IT due diligence: recognizing IT risks before the purchase

PrintMailRate-it

 

Today, IT is a key driver for companies and in times of digitalization it is increasingly becoming a success factor. IT due diligence should identify opportunities and risks and prepare them in such a way that decision-makers can derive measures from them. Information about the company's level of digitalization is also becoming increasingly important for decision-makers.
 
An acquirer must also take into account that its own strategy – particularly with regard to the planned integration of the target company or its connection to the acquirer's reporting – will have a significant impact on the IT landscape and therefore also on the costs and any synergy effects.

 Types of IT Due Diligence

IT due diligence can be differentiated according to its tasks on the one hand and its objectives on the other: There are analyses carried out as part of company acquisitions and analyses carried out as part of outsourcing projects for the service provider.
 
The aim of IT due diligence in the context of company acquisitions is to identify the opportunities and risks arising from the acquisition and the IT infrastructure acquired. What is important is what the acquiring company has planned. For example, it should be assessed differently if the IT of the acquired company continues to be used or if the migration to a uniform system takes place after the acquisition. In contrast, the situation is different if, in particular, group companies are to be separated from an existing group of companies and a new IT landscape may have to be set up. 
 
If service providers carry out IT due diligence as part of outsourcing projects, they are particularly interested in which IT systems and possibly also employees are taken over and how these structures can be transferred to their own as efficiently as possible.
 
The IT due diligence analyses can also be subdivided according to the areas examined. The analysis of the infrastructure is based on information on networks, operating systems, databases, applications (especially accounting systems) and virtualization. The analysis of the IT organization, on the other hand, concerns issues such as organizational requirements, personnel, outsourcing, IT projects and processes. In contrast, the assessment of the degree of digitalization relates more to the extent to which business processes are digitalized and automated.

 Approach model of the IT Due Diligence

As auditors, we are used to a structured approach from auditing financial statements and use it for IT due diligence. When auditing annual financial statements, it is also essential to gain a quick overview of the client's business models and IT systems and to carry out a risk analysis. In addition, we are familiar with many IT systems and their strengths and weaknesses from the audits we have carried out. We can use this knowledge for IT due diligence and incorporate it into our analyses and assessments.
 
We always start the audit by taking stock of the IT systems, IT processes and the organizational basis. Here we use the methods that we also use for the annual audit and thus quickly obtain comprehensive information about the target object. If we have already received information about the systems used in advance, we can ask more specific questions about the IT systems straight away.
 
Based on the available information, we can carry out an analysis and either request further information or directly assess risks and opportunities.
 
This is followed by an assessment of the documents found. In addition, we estimate the costs of the IT and its further development and thus also provide information that should be included in the pricing.
 

 

Questions? Contact us! 

Contact

Contact Person Picture

Frank Reutter

Partner

+49 221 949 909 316

Send inquiry

Contact Person Picture

Konrad Klein

Associate Partner

+49 911 9193 3686

Send inquiry

Deutschland Weltweit Search Menu