TAC The Advisory Council Expertise-as-a-Service Has Arrived
Home Services & Products Events & Workshops Results Our Experts About Us FAQ Contact TAC News

Question: What criteria should be included in the due-diligence assessment of IT at an acquisition candidate?

Our advice: The objectives of any due-diligence assessment of IT are fivefold:

  • Understand the acquired company's current technology status, including organization, hardware, systems software, applications software, and level of automation.
  • Identify any issues related to the acquired company's ability to maintain its current technology and to meet its business plan.
  • Assess financial implications of the acquired company's technology plans.
  • Identify opportunities for leveraging the technologies of the acquired company's operations.
  • Identify immediate transition initiatives necessary to accomplish a successful merger of the acquired company's technologies.

In performing a due-diligence assessment of the IT department, an active template is a useful guide in the discovery process. This template should begin with an overview of the IT department. What's the structure of the IT organization? What staff comprises the organization? Is staffing adequate or inadequate? Is there an up-to-date strategic technology plan? What's the current fiscal year budget and previous year's actual expenses? Are results of any recent systems audits available? What's the book value, depreciation, or lease and maintenance schedule for all IT assets? Does the firm have an up-to-date technology asset inventory?

Next, examine the data center and any networks that are in place. What are the locations of the data center(s)? What are the host computer(s), their make, model, and configuration? What's the host communications network like, including all communications processor(s), communications software, etc.? Is there statistical information available on uptime or reliability reports for the past 12 months and incident reporting or incident resolution for past 12 months? Concerning the communication network, what types of circuits are installed? What's the topology of the local-area network by location?

In the area of application software development, if such development is done at the company, obtain a list describing the programming development environment (by each system in place). See that the list includes all programming languages and development tools used and outlines the type of change-management or version controls in place. Are any current system enhancements in progress or are there any planned system enhancements? What's the state of documentation at the company? Is it ongoing or only by exception? Is there documentation on systems policies and procedures? Are operations policies and procedures in place for all major functional areas? Is there application-development documentation in place? Does it cover current standards and policies, project-management methodologies, documentation development, and ongoing support? Is there documentation covering training procedures?

Concerning any services provided by outside vendors, there should be a description of each service contracted for, its annual cost, contract terms, and remaining time on the contract. Obtain a copy of each contract and check for its associated service-level agreements. What are the mission-critical information systems supported by the outside vendors? What are the service providers' information-security policies? Are there reports or measurement tools for monitoring vendor performance? How adequate are the contingency plans of all vendors providing outside services? Has management ensured that the institution's contingency and business-resumption plans are compatible with and complement the service providers? Are any of these service providers located in a foreign country?

Finally, taking a look at the desktop and laptop environment, can the firm provide an inventory of all desktop and laptop hardware deployed? Is there an inventory of all installed software packages on each piece of hardware? Does custom software reside on the desktop or laptops? If so, is there an inventory of the custom developed software?

-- Stephen Rood


  • What does a CIO have to do to establish a leadership-development program for the IT organization?


  • How do I develop a information-technology plan when the company itself doesn't have a strategic plan?


  • What are the most productive tasks an IT leader can focus on?


  • After three years of downsizing and cost cutting, how do I motivate my management team and build a high-performance organization?


  • As the economy turns around, what IT skills will be most in demand this year?


  • How should we manage change in our IT infrastructure to minimize risk?


  • Several weeks ago, you wrote about when a project-management office makes business sense. What is the appropriate design for a PMO?


  • The economy seems to be picking up. Looking ahead, how do I retain good IT people in the face of an improving IT market while my budget remains under pressure?


  • What IT skills will be most in demand this year?


  • How do I objectively evaluate the readiness of my organization to support emerging business requirements?


  • What cultural and people factors are important to consider when building IT capabilities to support manufacturing factory and retail operations in China?


  • How could the Project Management Institute help us effectively manage real-life IT projects to ensure success?


  • How do we make our communications proactive, rather than only getting to them when there's a crisis?


  • What are the critical success factors to achieve and maintain strategic alignment?


  • How can we develop an enterprise architecture across disparate business units?


  • How can I develop a long-term information-technology plan when my company doesn't have a strategic plan?


  • What attributes and features should we consider when selecting IT asset-management software?


  • As an overworked IT manager, what can I do to reduce my workload while maintaining high availability and good security?


  • We're under management pressure to outsource application development and to cut staff, but I'd rather get more value from our existing staff, who know our business. How can I broaden their skills?


  • As business picks up, what should I do to rebuild my organization, tactical plan, and internal-management processes?


  • We have a strong team that I'd like to make stronger. How do I instill more leadership qualities and skills into my team?


  • What organizational structure would be most effective for information-security governance?


  • How can we achieve effective process ownership within our IT organization?


  • What organizational, people, and process issues should we consider when setting up a telecommuting program?


  • We've cut staff so much in the last four years that I'm wondering if I can afford (from a work perspective) to take vacation this summer. What can I do to reduce the chance of something unraveling catastrophically while I'm away?


  • A few weeks ago, writing about creating a vision statement, you said "seek expert facilitation to reach a vision supported by all." Where can we get this expertise?


  • We know that we could save money by consolidating servers currently scattered across business units. How should we address the political issues around getting the business units to give up their servers?


  • What level of IT spending is appropriate for a midsize to large financial organization?


  • How should we assess our IT organizational structure and processes?


  • How can we retain good IT people in the face of an improving IT job market?


  • How should we determine the appropriate network-support staffing level for a 10,000-node network?


  • What strategies are most successful in a "political" organization?


  • How can one reduce behaviors that are wasteful of IT resources?


  • How can we raise the IT knowledge of non-IT employees?


  • I'd like to establish a management mentoring program within my organization. How should I start?


  • How should we deal with the cultural and skill-set changes needed when moving from mainframe-based applications to client/server and Web-based applications?


  • We're considering setting up our own IT-abuse investigations group. What issues should we consider in making this decision?


  • How should we assess and set priorities for our IT project portfolio?


  • What features should we consider when selecting portfolio-management dashboard software?


  • How do we minimize the negative impact of project cancellations on IT staff morale?


  • After three years in my current CIO position, I still find myself out of the loop when it comes to strategic business decisions. What can I do about this?


  • Many large companies have a project management office responsible for portfolio and program management. When does a PMO make business sense?


  • After the extended economic downturn, we need to create a new vision for the organization. How do we do that?


  • What technical and security issues should we consider when setting up a telecommuting program?


  • How do we change IT from reactive to proactive in a change-resistant corporate culture?


  • How can the CIO shift the IT organization's mindset from service delivery to value creation?


  • What criteria should be included in the due-diligence assessment of IT at an acquisition candidate?


  • How do I establish my credibility with the CEO, chief operating officer, and CFO?


  • How do I motivate my technical staff to cooperate with staff from our offshore outsourcing vendor?




    • ©2002-2010 The Advisory Council Inc. All rights reserved. Privacy Policy & Guidelines | Terms & Conditions