Accenture study: 96% of CIOs discovered major issues during tech due diligence. A $150M manufacturing acquisition revealed $2M in hidden IT liabilities—in 2 weeks.
## The 2-Week Tech DD Framework
### Week 1: Discovery
**Systems & Infrastructure** (Days 1-2)
- Inventory all applications, databases, infrastructure
- Identify single points of failure
- Document vendor dependencies
- Cloud vs. on-premises breakdown
**Security & Compliance** (Days 3-4)
- Last penetration test and results
- Compliance certifications (SOC 2, ISO 27001, HIPAA)
- Open security vulnerabilities and remediation plans
- Data privacy compliance (GDPR, CCPA)
**Technical Debt** (Day 5)
- End-of-life systems requiring immediate replacement
- Deferred maintenance and infrastructure debt
- Licensing compliance gaps
**Team & Operations** (Days 6-7)
- Key person dependencies
- Turnover rates and morale
- On-call/incident response processes
- Documentation quality
### Week 2: Analysis & Reporting
**Cost Analysis** (Days 8-9)
- IT spend as % of revenue (benchmark: 3-8% depending on industry)
- Vendor contract terms and upcoming renewals
- Hidden costs (shadow IT, redundant tools)
- Post-acquisition optimization opportunities
**Integration Planning** (Days 10-12)
- System compatibility assessment
- Data migration complexity
- Identity and access management consolidation
- Network integration requirements
**Risk Quantification** (Days 13-14)
- Critical findings with business impact
- Deal-breaker issues vs. manageable risks
- 90-day post-acquisition priorities
- Total cost of IT integration
## Red Flags That Adjust Deal Price
1. **$500K+ deferred infrastructure** (data center refresh, network upgrades)
2. **Major vendor contracts** expiring within 6 months of close
3. **No disaster recovery plan** or last tested >2 years ago
4. **Critical systems** on unsupported software (Windows Server 2012, Oracle 11g)
5. **>50% single-vendor dependency** without alternatives
6. **High-risk security gaps** (unpatched CVEs, no MFA, poor access controls)
7. **Undocumented custom code** with key developer departed
8. **Compliance violations** requiring immediate remediation
## Real Case: $150M Manufacturing Acquisition
**Found in 2 weeks**:
- $800K annual vendor overspend (renegotiation opportunities)
- $1.2M deferred infrastructure (ERP upgrade, network refresh)
- $400K security remediation (unpatched systems, compliance gaps)
- Total: $2.4M in hidden liabilities
**Outcome**:
- Purchase price reduced $1.5M
- 90-day integration plan delivered
- $800K annual vendor savings identified
- Avoided post-close surprises
## The DD Deliverable
Executive summary (2 pages):
1. Overall tech health score (1-10)
2. Top 5 risks with business impact
3. Hidden costs and liabilities
4. Post-acquisition integration complexity (simple/moderate/complex)
5. 90-day action plan
Detailed findings (15-25 pages):
- Systems inventory
- Infrastructure assessment
- Security & compliance audit
- Cost analysis and optimization opportunities
- Integration roadmap with timeline
## When to Walk Away
- Security posture is so poor it creates existential risk
- Technical debt exceeds 30% of purchase price
- Key systems are undocumented and unsupportable
- IT team exodus likely post-acquisition (>50% flight risk)
A 2-week tech DD typically costs $50-80K. Skipping it costs millions.
## The 2-Week Tech DD Framework
### Week 1: Discovery
**Systems & Infrastructure** (Days 1-2)
- Inventory all applications, databases, infrastructure
- Identify single points of failure
- Document vendor dependencies
- Cloud vs. on-premises breakdown
**Security & Compliance** (Days 3-4)
- Last penetration test and results
- Compliance certifications (SOC 2, ISO 27001, HIPAA)
- Open security vulnerabilities and remediation plans
- Data privacy compliance (GDPR, CCPA)
**Technical Debt** (Day 5)
- End-of-life systems requiring immediate replacement
- Deferred maintenance and infrastructure debt
- Licensing compliance gaps
**Team & Operations** (Days 6-7)
- Key person dependencies
- Turnover rates and morale
- On-call/incident response processes
- Documentation quality
### Week 2: Analysis & Reporting
**Cost Analysis** (Days 8-9)
- IT spend as % of revenue (benchmark: 3-8% depending on industry)
- Vendor contract terms and upcoming renewals
- Hidden costs (shadow IT, redundant tools)
- Post-acquisition optimization opportunities
**Integration Planning** (Days 10-12)
- System compatibility assessment
- Data migration complexity
- Identity and access management consolidation
- Network integration requirements
**Risk Quantification** (Days 13-14)
- Critical findings with business impact
- Deal-breaker issues vs. manageable risks
- 90-day post-acquisition priorities
- Total cost of IT integration
## Red Flags That Adjust Deal Price
1. **$500K+ deferred infrastructure** (data center refresh, network upgrades)
2. **Major vendor contracts** expiring within 6 months of close
3. **No disaster recovery plan** or last tested >2 years ago
4. **Critical systems** on unsupported software (Windows Server 2012, Oracle 11g)
5. **>50% single-vendor dependency** without alternatives
6. **High-risk security gaps** (unpatched CVEs, no MFA, poor access controls)
7. **Undocumented custom code** with key developer departed
8. **Compliance violations** requiring immediate remediation
## Real Case: $150M Manufacturing Acquisition
**Found in 2 weeks**:
- $800K annual vendor overspend (renegotiation opportunities)
- $1.2M deferred infrastructure (ERP upgrade, network refresh)
- $400K security remediation (unpatched systems, compliance gaps)
- Total: $2.4M in hidden liabilities
**Outcome**:
- Purchase price reduced $1.5M
- 90-day integration plan delivered
- $800K annual vendor savings identified
- Avoided post-close surprises
## The DD Deliverable
Executive summary (2 pages):
1. Overall tech health score (1-10)
2. Top 5 risks with business impact
3. Hidden costs and liabilities
4. Post-acquisition integration complexity (simple/moderate/complex)
5. 90-day action plan
Detailed findings (15-25 pages):
- Systems inventory
- Infrastructure assessment
- Security & compliance audit
- Cost analysis and optimization opportunities
- Integration roadmap with timeline
## When to Walk Away
- Security posture is so poor it creates existential risk
- Technical debt exceeds 30% of purchase price
- Key systems are undocumented and unsupportable
- IT team exodus likely post-acquisition (>50% flight risk)
A 2-week tech DD typically costs $50-80K. Skipping it costs millions.
Tags
M&ADue DiligenceRisk Assessment