Mitigating Risk and Reducing Cost of Mergers & Acquisitions – the Importance of IT Due Diligence

How does one comprehend the expenditure and IT risk associated with an M&A and possible regulatory or software compliance issues? The answer is IT due diligence.

What is IT due diligence?

IT due diligence serves to evaluate:

An organization’s current state of technology;

Issues linked to sustaining its current technology;

Financial consequences of a technology plan;

Opportunities for leveraging existing technologies;

Initiatives essential to undergo a successful merger and

Business risks.

The IT Assessment

The IT due diligence process commences with an IT assessment report that supplements the work performed by financial, legal, and operational analysts.  The IT assessment analyzes risk and affords bench-marking information, facilitating a more informed decision.  The assessment report should contain:

Architecture analysis

Infrastructure analysis

Applications analysis

Security risk analysis

Service support analysis

Information asset analysis

System criticality

Organization overview

Threat, vulnerability and impact analysis

Operating expense analysis

Capital expense analysis

Executive presentation Benchmark comparison

Security risk assessment

As a complement to the IT assessment report, a security risk analysis will afford a comprehensive evaluation of threats, vulnerabilities and impacts.  The objective is to understand the following:

1.   What is the important data?
2.   Where does the data reside (systems)?
3.   How is it protected?

Security vulnerabilities are amid the most overlooked problem areas revealed in the due diligence process. Medium to smaller sized organizations often don’t realize how much authority and access some of their IT personnel may have – access that could empower them to create considerable problems for the organization.  Such vulnerabilities can subject the organization to lawsuits if not properly dealt with.

Malware embedded deeply within various software systems can also present a severe threat. In many instances, even organizations with suitable anti-virus software have it configured incorrectly, permitting malware to penetrate the company’s systems. The likelihood for such malware to steal credit card numbers, human resources data, intellectual property, passwords and more is substantial.

Disaster prevention and recovery should also be dealt with. Does your organization have a suitable backup plan to make certain it can recover critical data quickly enough to sustain operations? The cost of attending to these issue areas should be factored into the total cost of ownership from the very start.

Lastly, a compliance dashboard should be afforded to capture the compliance status of the IT organization for applicable regulatory requirements such as SOX (or bill 198), HIPAA (or PIPEDA), SAS 70, etc.

The Litcom approach

Litcom is an independent source for IT due diligence. We have broad knowledge and experience in all aspects of IT management. Our association with leading industry research firms gives us practical data for benchmarking the target company’s IT spending and preparing a useful economic analysis. Our structured methodology allows us to deliver an assessment within short deadlines and our strict independence from technology vendors gives us an unbiased perspective that is essential for due diligence. Please contact us for additional information at: [email protected].

CONDUCTING AN IT ASSESSMENT

Improve technology ROI and align investments with your overall business strategy.

LEARN MORE

The IT Due Diligence Process – The benefit behind an IT assessment

The IT due diligence process commences with an IT assessment report that supplements the work performed by financial, legal, and operational analysts.  The IT assessment analyzes risk and affords bench-marking information, facilitating a more informed decision. For more information, download our IT assessment guide or contact us at [email protected].