Investors often overlook IT due diligence when assessing a target company for acquisition. While it is true that the IT function represents a relatively small portion of most companies’ overall enterprise value, overlooking IT due diligence can be a costly mistake. This is because the IT function is often critical to the company’s ability to generate revenue and profit. Furthermore, many problems that can arise from an acquisition are due to integration Issues – in particular, problems with integrating the target company’s IT systems with the acquirer’s IT systems. Therefore, performing IT due diligence is essential to the M&A process.This blog post will provide an overview of 20+ red flags investors should look for when performing IT due diligence on a target company.
IT Due Diligence Red Flags related to the Team
Lack of investment in personal development is prevalent in the technology industry. This is obvious when we assess teams during IT Due Diligence. Hence the diligence exercise can help uncover areas that need investment.
The challenge compounds when money is injected into the team because there’s a need to parachute experienced people in to turn around and develop the tech environment.
1. Misalignment within the leadership team
The most destructive “people” red flag is when the team isn’t aligned. It is obvious to focus on the roadmap and strategy, but it is also essential to ensure the team is aligned when evaluating an organisation.
There are numerous real-life examples where the CTO’s vision opposes the lead technical team’s view. Or more disturbing is when the strategy misalignment is so severe that it’s impossible to work out what the company does – to the point no one can explain what they do.
In addition to ensuring the tech team are in alignment, it’s also essential to speak to the commercial Team to check complete alignment. For example, asking the commercial Team to submit a recent recording of a sales meeting can be useful. This way, it is possible to assess if the tech team is aligned with the commercial offering / or how the commercial offering is presented.
This action, admittedly, appears more like a commercial due diligence task, but I promise it’s well worth the tech advisors undertaking this on behalf of the investor.
Senior technology staff are articulate and able to run circles around most people as they describe the intricacies of their beloved technology solution. But these presentations could be avoidance – long-winded monologues to keep us from digging deeper into what’s happening.
I recall meeting a CTO in Amsterdam for a leading-edge Fintech product. The one word I could use was “slick” and full of “founder magic”. I don’t think anyone could resist his passion and narrative (good storytelling Is important, even in tech).
But some things didn’t feel right. When we dug deeper into the product, bespoke engineering was uncovered that could be replaced with off-the-shelf solutions, and the hosting costs through a small provider were spiralling.
The investment was contingent upon the hosting concerns being addressed, and plans were made to reduce the bespoke engineering efforts.
3. Poor internal communication
An easy way to judge a team’s/business culture is the quality of the input (meetings, written and oral comms) and the output (precisely how much work is completed).
Communication issues need ironing out before pouring money in. For example, a recent assessment of a team uncovered a divide between ‘old’ and ‘new’ thinking. The division created a noticeable impact on the working environment and was significantly impacting productivity.
4. People in the wrong seats
In some situations, poor return on investment is due to people being in the wrong seats. Some CTOs prefer being ‘hands-on’ and are unwilling to let go of control. Which means less strategic and commercial evolution of the tech offering.
A recent example was assessing a firm that had not fully recovered from the pandemic. The CTO decided to build a new internal system rather than focus on the team who needed clear leadership.
5. Lone rangers
We celebrate the famous technology ‘mavericks’. Most of the big names in the industry appear to be mavericks. But in real life, these people can be challenging to work with. Often it’s not until they’ve left that you realise the impact they were making on the business. For example, a senior product expert was found to dominate all meetings and thinking, which obviously impacted the team’s performance and employee engagement. Worst still, their product was confusing to use.
Finding and identifying these lone rangers can only happen if we are provided access to the team. Which does not frequently happen. So we rely on the CTO’s perspective, and in this situation, we can help the leadership consider the immediate reports.
6. Un-co-operative Staff
By “un-cooperative”, I mean people who prevent access to systems or those that prevent change.
Of the two, the obstructive people are probably the most common people we encounter. They don’t want you to look at their systems and use many delaying tactics to prevent you from getting the information you need. Do they want investment or not?
The second type is more about staff being uncooperative with each other over long periods. A few businesses we’ve worked with have been founder-managed-developer-led. The actual “architect” of the products is the founder. Over time, they’ve hired additional staff to increase their productivity, but they find it difficult to let go of hands-on tasks. In one case, the founder had someone waiting under their wings for 14 years until they finally gave them the freedom and access to make their own decisions.
7.No mention of the customer.
If the customer is not in the middle of the technology strategy, it’s a big red flag. If, during IT Due Diligence interviews, we discover the customers’ needs have not been considered during the evolution of the product or, worse still, customer feedback is disregarded, we conclude that technology is developed in a bubble.
In one of the most extreme instances we have seen, a target launched a new software product, and the pilot customer’s reaction was to (literally) cry. Not tears of joy but those of concern. Because the end users could see how it would negatively impact their income.
Put the customer in the middle of the technology strategy.
IT Due Diligence Red Flags related to Technology
1. Roadmap Concerns
Is there a strategic roadmap in place, and is there evidence that the Team is working towards that roadmap?
If the answer is ‘no’ to one or both of these, that’s a major issue as it will be difficult to understand the tech team’s activities, spending and plans. Surprisingly this is one of the most common issues we see. Teams often need assistance to get their plans in order and verified against the business growth plan.
