Merging with, acquiring or investing in a company requires due diligence: to determine the true value of the transaction; to verify representations made by the target company; and to identify all the opportunities for creating additional value after completion of the deal. Assessing the information technology component of a target company is an important part of performing due diligence, whether or not the company offers IT products or services.

Investors often make critical decisions without key elements of IT due diligence for a number of reasons:

They lack the technical expertise to perform the investigation and analysis themselves; They have retained a service where IT assessments are considered ancillary and where they are performed by accountants or business analysts; The assessment results are skewed because the assessors have a vested interest in selling other services as part of the deal.

Elevology is an independent source for the performance of IT due diligence. Our IT Assessments are performed by former IT managers who themselves have been responsible for running large technical operations, managing multi million dollar budgets, leading diverse technical staffs and have in-depth knowledge of systems, platforms, development paradigms, security concerns and risk management/amelioration.

Our structured assessment methodology allows us do deliver accurate, complete analyzes that present the broad picture of a candidate firm from an IT perspective. Based upon a client's specific needs, we can tailor our service to deliver analyzes that range from quick, issue specific assessments to comprehensive M&A studies.

 

Outline of a Technical Assessment

Our assessment methodology can be summarized by the following abridged outline:

Current State of IT

Organization

• Identify senior IT managers and determine respective job functions


• Determine size, skill level and organizational distribution of IT staff


• Identify linkages between staff and business, operations counterparts

Identify location of IT departments

• Analyze product/service support structure and identify personnel.


• Infrastructure


• Compile hardware inventory


• Document and analyze network infrastructure and topology


• Document and analyze telecommunications infrastructure and topology


• Document and analyze data center infrastructure and support


• Document external data links.

Systems

• Compile manifest of operating systems, databases and development platforms


• Compile manifest of deployed application systems, determine level of integration and supporting entity


• Review and analyze excerpts of internally developed code and compare to best practices


• Evaluate company's web site for customer experience, interface design, usability and performance


• Conduct surveys, interviews with internal and external users of IT services to determine level of satisfaction.

Current Budget

• Review and analyze current budget allocations


• Compare budget to current burn rate


• Review consulting, outsourcing contracts


• Identify existence of excess capacity, redundant resources.

IT Initiatives and Planning

Planned systems

• Analyze development projects currently underway. Determine timeliness, viability, staffing and cost of each


• Review pending proposals to ensure requirements and specifications are well documented

Existing Systems

• Ensure adequate capacity planning and support.

Pending Budget

• Review and compare proposed budget with analysis of current budget, burn rate


• Review capital budget requirements


• Evaluate opportunities for cost savings such as data center, server, project consolidation


• Ensure the inclusion of required future support and service contracts.


• Risk Profile

Business Continuity

• Analyze data backup/recover practices. Determine whether well documented, implemented and tested


• Analyze disaster recovery plan and determine vulnerabilities and omissions


• Examine relationships with third-party vendors to identify potential sources of risk in case of catastrophe.

Data Security

• Analyze data security measures and determine vulnerabilities


• Network security measures


• Database security measures


• Platform security measures


• Application security measures


• Employee permissioning, password policies


• Physical access to critical assets.


• Analyze change management policies and procedures.

Personnel

• Determine key resources which must be retained


• Determine vulnerabilities to attack by displaced personnel.

Regulatory and Compliance

• Determine broad measure of compliance with applicable regulatory statutes (E.g. HIPAA)