In many transactions, especially those involving a large investment in IT products, technical due diligence is an obligatory part of the investment process. In this article, we will discuss the basic aspects of software due diligence.

The purpose of the software due diligence

Software products are at the core of value creation for many modern companies. The development and maintenance of these products cost resources that must be assessed before investing as part of software due diligence.

Technical or software due diligence (DD) is a comprehensive analysis of the company’s IT products by independent certified experts, as a result of which vulnerabilities and shortcomings of these products are identified, business risks associated with them, and recommendations are developed for their minimization and elimination. Software DD includes the systematic recording and assessment of the existing IT (hardware, software, networks, resources, processes, locations, projects) and the data protection organization of a company. It also aims to show the value and strategic benefit that IT has for the company. Digital DD is currently of great relevance for online platforms, retailers, and other online companies.

The procedure is required in the following cases:

  • investment in IT projects (software, games, etc.);
  • buying/selling an IT company;
  • preparation for joining the HTP (for a separate category of applicants – crypto and blockchain projects);
  • Confirmation of compliance with local and international standards (PCI DSS, HIPAA, ISO 27001, SOC 2, GDPR, etc.);
  • making a big deal.

Software DD may include reviewing various technical aspects of a product IT company. When an investor enters the capital, the widest possible list of issues is subject to study, allowing an analysis of all the risks associated with the technical aspects of the company’s IT product itself. The impossibility of scaling the system, the likelihood of security incidents, the complexity of support, or critical vulnerabilities in the system can serve as a serious reason for bargaining or rejecting a deal. Depending on the goals of the audit and the scope of the software product, it is possible to limit the list of works included in the technical audit, for example, the HTTP requirements for the audit of information systems of a certain category of applicants focus mainly on security issues.

Digital business models: from product to information and services

Digitization has not only fundamentally changed the business models of companies, but also has an increasing influence on due diligence reviews in the context of corporate transactions – especially in the commercial context.

The following questions should be asked as part of a procedure:

  • Can the company increase its online profits in the future?
  • Is it prepared to reach new, digitally affine target groups?
  • Is digitization already part of the business model?
  • If not, how easily can this be integrated in the future?

On the one hand, the proportion of purely digital companies in the portfolios of private equity companies has risen sharply in recent years, on the other hand, traditional companies are increasingly exposed to digital changes and more intense digital competition. However, these digital components and factors influencing the business model are often criminally neglected in classic companies from the non-digital environment in the context of commercial DD checks.

Among other things, this means that market attractiveness and the competitive environment are misjudged, growth risks are not recognized and disruptive changes are carelessly misjudged. For this reason, it is essential that a clear understanding of the acquisition company’s business model is gained at the beginning of any commercial DD and that digital checkpoints are integrated into the process to validate “digital readiness”.