10 Questions for PE Firms Evaluating Target’s IT Landscape

One of the questions that consultants must always answer is how to win client work. Clients issue RFPs and they employ scoring criteria to select consultants. The scoring criteria are typically centered around technical competency and commercial arrangements. Clients’ procurement teams will lead the charge, score the vendors, and go through the selection processes.

Due Diligence for mid-market targets is an intensive exercise on its own. There is, however, a significant opportunity to leverage the management capacity to evaluate the opportunity to revamp current IT and optimize the structure to make technology an essential part of the business. During the due diligence phase, PE firms should focus on 10 questions on target’s IT landscape. Answers to these 10 questions can help companies start to lay out a foundation to extract more value out of IT.

Many PE firms acquire mid-market companies that are in industries that are not as technology intensive as major financial services companies and retail companies. During the due diligence phase, PE firms tend to focus on evaluating the financial aspects of the target. IT, given the non-intensive nature of the industries the targets are in, often doesn’t get much attention. With IT becoming essential across all industries, this approach won’t afford the PE firms the strategic lens of the technology. Furthermore, given that technology nowadays is as much a liability as an asset, not fully evaluating IT during the due diligence will create significant problems in the near future.


Here are 10 questions that every due diligence for mid-market companies should focus on. I have bucketed them into 3 buckets: Is IT a ticking time bomb?  Can IT continue to effectively support Business’s near term needs? And can IT become a strategic weapon?


Is IT a ticking time bomb?

The questions here are to ensure that the acquisition target doesn’t require immediate significant IT investment to remediate the current situation. In a recent due diligence exercise for a Midwestern manufacturing company, the PE team and I uncovered that the acquisition target engaged a third party IT vendor to maintain the IT infrastructure, including the office computer network and PCs. But the vendor had neglected to apply security patches to the servers and PCs. Unfortunately, one of the employees opened an external email and infected the network with ransomware and caused significant impact to the company.


To test if IT is a ticking time bomb, the due diligence team should focus on a number of major risk areas: information security risks, system availability risks, vendor support risks, and knowledge risks. The four key questions under if IT is a ticking time bomb include:


  1. Are there past issues with IT security and privacy? For example, were there issues with ransomware? Are sensitive and proprietary data well protected? How does the company deal with information privacy protection regulations such as GDPR and CCPA?  Of course, if the target struggles to answer those questions, the potential risk is high.
  2. Can IT systems be recovered and stay running, even during disasters? While many of the companies are not in IT intensive industries, when a disaster hits, it is still critical to keep the core systems running so that plants can continue to operate and customer services can keep on functioning, during the business disruptions. During the due diligence exercise, the due diligence team should test how the target has dealt with business interruptions in the past and see if they can keep the infrastructure running, even during unexpected disaster time.
  3. Are core systems on vendor support lists? Or are the systems already unsupported by vendors? Mid-size companies would sometimes skip vendor upgrades to save on operating expenses. While those shortcuts can work tactically, unsupported systems create potential long term risks. Upgrading those systems would often incur business disruptions also since the business may not be able to operate without IT systems. Furthermore, vendors often require sequential upgrades which would require companies to upgrade the same system a number of times before they can get to the latest supported versions. Each such upgrade creates potential risks. Testing if the core systems are still being supported thus becomes a critical time bomb test.  
  4. Does the target have in-house knowledge of the systems? Or is the system knowledge all with third party vendors? With the shortage of IT talent across all industries, many mid-market companies have relied on third party contractors to develop applications and maintain IT infrastructure. While this works for the near future, if the vendors and contractors leave, IT might not have the ability to continue to operate the systems. It’s critical to evaluate the IT knowledge management of the acquisition target to ensure there is backup strategy in place.


Can IT continue to effectively support Business’s near term needs?

After evaluating if IT is a ticking time bomb, hopefully we can be sure that IT is functioning normally and can continue to operate in a business as usual fashion. Now it’s time to dig deeper into the day to day operations of IT and IT architecture to calibrate the potential to improve IT’s ability to support the business operations. There are three key areas to probe here: IT talent, application portfolio, and IT spend efficiency.


  1. Is there a good team in place who can continue to enhance the systems? Given that many of the companies here are mid-market, it’s critical to evaluate if the targets have acceptable abilities to manage projects and use change management to deploy new capabilities to business. There are still many companies whose IT are ad-hoc application enhancements. Even when more sophisticated systems such as Salesforce.com are deployed, there is insufficient ability to change business processes to realize the full potential of such systems.
  2. Does the target have duplicate systems across domains and does the target need to consolidate them? Many of the mid-market companies grew by acquisition themselves. It’s likely they have many duplicate systems in place. Given the complexity of supporting duplicate systems, the due diligence teams should evaluate such overlaps and decide if actions should be taken to address this.
  3. Are there opportunities to optimize current IT spend to free up funding to invest in new strategic technologies? Lastly, while computing cost has been dropping significantly due to Moore’s Law, many mid-market companies haven’t been able to demonstrate the ability to bend the cost curve and show the economy of scale. With new technologies such as IOT, AI, and 5G on the horizon, it’s critical to evaluate the potential to rebalance the IT budget and free up funding to pivot to the new technologies.


Can IT become a strategic weapon?

This is the question that PE firms don’t ask enough right now. With technology becoming essential in every industry, during due diligence, PE firms should actively evaluate opportunities to apply technology to improve business performance and efficiency. Given that many targets are mid-market companies, they don’t always have the mature processes to enable future growth yet. Also, many of the business processes and activities might still be done manually, with Excels being the core tool to enable day to day management. There is a huge opportunity to evaluate the potential of applying technology to improve business performance and bake some of the impact into the financial projection for the due diligence.


To evaluate the question of if IT can become a strategic weapon, PE firms can focus on three key questions:

  1. Are there significant opportunities to apply technology to address identified business performance gaps? During the due diligence process, PE firms often conduct benchmarking to identify performance improvement opportunities.  Today, many of such opportunities can be addressed by technology. For example, many companies have been using LEAN and SIX Sigma to improve manufacturing processes. However, today, we can push even further of LEAN and Six Sigma using AI.
  2. Has the business decision making been driven by real-time data? Or is the company mainly run on Excel and management’s data interpretation and experiences? With the advances of data technologies and cloud infrastructure, many companies can quickly create more transparency into their performances. In my past experience, companies that rely on Excel to run the businesses can usually achieve at least 15% of performance improvement by moving from Excel to more rigorous data driven decision making.
  3. Is the target still pushing a lot of manual processes? Are there opportunities to automate and augment the systems and remove Paper, PDF, and Phones? While many mid-market companies have deployed core systems to enable business processes, the labor involvement for using the systems is often still intensive. Manual data entry activities abound. Human labor is involved to reconcile the data from one system to another. Those are great opportunities to leverage technology to drive the efficiency out of the current business systems.



Due Diligence is an intensive exercise on its own. There is, however, a significant opportunity to leverage the management capacity to evaluate the opportunity to revamp current IT and optimize the structure to make technology an essential part of the business. The 10 questions laid out above can help companies get started!

Copyright © 2023 Parker Shi. All rights reserved.

Share on Twittter
Share on LinkedIn

Related Articles: