Business Magazine

IT Due Diligence: Mitigating Risk and Reducing Cost of Mergers & Acquisitions

Posted on the 17 December 2014 by Litcom

Merger & Acquisition Due Diligence LitcomMergers & Acquisitions (M&As) are among the most challenging undertakings in business.   Administering the IT integration risk associated with a merger has become a major component in determining the ultimate success or failure of M&As. Expectations concerning cost savings and economies of scale often focus on IT.  In fact, IT plays a critical role in determining how effectively the merged organization is able to integrate processes and people, as well as deliver products and services to internal and external customers.

How does one comprehend the expenditure and IT risk associated with an M&A and possible regulatory or software compliance issues? The answer is IT due diligence.

What is IT due diligence?

IT due diligence serves to evaluate:

  • An organization’s current state of technology;
  • Issues linked to sustaining its current technology;
  • Financial consequences of a technology plan;
  • Opportunities for leveraging existing technologies;
  • Initiatives essential to undergo a successful merger and
  • Business risks.
The IT Assessment

The IT due diligence process commences with an IT assessment report that supplements the work performed by financial, legal, and operational analysts.  The IT assessment analyzes risk and affords bench-marking information, facilitating a more informed decision.

The assessment report should contain:

  • Architecture analysis
  • Infrastructure analysis
  • Applications analysis
  • Security risk analysis
  • Service support analysis
  • Information asset analysis
  • System criticality
  • Organization overview
  • Threat, vulnerability and impact analysis
  • Operating expense analysis
  • Capital expense analysis
  • Executive presentation Benchmark comparison

It is important to know, too, that thoroughly assessing IT issues necessitates specialized experience. Thus, look for IT consulting firms who have performed numerous assessments and who are technology-focused. For example, at Litcom, we have developed a comprehensive IT Due Diligence Program leveraging our detailed IT Assessment methodology. As part of our IT Due Diligence process, we address our client’s requirements to understand an acquisition target’s IT environment. We will review existing IT strategies, planned initiatives and commitments, a full breakdown of all direct and indirect IT costs, the current IT organization structure and resource skills, the technology infrastructure platform and environments, the application portfolio and any exposure to vendor / third party obligations.

Security risk assessment

As a complement to the IT assessment report, a security risk analysis will afford a comprehensive evaluation of threats, vulnerabilities and impacts.  The objective is to understand the following:

1. What is the important data?
2. Where does the data reside (systems)?
3. How is it protected?

Security vulnerabilities are amid the most overlooked problem areas revealed in the due diligence process. Medium to smaller sized organizations often don’t realize how much authority and access some of their IT personnel may have – access that could empower them to create considerable problems for the organization.  Such vulnerabilities can subject the organization to lawsuits if not properly dealt with.

Malware embedded deeply within various software systems can also present a severe threat. In many instances, even organizations with suitable anti-virus software have it configured incorrectly, permitting malware to penetrate the company’s systems. The likelihood for such malware to steal credit card numbers, human resources data, intellectual property, passwords and more is substantial.

Disaster prevention and recovery should also be dealt with. Does your organization have a suitable backup plan to make certain it can recover critical data quickly enough to sustain operations? The cost of attending to these issues areas should be factored into the total cost of ownership from the very start.

Lastly, a compliance dashboard should be afforded to capture the compliance status of the IT organization for applicable regulatory requirements such as SOX (or bill 198), HIPAA (or PIPEDA), SAS 70, etc.

The Litcom Approach

Litcom is an independent source for IT due diligence. We have broad knowledge and experience in all aspects of IT management. Our association with leading industry research firms gives us practical data for benchmarking the target company’s IT spending and preparing a useful economic analysis. Our structured methodology allows us to deliver an assessment within short deadlines and our strict independence from technology vendors gives us an unbiased perspective that is essential for due diligence. Please contact us for additional information at: [email protected].

Find out more about Litcom services

Contact Us

Stay Connected

265 Rimrock Rd., Suite 202
Toronto, Ontario M3J 3C6
phone: 905 763 8900
fax: 905 763 8233
email: [email protected]

Recent Posts

  • IT Due Diligence: Mitigating Risk and Reducing cost of Mergers & Acquisitions
  • Establishing IT Governance: An eight step process
  • How to Establish a PMO Implementation Plan

Reference Links

IT Assessments


Back to Featured Articles on Logo Paperblog
See the original article
Report spam/abuse

About the author


Litcom 275 shares View profile
View Blog

The Author's profile is not complete. The Author's profile is not complete.

Author's Latest Articles

See more

Magazine