When private equity (PE) firms perform due diligence on a company, commercial, legal, and financial considerations are given high priority. But a comprehensive IT due diligence process, while recognized as an essential requirement, often requires more time, effort, and resources than expected. In today’s dynamic and competitive market, this can be a significant risk.
Technology has become incredibly complex and has a direct impact on the value, risk profile, effectiveness, and security of mid-market businesses. Comprehensive IT due diligence requires a high-level understanding of a target company’s IT footprint, as illustrated in this graphic:
The quality and modernity of applications within the IT footprint can ultimately determine the scalability, longevity, and saleability of a company. Unsecure or dated technology can represent a liability for businesses and private equity firms.
IT due diligence measures risk, synergy, and exit readiness by:
- Knowing what assets and liabilities exist in the IT Domain
- Understanding how IT supports strategic business objectives
- Identifying opportunities to generate business value through innovation
Key drivers of change in the mid-market today
The COVID-19 pandemic has triggered major changes across the business landscape and buyers are often caught off guard by how different the requirements are to compete in today’s environment.
Some of the key drivers of change are:
- A shift to Software as a Service (SaaS): With more people working from home, companies are increasingly adopting a cloud-based architecture that lends itself better to remote work rather than having on-premises infrastructure. The IT budget is moving away from capital expenditures (CapEx) towards greater operating expenses (OpEx).
- Cyber crime on the rise: Cyber attacks against mid-market companies have increased significantly during the COVID era. According to the 2021 Data Breach Report by the Identity Theft Resource Center, 1,862 data breaches were recorded in 2021, compared to the previous all-time high of 1,506 in 2017.
All cyber crime comes at a high cost to businesses—in the U.S., the overall cost to businesses totalled more than US$6.9 billion in 2021.1
- Disruptive technologies: The adoption of advanced technologies is transforming the competitive landscape. Businesses are implementing artificial intelligence (AI) and machine learning at pace—both tools are on track to be mainstream by the end of the decade.
Companies are investing in disruptive technologies like cryptocurrency, blockchain, Web 3.0, quantum computing, robotics, and augmented and virtual reality (AR/VR). Understanding their IT footprint today gives businesses insight into what it will take to be competitive tomorrow.
- Growing talent gap: It is increasingly time-consuming to find qualified people to fill internal skill gaps for IT and cybersecurity positions. Due to the rapid rate of change in the IT industry, even newly hired employees often have skill sets that are already or soon to be outdated.
Four risks of not performing IT due diligence facing private equity firms
There has never been a greater need to give IT a seat at the table during the due diligence process. We’ve identified four key risk areas for the private equity sector that IT due diligence can help mitigate:
1. Inheriting technical debt
The primary impact on PE firms comes in the form of technical debt. In the M&A context, technical debt refers to all the costs around technology modernization, update, and repair. If the due diligence process isn’t well-executed, an inordinate amount of technical debt can go undetected, severely affecting valuations and investment returns. CIOs report that approximately 10% to 20% of the budget dedicated to new products gets diverted to resolving issues related to technical debt, and that technical debt comprises 20% to 40% of the value of the entire technology estate.2
While technical debt can be a liability, it can also be a source of value creation. When identified and effectively managed, not only can technical debt provide more accurate valuations pre-deal, but it can present major opportunities to drive value and facilitate a successful investment.
2. Misalignment of IT and strategy
A lack of alignment between IT and business strategy can occur through talent gaps and a mismatch of applications and infrastructure, resulting in poor technology integration, abandoned systems, and siloed or fragmented databases that lead to unnecessary complexity in the operating environment. Poorly managed post-merger integrations can also be a source of significant technical debt.
3. Increased risk of cyber breaches
Another risk to PE firms is the impact of poor cybersecurity practices. Simple gaps in security infrastructure can lead to significant risks. Shadow IT is one such example. These are IT systems or processes deployed by people other than the central IT department, mostly as a mechanism to temporarily circumvent inconveniences in day-to-day work. Saving company information on personal drives is a prime example and the source of many cybersecurity gaps.
4. Decreased competitiveness
If a business is putting significant time and resources into managing technical debt, realigning IT and strategy, and managing constant cyber breaches, it has little time left to invest in forward-looking technology strategies and investments that support its strategic plan. This can lead to a loss of competitiveness in the market and customer attrition.
Considerations for value creation in private equity
There are important considerations PE firms should keep in mind to lower the impact of technical debt and improve EBITDA and overall valuation by the end of the investment horizon.
Start with the basics
Few mid-market firms have an IT infrastructure robust enough to meet the demands of today’s cyber landscape. In fact, only 50% of small and medium-sized businesses (SMBs) have a cybersecurity plan in place.1
Start by viewing IT as a value driver and setting the company up for success. Focus first on basics such as cloud and migrating the company to a new operating model. This provides a strong foundation to improve operations in the future through advanced security features, disaster recovery planning, and overall process improvement.
To outsource or to stay in-house?
The in-house talent and infrastructure of many companies may not be up to the task of today’s demands. Determining what really needs to be in-house and then outsourcing non-business critical IT functions (e.g., IT helpdesks) to a Managed Services Provider (MSP) can significantly lower business risk and possibly overall costs, especially if a company has multiple locations that need to be serviced.
Leverage data analytics
Data analytics is an excellent example of how IT can drive value. Analytics tools are becoming increasingly accessible to SMBs and can create value across all areas of the business, from optimizing the management of raw materials to coordinating the supply chain.
Companies operating in the industrials and manufacturing sectors especially have a lot of room to benefit because they traditionally spend under 2% of revenue on IT as compared to the banking sector, which spends closer to 6% of revenue on IT.
How BDO can help
Through industry professionals with decades of cumulative knowledge, BDO Canada offers a broad range of services that can help private equity firms navigate post-pandemic realities throughout the entire deal lifecycle, from pre-deal and the holding period to post-deal.
To learn more, contact us today:
Adam Brown, National Leader, Management Consulting and Strategy, Value Creation & Analytics Services
Bill Suri, Senior Consultant, Management Consulting
Susan Odle, Technology Investment Advisory Practice Leader, BDO Lixar
1 Alarming Cyber Statistics For Mid-Year 2022 That You Need To Know, Forbes, June 3, 2022.
2 Tech debt: Reclaiming tech equity, McKinsey, October 6, 2020.