2. Lack of Focus
Focus can be an interesting problem, as it is so easy to be tempted to change tech products to fit different markets. The impact of such a decision will not transpire until the team experiences issues keeping up with customer requests or maybe even an issue with the pipeline due to confusing and conflicting initiatives.For example, a company has developed an Enterprise product which has shown early interest. And during the IT Due Diligence interviews, it transpires they are working on a smaller, lighter version for SMB.
To those involved, this is a natural progression as it’s re-using the code base and opening to another market. But we would warn::
- There may be a dangerous assumption that it is easy to serve different markets
- Additional maintenance concern
- Different markets require different approaches to marketing.
It might be better for the firm to focus on marketing, sales and customer service rather than new products.
3. Internal technology needs investment
It’s common to find firms with great SaaS software environments but poor internal technology. This makes sense as they focus on the revenue-generating and unique aspects of the firm’s offerings.
But, sometimes, the internal back-office IT environment is seriously under-managed and needs attention and investment to help protect the firm’s IP.
If the firm is a bolt-on acquisition, this red flag is even more concerning as it could impact the cyber-security protection for the entire group.
4. Legacy bespoke components
Some firms are running their software/platforms using homemade components that are no longer viable. The sorts of issues to look out for include:
- Proprietary tech that was reasonable to build historically, but there are off-the-shelf equivalents today.
- Proprietary security technology has been created, when the firm is not a security specialist.
- Bespoke internal tools that have taken years to develop. To unpick or recreate would take a significant investment.
- Or lastly, bespoke/hidden project management tools associated with the business operation. Do these tools add value, or is there an off-the-shelf equivalent that would allow a more practical focus on the Team?
We have met teams that have simply not updated the software and updated the security patching for over a decade.
5. Overloaded systems
Considering significant business growth, we need to predict if systems or processes will be overloaded. If the systems are near capacity today, that’s probably already known within the team. This sits squarely under the ‘Is it scalable?’ question.
But we tend to find that a small, discreet part of the system is overloaded (such as logging in to a system or searching for data). But this type of challenge is evident to the user and creates a poor experience.
6. Technical Debt
What will the investor be liable for after the deal completes? The investor wants to know what financial risks there are in the environment. This can be uncovered by looking at the technology architecture and platform alongside any vendor agreements the target has in place.
How much of an investor’s money will go towards fixing issues or maintaining systems (versus real innovation?)
7. Cloud Costs sprawling
As more systems move to the cloud and they are maturing, more “cloud sprawl” will occur.
Cloud sprawl is the uncontrolled proliferation of an organisation’s cloud instances or cloud presence. For example, a review of several digital acquisitions for a firm identified £700k pa of savings. These savings were due to misconfigured cloud environments, lack of internal experience (as contractors built the cloud systems and left the business) and use of IAAS when PAAS is a better and viable option.
IT Due Diligence Red Flags related to Operations
1. Lack of financial control
Financial DD will pick this up, there are so many concerns that may appear, but the most common are:
- Uncontrolled IT spending
- Flat IT Budget
You can find out more in this post:
2. Lack of data
The inability to surface critical data about the company or customers is a serious concern. In many cases, the data is stored but unavailable for meaningful consumption.
Leaders cannot tell you when contracts or customers will be renewed, meaning forecasting opportunities become almost impossible. This puts the company at a competitive disadvantage because they lack access to key financial metrics such as revenue growth rates on its investments.
3. Too much going on
Simply put, if projects are not being closed, then it’s a red flag. The challenge is that many firms operate technology projects using a waterfall and agile processes simultaneously. So identifying “closure” can be challenging, as something continuously updated has no “end”.
So the Team is failing to close down projects. What’s next? Consider hiring / bringing in some expert help:
Noting the product/engineering team ratio is also worth considering, as teams often organically build new products to compete with their nearest competitors. We’ve witnessed 50+ products managed by < 20 people on small acquisitions.
4. Lack of change management
Uncontrolled change can cause issues. In one IT Due Diligence meeting, the CTO updated the code and pushed it to production whilst we were speaking. He hadn’t notified his team or customers (internal to the business). Not to judge what that person was doing – as it worked to grow their business, but usually, more governance is needed following deal completion.
5. Immature starter/leaver processes.
The CTO should be ahead of this. No one should be able to access systems if they leave the firm. And new joiner’s experience should be smooth and reflect the culture. of the team.
6. Unable to state the active number of customers
If tech leadership cannot express their number of customers / or refer to the correct information, it might indicate other issues. For example, will the firm have capacity issues in the future?
7. Manual Processes
Is the team upfront about the percentage of manual effort needed to support or onboard a customer? Have they monetised the manual tasks, and if so, what percentage of revenue is from professional services?
In rare cases, manual work is unavoidable, and if the business is scaled, it won’t be easy to hire and maintain a much larger team.
Performing due diligence on a target company’s IT infrastructure and software is critical to the M&A process.
Investors should look for red flags indicating problems with the company’s IT systems, including outdated technology, lack of standardisation, and data quality issues. By addressing these issues early on in the process, investors can avoid costly mistakes down the road.
Beyond M&A offer a sober and pragmatic analysis of these considerations with 15+ years of experience in tech M&A.