With the introduction of the information age came the rise of a new discipline known as ‘technical due diligence’. As an expert technology strategist and experienced CTO, technical due diligence is a core part of my skillset. I understand that it is critical to maintaining a company’s security, viability, and productivity. It is something that cannot be ignored in a world that relies almost exclusively on technology to drive business forward.
The term ‘due diligence’ has its origins in law and business. In a legal setting, a solicitor exercises due diligence on behalf of a client in order to ensure his or her best interests are always protected. In a business setting, due diligence is applied before certain kinds of transactions (e.g., merger or acquisition, purchase of securities, etc.) to ensure that a company’s financial best interests are protected.
Technical due diligence accomplishes similar purposes. It protects a company’s best interests for both short- and long-term operation; it helps to maintain a company’s long-term viability should there ever come a day when a technology investor shows interest in acquiring full or partial ownership.
More Than Just an Audit
Technical due diligence is more than just a routine audit for obtaining ISO accreditation. Audits are fine as far as they go, but they do not go far enough to uncover systemic issues that could cause significant problems down the road. Performing technical due diligence properly requires asking hard questions, digging deeply into institutional paradigms, and addressing systems and modalities in a way that makes people uncomfortable. The value comes in addressing the issues found during the due diligence process and the recommendations made as a result, this is where I work with the business to ensure that it improves in those areas highlighted.
So what goes into technical due diligence? The list of things I dig into as a technology strategist would be too long to list here in detail, but a good overview is possible. Whether I am working for a company with no plans to sell or helping a technology investor looking to make a deal, my technical due diligence covers the following areas:
Technical capability, stability, and scalability
Technical depth (staff, hardware, and software)
Total operational and support costs
The level of dependency on technology
Planned or required future technology initiatives and whether in the financial forecasts
Risks (security, financial, etc.) including regulatory such as GDPR.
Security strategies, policies, and procedures
members and management capabilities
Current software licensing and ownership
Current vendor agreements.
More often than not, technical due diligence uncovers systemic issues that are widely known but rarely discussed. It is a lot like a family with ‘secrets’ that everyone knows about but never mentions outside the family. Those things need to be brought out into the open and dealt with honestly if the right solutions are to be found and applied.
As a technology strategist, I have seen the harm that can come from not applying technical due diligence on a regular basis, nor following through the recommendations that are made. The reality of the modern world is that technology dominates. If businesses are not willing to practice due diligence where their technology is concerned, only negative consequences await.
By Chris Galley.
Contact us for further information