Technical Due Diligence for Investors

The due diligence process can be a challenge. Looking under the covers at the finance, operations, talent and assets of any company is no small task. Once you add technology into the mix it creates a concoction which can give unexpected results.

What are the things you’re looking for when performing technology due diligence on a business?
Intellectual Property (IP), Talent, Security and Costs

First we need to assess the IP that is in service, actively under development, as well as IP that is unused.

Unused IP is usually sitting on code repositories hopefully in one place, but sometimes scattered around the business. I start with exploring code repositories first, because browsing unused IP tells us so much about the business. It’s like the rings of bark on a tree stump. We can see how the environment of the business has changed over time for better or worse, and get a much better understanding of the real trajectory of the business. An interesting insight that comes from exploring unused IP, is the relationship of the historic IP and the current culture of the technology teams in the business. Why? Would the current team deliver better or worse solutions than what is found there? That is, are the talented people coming into the business or leaving it?

How long has active development been under way? Is it in production and under development or is there a legacy system to be replaced? When we see legacies being replaced, we need to know if there a culture bridge between old and new technology. Often we see a culture divide emerge between the ‘old guys’ and the ‘new guys’ which can tear apart delivery teams. Further to this, if the new technology is a radical move from old you know you have redundancy costs on the horizon and more disruption to the culture.


You might also like The Dealmaker’s Guide To Tech Risk
Four questions that reveal insights into any software business that mitigate your risk.

Especially in private equity deals where businesses are not startups, there needs to an understanding of the impact of new technology that is currently in development and the cultural appetite for change. Ability of current infrastructure to cope with that new technology is also an issue. Ability of infrastructure teams and their environments to deal with the radical platform change comes at a cost. Even if the new technology will eventually save the business money, there is a double up on costs during that ramp up into production. Again, without the right culture, you have costs skilling up the infrastructure team on the horizon as well as the costs of deployment.

What about the systems currently in service? Are they part of the ongoing development or running in spite of it? This contrast in IP and skills should show you a lot about the culture and capability of the business. How long are the successful systems in service and how long have new solutions being developed to replace them? As much as people want to tell you about technology changing, great system architectures actually do last the test of time. The great ones allow for growth, updating, adaptation and business agility for a decade or more without being thrown out and started again.

We can assess IP with a view to current team capabilities and contrast that with the ambitions of the organisation. Looking at what is currently under development and plans for scale are there gaps in the capability of the talent to support that vision. Capability gaps like this are not impossible to solve with the right underlying culture, however driving an team unprepared to deal with a new technology or hyper-growth is like watching executive leadership enter the Formula 1 with a Toyota Corolla. Do we see amazing architecture with mediocre talent? Do we see mediocre architecture with amazing talent? Either way we can immediately understand the trajectory of the IP and the business.

We were brought into a project that was being funded by a financial institution. The founder of the business being acquired was undeniably an expert in his field and had experience in working with technology teams to deliver his vision. Our review of the code and interviews with the development team showed us a team unprepared to handle the complexity of the code. How did this happen? Turned out his ‘most senior guy’ up and left – leaving him with complex, highly customised low-level code that the rest of the team were struggling to understand or maintain. At that point we knew the trajectory of the business and were able to help the financial institution get the people and processes in place to save their investment.

With regards to security, while this is a complex subject, it is essential not to ignore. Understand the culture and capabilities within the organisation and you understand a potentially huge risk to the business. Security assessment needs to be multi-layered; it should include infrastructure configuration, bespoke code currently in production environments, and skills and process reviews. This approach catches the most common problem of paranoid information technology (IT) staff and oblivious software developers creating a vulnerable organisation with the facade of security.

You might be wondering where costs come into all of this. IP and talent makes sense, but cost?

This final stage of assessment is looking for root-cause on technology related decision-making. By understanding what projects are under development, what infrastructure is being amortised, what technology contracts are binding the business we get to understand the culture of executive leadership and the financial and technological legacy of the business. This starts to inform what the size and direction of the ship is we’re dealing with and how hard it will be to steer it. Sometimes what looks like a speedboat from the outside turns out to be more of a Suezmax oil tanker.

In conclusion, understanding technology aspects of a business tells you a lot about where it has been and more importantly, where its going. Picking apart the costs, the IP, and capabilities gives deep visibility and insights. This approach should be seen as an essential risk mitigation strategy during the due diligence process.


You might also like The Dealmaker’s Guide To Tech Risk
Four questions that reveal insights into any software business that mitigate your risk.

thinking.studio

Level 25, 88 Phillip Street
Sydney
NSW 2000
Australia

+61 2 8024 5975
[email protected]

©2003-2018 Pixolut Pty Ltd trading as Thinking.Studio
All Rights Reserved