Mergers & Acquisitions (M&As) are among the most challenging undertakings in business. Administering the IT integration risk associated with a merger has become a major component in determining the ultimate success or failure of M&As. Expectations concerning cost savings and economies of scale often focus on IT.
In fact, IT plays a critical role in determining how effectively the merged organization is able to integrate processes and people, as well as deliver products and services to internal and external customers.
How does one comprehend the expenditure and IT risk associated with an M&A and possible regulatory or software compliance issues? The answer is IT due diligence.
What is IT Due Diligence?
IT due diligence serves to evaluate:
An organization’s current state of technology;
Issues linked to sustaining its current technology;
Financial consequences of a technology plan;
Opportunities for leveraging existing technologies;
Initiatives essential to undergo a successful merger and
Business risks.
The IT Assessment
The IT due diligence process commences with an IT assessment report that supplements the work performed by financial, legal, and operational analysts. The IT assessment analyzes risk and affords bench-marking information, facilitating a more informed decision. The assessment report should contain:
Architecture analysis
Infrastructure analysis
Applications analysis
Security risk analysis
Service support analysis
Information asset analysis
System criticality
Organization overview
Threat, vulnerability and impact analysis
Operating expense analysis
Capital expense analysis
Executive presentation Benchmark comparison
Security Risk Assessment
As a complement to the IT assessment report, a security risk analysis will afford a comprehensive evaluation of threats, vulnerabilities and impacts. The objective is to understand the following:
- What is the important data?
- Where does the data reside (systems)?
- How is it protected?
Security vulnerabilities are amid the most overlooked problem areas revealed in the due diligence process. Medium to smaller sized organizations often don’t realize how much authority and access some of their IT personnel may have – access that could empower them to create considerable problems for the organization. Such vulnerabilities can subject the organization to lawsuits if not properly dealt with.
Malware embedded deeply within various software systems can also present a severe threat. In many instances, even organizations with suitable anti-virus software have it configured incorrectly, permitting malware to penetrate the company’s systems. The likelihood for such malware to steal credit card numbers, human resources data, intellectual property, passwords and more is substantial.
Disaster prevention and recovery should also be dealt with. Does your organization have a suitable backup plan to make certain it can recover critical data quickly enough to sustain operations? The cost of attending to these issue areas should be factored into the total cost of ownership from the very start.
Lastly, a compliance dashboard should be afforded to capture the compliance status of the IT organization for applicable regulatory requirements such as SOX (or bill 198), HIPAA (or PIPEDA), SAS 70, etc.
The Litcom Approach
Litcom is an independent source for IT due diligence. We have broad knowledge and experience in all aspects of IT management. Our association with leading industry research firms gives us practical data for benchmarking the target company’s IT spending and preparing a useful economic analysis. Our structured methodology allows us to deliver an assessment within short deadlines and our strict independence from technology vendors gives us an unbiased perspective that is essential for due diligence. Please contact us for additional information at: info@litcom.ca.