IT Due Diligence: How To Enhance Your Approach

IT Due Diligence: How To Enhance Your Approach

I recently read the 2016 Edition of the IT Due Diligence Guide by Jim Hoffman. It’s a valuable reference for anyone involved in mergers and acquisitions. Certainly, an acquirer who does not have a well-established process will benefit. However, I believe even experienced acquirers will find it a useful source of ideas to enhance their own approach. And it’s a great resource for sellers, who will benefit from an exhaustive understanding of the spectrum of questions they will need to address during diligence. Hoffman has 25 years of technology experience, including participating in numerous transactions from both the buy- and sell-side. Reading between the lines, he’s a very organized guy who probably kept great notes over the years.

Technical Aspects of IT Due Diligence

The book focuses on the technical aspects of due diligence, and also covers all areas to explore when assessing a company’s technology. These include: staff, products, processes, quality, infrastructure, security and a dozen or so other areas. It begins with an overview of the acquisition process and how due diligence works, which is particularly valuable for an organization not experienced in M&A. Chapters dedicated to each of the specified areas follows the overview.

A Recipe for Successful Due Diligence

Hoffman clearly designed this guide for practical use. You could literally use it as a recipe for a successful diligence. The best example is the chapter structure. The chapter for each area of diligence is organized in series of information requests. An icon highlights each request, indicating its criticality, followed by a description and an explanation of “Why This Is Important.” Hoffman also flags items to handle face to face during a site visit. As an example, the chapter called Software and Services Utilized outlines requests for lists, among other things requests for open source components used by the company (classified as a Critical Request, by the way):
A list of any open source projects utilized by the company, including the name and URL of the open source project, version, company products or services associated with license, reason used and the open source license under which the project is distributed."
It goes on to explain the potential security and license risks associated with open source. Each chapter provides this kind of detail for a particular area of diligence. The importance of an open source audit is detailed in an appendix titled Recommended Third Party Audits. You know who to talk to if you want to take Hoffman’s advice on that one.

Due Diligence Guides, Checklists, Forms and More

This IT Due Diligence Guide is available on a dedicated website https://www.itduediligenceguide.com. The Guide comes in a zip file accompanied by a useful set of templates. These comprise the Guide (PDF) and Excel checklists for many of the due diligence areas. It also includes Word documents, including a comprehensive checklist to manage the overall process, a detailed report form and a template for integration planning. As a Black Duck blog reader, you qualify for 25% off with this (easy to remember) discount code: BLACKDUCK. Having been involved in M&A myself, give me half a day and I could assemble a decent due diligence check list. But I wouldn’t; I’d start with the Due Diligence Guide.

Request a Custom Code Analysis

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Diving Deep into Wild & Wacky Open Source Licenses

| Sep 5, 2017

Copyleft terms seemed pretty strange to many seasoned attorneys familiar with commercial software licenses when they first encountered the GPL, but it is far from the weirdest license out there. The GPL-2.0 remains the most popular license and the choice for millions of open source components

| MORE >

The Quietly Accelerating Adoption of the AGPL

| Aug 14, 2017

The AGPL (Affero General Public License) has continued to gain in popularity and is showing up frequently in modern code bases. My blog Are SaaS Companies Immune to Open Source Risk? mentioned a key concern for SaaS or Cloud companies, a class of open source licenses that includes the Affero GPL

| MORE >

Can Blockchain and the BTC License Fund Health Insurance?

| Jul 26, 2017

The BTC license hit my radar screen recently. Billed as “sexy” by the author, the permissive BTC license employs Blockchain and may signal a new trend going forward that could transform the way many developers work... and how they get their health insurance. Background I chair the Linux

| MORE >