When your company merges with or takes over another one, it’s important to conduct IT due diligence, which helps you identify any holes in your IT resources and allows you to fix them before they become a more expensive problem. The process can often be cumbersome, but it’s certainly worth the effort. The following checklist can help you understand what to expect from an IT due diligence procedure, but be sure to enlist the help of an IT strategy consultant for additional support.
The Purpose of Due Diligence
Conducting IT due diligence helps your company fully understand the IT infrastructure of the company you’ll be acquiring or merging with and whether any changes will be necessary to ensure that both companies can work effectively together. To do this, you’ll need to visit their headquarters or local office, so be sure to collaborate with their team to have the most productive meeting possible. The visit should include a check on hardware, software, Internet and telecom systems, cyber and network security, customer support systems, IT support staff, and company products and services.
When reviewing hardware, it’s important to get information about what hardware exists on site, whether the company owns or leases it, and how much it is worth. Take down manufacturer and model number information as well. This can help you properly insure items and repair or replace them as quickly as possible if necessary. The following company owned or leased items should be inventoried: desktops, laptops, tablets, mobile phones, desk phones, servers, storage devices, and mainframe computers.
Next, evaluate the company’s current software suite. Discuss what each program is used for, whether it needs to be renewed on a regular basis, and whether it’s compatible with existing software at your own company. You should make a note of the company’s security and anti-virus software, operating systems, email, CRMs, payroll programs, data management systems, software licensing agreements, databases, outsourced software development agreements, cloud systems and other storage management software, and open source software. If the company develops its own software, discuss its development processes and timelines.
Internet and Telecoms Systems
Examining Internet and telecom systems will help you understand how employees communicate and organize their computer systems. List the Internet provider and contracts in place, hosting environment, planned and unplanned network downtime over the course of the past year or other set period, and storage backup systems, and diagram the network setup and internal communication system. Ask about instant messaging platforms, such as Slack or Skype, that employees might use in lieu of email or phone.
Cyber and Network Security
Security is an essential network element and must be carefully evaluated as you merge companies. During such a busy process, it can be easy for security measures to fall short, and it’s important to understand and implement current or updated security features to avoid leaks. The following security procedures should be evaluated:
- Intruder detection programs
- Online payment security
- Data encryption programs
- Results of system vulnerability checks
- Information on previous security breaches, if any, and the remedies
- Cyber security insurance and certificates
- Staff security training programs
- Network firewall settings and maintenance
- Remote access software
- Employee background checks
- Acceptable use policies for software and hardware
- Remote working policy
- Information on non-employees with access to company data
- Log of hardware without virus software, if any
- Company password policy
- Plan for disaster recovery and security breaches
- Database record storage information
- Vendor updates
Customer Support Systems and IT Staff
By understanding the company’s customer support systems, you’ll have a better picture of how employees use IT to interact with their customer base. Consider how customers access technical support, what technical support is offered, frequently asked questions, and integration processes for new customers.
Similarly, take a look at IT support staff assigned to assist both customers and internal stakeholders. This can help you ensure that your department is properly staffed, with no duplicated or missing roles. Ask for a list of the IT personnel and their individual roles and responsibilities, confidentiality and intellectual property agreements for staff, training programs, a list of vacancies to fill, a list of employees who have had access to source codes within the last three years, and a chart showing IT department organization.
Company Products and Services
Finally, identify all products that have been created for internal or external use and who has access to these products. This allows you to learn about who owns the software and who is involved it its creation and development. In this category, identify software that has been sold, software for which the company is still responsible, products in development, industry certification, and developed software for which the source code no longer exists. It may also be helpful to ge a demonstration of all software.
Working with an IT Consultant
Conducting thorough IT due diligence can be an extensive, detailed process, and working with a professional IT strategy consultant like those at Hartman Executive Advisors can help you navigate it all quickly and effectively. Hartman works alongside C-suite executives at middle market organizations to create high-quality financial, regulatory, and leadership processes that strengthen your business through top of the line IT support. Speak to Hartman Executive Advisors for more information about how the company’s approach to IT due diligence can help you successfully complete your latest merger or acquisition.