"Where Information Technology Is Purely Business & Engineering"

      Home Employment Contents                              Stamford, CT (203) 329-7013

IT Due Diligence Review 
Up IT Due Diligence Review Systems Studies TimeBox Opinions Corporate Projects Training & Interim




Professor Rino Nori's Fairfield University School of Engineering graduate school home page

IT DUE DILIGENCE REVIEW (Internal Business Application Systems & Infrastructure, Software Products):

The Nori & Associates Information Technology (IT) reviews are brief but intense involvement of our principals on behalf of Private Equity, Investment Banks, Commercial Lending, Venture Capital, Asset Management and Accounting firms involved in Due Diligence investigations re: business combinations, transactions and lending.  We recognize the urgency and confidentiality of these matters, and based upon the scope of work render a draft report within three to seven calendar days.  We identify the business risks associated with the target company's IT systems, organization, staffing, key projects, capital expenditures, scalability, flexibility, maintainability, security.   Work scope can be adjusted as required and can include "carve out" considerations as well as "integration" considerations.

In addition to evaluating a target company's IT environment portfolio and infrastructure, we can evaluate the software engineering component of a target company's product.  This is of value to Angel investors and others looking for an expert opinion on the technology, quality and systems development progress of a software product.  Our knowledge of other engineering disciplines allows us to fully understand the impact and integration of the software component with respect to the product's other components (mechanical, electrical and optical).

Due Diligence Key Benefits

Our IT Due Diligence Reviews help quantify transactional risk and better estimate post-merger operational and financial exposure.  The reviews can help a lender better appreciate his client's business environment and the associated level of lending risk.  Our reviews can help a commercial banker or investment bank provide some necessary guidance to a client company.  Specific IT related risks can be identified, assessed and estimated as to their impact upon the business.  Our work may result in any of the following benefits:

  • Identify potential IT disasters.
  • Identify potential IT integration risks and costs.
  • Identify potential cash hungry IT projects.
  • Identify potential illegal usage of software.
  • Identify potential for unplanned IT improvement cash outlays.
  • Identify potential for unnecessary expenditures for dubious IT projects.
  • Identify potential for IT related business disruption.
  • Identify potential IT dependant business risks.
  • Identify potential mis-management of the IT function.
  • Identify the viable lifespan of the existing IT environment.
  • Identify "carve out" requirements for ongoing IT support while new IT services are established.
  • Identify potential hardware, software & staffing infrastructure for new IT services.
  • Identify approximate costs and timeframe for establishment of new IT services.
  • Identify targets suitable for post merger integration IT hosting.
  • Identify potential post merger integration strategy alternatives, timeframes and costs.
  • Identify situations where no major IT risks appear to exist.
  • Identify IT areas requiring improvement & responsiveness tuning.
  • Identify potential IT cost reduction opportunities.

Due Diligence Approach

The Nori & Associates IT Due Diligence review can be conducted in two iterations, an initial high spot review at the beginning of the overall due diligence process, and later, if the deal conditions warrant, a more detailed due diligence review.  

In performing IT Due Diligence, we first fine tune our scope of work with the client and assess any particular client concerns or questions.  Secondly, based upon the scope of our review, we proceed by requesting the target for the following types of data:

  • Inventory of all systems, hardware, software and communications.
  • Inventory of all items (listed above) undergoing current or planned (next three years) change or upgrade.
  • Classification of software and hardware as to developed in house or purchased, platform and technical requirements for each.
  • Overall system model, enterprise data model, context diagrams.
  • Overall hardware and communications architecture diagram.
  • Technical capacity reports on hardware and communications.
  • Lease and other agreement (e.g. maintenance) copies and summaries of the annual costs, terms and penalties and cancellation charges for each.
  • Number of users and departments serviced by every system.
  • Detailed IT operating and Capex budgets and expense statements for the past three years and pro forma for the next year.
  • System plans, Disaster Recovery plans, Business Interruption Plan, past and current.
  • Workplans, estimates and summary reports of current projects.
  • IT policies, methodologies, procedures, security, and standards.
  • History of past projects, catastrophic events, security breaches.
  • Production support monthly summaries.
  • Backlog of work summaries
  • IT organization chart and summary biographies of key personnel.
  • Steering committee members and key user personnel.
  • Other, depending upon the scope of the Due Diligence.

Based upon the data available, at the data room or forwarded to our attention, we identify potential concerns and coupled with the client's requirements proceed on site to complete our review and identify the potential risks.  The on site work consists of select interviews, review of on site available data, and also includes spot testing of the submitted data.  Overall usability, satisfaction, reliability and maintainability of the systems is determined.   Additionally, an assessment is made of major future enhancements and their true need to support the business.  The review findings are analyzed, contrasted to the contemporary industry norms and to the business growth plans, and conclusions are developed.  A summary report is prepared identifying the major risks and concerns, and the detailed findings are provided as an attachment.

The above approach is tailored to fit the size of the target and the assigned scope of work.  For smaller targets, or small commercial loans, many of the IT Due Diligence primary objectives can be achieved via streamlining the scope of work.  The findings of an IT Due Diligence review may not always affect the outcome of a transaction, however they will provide the added input with which our client can make a better informed business decision.

Nori & Associates performs this work on an hourly or fixed fee basis, and we are open to sharing risk.  Our background is with the major firms, however our fees are a fraction of those.  All IT Due Diligence work is performed on a strictly private & confidential basis.

For general information and  inquiries eMail to:                                                   Copyright 1999-2011 Nori & Associates
Last modified: November 09, 2010