IT Due Diligence – Meaning, Scope, Checklist

Information technology is a phenomenon that has gained massive popularity and immense growth since the early 2000s. Any business, small or big, cannot survive without using at least some part of information technology. Information technology is crucial to the sustenance and growth of a company, so why leave out the analysis of this factor during a merger or an acquisition? IT due diligence can give us a roadmap to conduct this analysis.

What is IT Due Diligence?

IT due diligence is a process designed to find a clear and complete picture of the quality of the IT capabilities of any company. This is a subcategory of the due diligence process conducted before finalizing a merger, an acquisition, or an investment in any company.

Scope of IT Due Diligence

Now that we know the meaning of IT due diligence, we must understand what is covered under IT due diligence. In this section, we will analyze the specific areas that are explored during an IT due diligence –

Current state of IT Capabilities

First and foremost, the question should be – As of today, how is the target company’s IT landscape?

There are four areas of assessment in the current IT landscape of any company, namely – IT systems, IT infrastructure, IT organizational scenario, and IT process evaluation. Let’s look at each area –

IT Systems

When we assess the IT systems of the target company, we ask questions such as –

  1. The target company is using which systems and applications? Are they in good condition?
  2. How suitable are these systems for the company, considering factors such as company size, industry, customer base, etc.?
  3. Are the systems properly supported? Is the current staff sufficient to maintain these systems? Are the vendor contracts for the system in place?

IT Infrastructure

IT infrastructure includes the hardware, i.e., the actual tangible assets that support IT function. The following questions are important in this area –

  1. What type of hardware is the target company using? This includes everything from office computers to extensive lease lines.
  2. How up-to-date is the IT equipment? What is the assumed obsolescence time? What is the current value of this equipment?
  3. Is there any lease or rental obligations for this hardware?

IT Organisational Scenario

This particular area focuses on the human side of the IT capabilities of the company. It tries to understand the current workforce in the IT department of the target company. Analysts assess the size, skill level, level of education and training, efficiency, etc., of the current IT workforce and give inputs accordingly.

IT Process Evaluation

The questions asked are –

  1. What are the current processes for software and application development, service design, IT operations, IT security, disaster management, cost and value management, etc.?
  2. Are these processes efficient, or do they need changes?
IT Due Diligence


Once we understand the target company’s current IT capabilities, it is time to question whether the current capabilities can keep up with the growth of the company. Usually, when acquiring the company, the buyer wants to grow the target company and make a profit out of it. Thus it becomes important to analyze the scalability of current IT capabilities. The scalability factor comes in many forms, such as expansion, upgrade, or replacement of certain current capabilities; integration with the new parent company systems; outsourcing; adopting of new technology, etc. The acquirer must conduct an in-depth analysis of the target company’s performance in each area.

Risk Assessment

Risk assessment is one of the most important areas of IT due diligence. A proper risk assessment can increase the chances of success, given the lengthy and complicated nature of an M&A transaction. Assessment must be done in the following areas –

Disaster Management and Business Sustainability

When dealing with IT, we have to make provisions for any kind of disaster or crash. It is important to understand that IT is a delicate and complex technology that can hang, crash, be infected by a virus, and so much more. Therefore in this particular area of IT due diligence, we must ask questions such as –

  • Are there any intrusions or vulnerabilities in current IT systems? What can we do to secure these systems?
  • Is there a disaster or damage recovery plan in place?
  • Are there processes and systems that take regular data and software back-ups?

A lot of the operations of the business depend on IT; for example – can we imagine Walmart to sustain if its supply chain software system crashes? Proper IT security and disaster management are the keys to long-term business sustainability in today’s world.

New Initiatives

Risk assessment is necessary not only for the existing capabilities but also for future capabilities. The main question here would be to understand what future IT projects are under development and are they necessary? A successful merger can only occur if the management can trim unnecessary fluff, and it also applies to IT.

Key Human Resource

Talking about trimming the unnecessary fluff, the IT department may also have employees who no longer serve the purpose of the merged or acquired organization. It is necessary to let them go or divert their capabilities to more fruitful projects. Recognizing the key IT support staff and doing the necessary staff changes is a big part of IT due diligence.

Budgetary Analysis

Spending on IT is one of the major costs of any company. It is important for the acquirer to understand the target company’s IT costs before making the buying decision. There are two principal costs of any IT department, namely – maintenance, replacement, and expansion of IT infrastructure; and IT staffing solutions. These two components combine to make IT costs. The buyer compares the IT costs of the target company with industry benchmark as well as with its peers. As a result, the acquirer will have a better idea of the cost-effectiveness in the target company’s IT investment.

Future Scenario Planning

After conducting IT due diligence, the next step is to plan the future scenario. Scenario planning includes –

  • Identifying and correcting current problems.
  • Identifying risks and taking measures to minimize these risks.
  • Aligning IT capabilities to match future company goals by expanding, upgrading, replacing, or integrating current capabilities.
  • Identifying major cost overheads and improving cost-effectiveness.
  • Making an implementable 5-year, 10-year, etc., plan to give direction to IT capabilities in the future.

See Due Diligence to learn more about its other types.

Sanjay Borad

Sanjay Bulaki Borad

MBA-Finance, CMA, CS, Insolvency Professional, B'Com

Sanjay Borad, Founder of eFinanceManagement, is a Management Consultant with 7 years of MNC experience and 11 years in Consultancy. He caters to clients with turnovers from 200 Million to 12,000 Million, including listed entities, and has vast industry experience in over 20 sectors. Additionally, he serves as a visiting faculty for Finance and Costing in MBA Colleges and CA, CMA Coaching Classes.

Leave a Comment