-on, I did exactly the same—build it myself, save money, ship faster.
But SaaS today is more than just product. There’s data privacy, security, regulatory, compliance—none of which are front-of-mind when coding your own tool in a rush.
Final Thoughts: It’s Not Black and White
There shouldn’t be a blanket rule on “off-the-shelf vs bespoke.” Some of the most optimised, high-performing firms we’ve assessed have built their own stack—and done it brilliantly.
But they are the exception, not the rule.
We’re not here to penalise creativity. We’re here to understand what’s working, what’s not, and whether the tech investment is creating the value you expect. That’s the goal of diligence: helping you see clearly before you invest. If a firm ‘fails’ from a tech perspective, there’s always an opportunity to coach them so they become a more suitable investment.
