20/04/2022 | By François Roulin, Business Consulting Director, Paris

In merger and acquisition (M&A), carve-out, and equity investment operations, the buyer or investor tends to focus on strategy, financial and legal aspects, and human-resource considerations. But given that information systems are now critical to the day-to-day operation of any business, it’s equally important to consider the IT and business-continuity impact of the transaction. This is where IT due diligence comes into play.

What is IT due diligence?

Due diligence describes a set of procedures that a potential buyer or investor carries out to assess the financial, HR, tax, and other risks associated with a potential transaction before deciding to go ahead. IT due diligence works in much the same way, except that it focuses specifically on an organization’s information system. Given the critical role that these systems play in day-to-day businesses operations, IT due diligence has become an essential step in any M&A process.

IT due diligence involves examining the “information system landscape” of the entity whose ownership is set to change hands, in order to assess IT-related risks and estimate the cost of maintaining business continuity following the sale. In other words, its purpose is to help buyers or investors understand the financial risk associated with the information system and, where necessary, to build this risk into their offer.

In every case, the main aim of this process is to maintain business continuity once the sale is finalized. But the focus will vary according to the type of operation in question: a carve-out (the sale of a business unit), an equity investment by an investment fund, or a merger and acquisition.

1/ IT due diligence in carve-out operations

In carve-out operations, IT due diligence informs the negotiation of transitional services agreements (TSAs) between the seller and the buyer. This transitional arrangement helps to maintain information system continuity while giving the new owner time to deploy business applications on new IT infrastructure, to transfer sales, HR, accounting, and other data, to set up ad hoc teams to operate the information system, and more.

2/ IT due diligence prior to equity investments

Investment funds carry out IT due diligence in order to identify key risks that could threaten their business plan. For instance, they may find that the existing information system is obsolete or misaligned with the agreed strategy. They will also wish to assess what IT investments will be needed once the operation has been finalized (such as replacing an existing ERP system or deploying a new one, or implementing a BI or data analytics application).

3/ IT due diligence in mergers and acquisitions

In M&A operations, IT due diligence gives the buying organization an estimate of the work required to integrate the new entity into its IT environment, and allows it to draw up an associated action plan based on all relevant imperatives and constraints. 

Hardis Group’s IT due diligence method

IT due diligence involves conducting an expert review of all the information and evidence supplied by the seller to the buyer or investor. It is a process that requires specialized knowledge and skills. At Hardis Group, we use a tried-and-tested method to support sellers and buyers throughout the steps of a carve-out, equity investment, or M&A operation:

  • Initial review phase: Flash audit covering key information system risks, based on the information and evidence provided.
  • Due diligence phase: Assessment of the risks and challenges presented by rebuilding, transferring, or integrating the information system, plus developing and costing an associated action plan, based on the data provided by the selling company.
  • Transitional phase: Negotiation of TSAs and management of the transition project. 
    • For buyers: Deployment of the target information system (transfer, deployment of new IT architectures, implementation of new applications, integration of applications specific to the acquired entity into the buyer’s information system, etc.), change management, etc. 
    • For sellers: Decommissioning of the sold entity’s applications and IT environments, skills transfer, etc.
    • Post-sale phase: Support with implementing the agreed action and modernization plan.