Specialist knowledge, and not a generalist approach, will differentiate Technology Due Diligence providers of the past from those of the future.
It’s a myth that a technology due diligence is inevitably commoditised. As technology evolves rapidly, the risks it poses are proliferating as well. PE firms no longer look at technology due diligence as an exercise aimed at assessing back-office inefficiencies. Instead, it is becoming central to the investment thesis and has a bearing on the target’s strategic, commercial, regulatory, and reputational standing.
Very few suppliers have calibrated their approach to addressing the fast-changing needs of their PE clients. In our view, a technology due diligence is no longer an offering that can be fully delivered by a generalist. This big shift in the market means that access to a deep and diverse set of expertise is vital to assessing the digital risks of the modern-day target business.
We have identified 5 specialist areas that will be increasingly vital in conducting Tech DDs going forward, in a way that addresses the evolving needs of PE firms:
Context is key to assessing the strategic implication of technology risks – assessment of a mission-critical manufacturing system will be different from that of a retail banking platform. However, often the one-size-fits-all approach of a ‘standard’ technology due diligence overlooks the value of bringing the sector lens to the table. Industry experts can help interpret the technology findings and help the PE firms understand the commercial impact on the transaction.
Blockchain, Machine Learning, AI, and Robotic Process Automation are among the few technologies that are no longer a niche in the market. Increasingly, PE firms come across targets – of all sizes – that have deployed the emerging technologies to some degree. In absence of expertise, due diligence professionals often relay back target management’s views in the reports. With a view to showcase the use of emerging technologies in marketing materials, often target companies either end-up overstating the use of these emerging technologies or are genuinely unaware of the associated risks - which could range from cybersecurity-related risks to machine learning based chat-bots learning negative behaviours of its users. Expert knowledge of these emerging technologies is critical to evaluating the risks.
No assessment of a bespoke software is complete without a thorough architectural review. The lack of proper technology evaluation results in probably the biggest blind spot for PE firms while assessing technology risks. Generalist IT consultants, tasked with architectural review, often take a checklist approach that can obscure the nuanced technical design flaws and future risks. The architectural issues can range from obsolete design and technologies, to inadequate scalability to support growth. A qualified technical architect is imperative on every technology due diligence for the underlying risks to surface in time.
When it comes to bespoke software, internal or customer-facing, the risks go beyond what is visible from the front end. Generic tech DDs often miss the risks weaved into millions of lines of code, that range across non-compliant use of free and open-source software (FOSS), cyber risks due to unsecure coding practices or simply a poor-quality source code, that hasn’t been adequately tested. The ability to provide automated source code scanning can be critical to surface hidden risks within a software environment.
Lastly, with increasingly high stakes around digital and technology, more could be done by the DD providers to feed expert-led, fact-based assumptions into the PE firm’s valuation model. However, with the vast majority of technology due diligence market supplying standard technology assessments, there is a disconnect between what the deal team needs and what they get. The gap is often filled by the PE houses themselves by quantifying risks to the best of their understanding. However, the hand-over between a tech DD report and valuation implications is changing, with the deal teams increasingly expecting the technology due diligence provider to quantify the risks. Delivering this requires advisors who are not just technologists but also transaction specialists, with a strong understanding of their client’s investment thesis, target business fundamentals and a general ability to think out of the technology silo.
Technology is evolving at a breathless pace and so are the associated transaction risks. Also, from being a back-office enabler, to being a strategic agenda at the top table, the role of technology has changed. Accordingly, the approach to assessing technology risks needs to keep pace with this change. A multifaceted technology environment requires a diverse skill set and deep expertise to surface hidden risks. We believe that this shift in the technology due diligence market is here to stay and is key to providing value to Private Equity firms.
Do not hesitate to contact us to find out more about how BearingPoint Capital can support you in navigating technology related challenges during transactions.