Intechnica, technology specialists that deliver pragmatic, commercially-focused technology services to SMEs, explain the value of technology due diligence and when it is right for SMES to consider.
Technical due diligence is typically left to the end of the investment process, when the investor’s financial confidence in the target business is high. However, over recent years, the approach to technical due diligence (ITDD) has been changing, with more businesses seeking to undertake vendor technical due diligence (VDD) ahead of an investment round.
What is the purpose of Technology Due Diligence?
Often, people think investors want best practice and there can be no risks, however, in Intechnica’s experience investors are comfortable taking a level of risk if they can see there are mitigation plans in place and that these risks are well understood and managed by the business.
Investors are interested in the value that the technology brings and will continue to bring to the business. They are not interested in ivory tower approaches, nor do they expect everything to be perfect.
Undertaking VDD enables a business to understand the upside potential and determine that the IT function can support the business plan and consequently demonstrate to potential investors that the investment hypothesis is valid. The report also gives them the chance to showcase the “crown jewels” – the significant areas that bring value and will continue to bring value to the business.
An objective report assessing the quality of the IT function and honestly representing the business capabilities and assets will resonate well with potential investors and enable the company to avoid buy-side top-up ITDD, which removes control of the process, leads to deal drag and may impact the valuation.
Common issues identified
Over the 250+ engagements, certain patterns and trends have become apparent, and some risks have been identified time and time again. The top 5 recommendations are listed here.
- Security – 1 in 5 businesses had issues related to security. This is often because businesses are focussed on value creation. However, security breaches can have significant financial and reputational impact and companies should seek to have security controls and processes in place and followed.
- Technical debt – Speed to market is often prioritised over quality, leading to a build-up of technical debt. While this is often an appropriate decision to make when a company is small or in the start-up phase, it will hinder a company’s ability to deliver new features or changes to their product at scale. Getting this right is critical.
- Team – growth is not just about adding more developers, but also requires diversification of skills (including non-development roles such as product management and testing) and improved processes. In smaller organisations, it is easier to control the output of individuals with limited processes in place. As they grow, teams reach a point whereby efficiency begins to fall off – even if more people provide a greater pool of resources, they also require greater amounts of coordination and management, to the point where size becomes an impediment.
- Strategy – Defines the vision, roadmap and purpose, enables the creation of business objectives and measurement of success. Strategy is crucial for ensuring the technical team is aligned to the overall business and delivering features to drive value. A flag around strategy often correlates to a lack of a CTO role or other senior technical leadership.
- Data – The more data driven a company is in their decision making, the more likely they will be building something customers want, and the more likely their hypotheses/business plans are validated. Product-centric development ensures the company is building a commercially viable product and not building just for technology’s sake – avoiding the company building something no one wants.
More and more companies are seeking to undertake VDD as they see the benefits it brings. Here are our top tips to help you to get the most out of the process.
- Start early (6-12 months) – The earlier a business starts the technical due diligence process, the better. This enables them to address any unknown risks and control the messaging around the risks, ultimately enabling the company to achieve a higher valuation.
- Take a step back and get a second, objective opinion on what you are doing – Prepare the minimum ITDD documentation now and use it as an exercise to think about how you appear externally.
- Security tests – Undertake an external security review. Security is always a question so get on the front foot.
Intechnica, our technology due diligence partners, help businesses increase enterprise value and reduce risk through the excellent use of technology. Technology due diligence enables investors to understand the risk and value technology risks and value of a business, it is therefore an important, where technology is core to the business.
They advise, assess and deliver against their proprietary Digital Blueprint. Created from over 10 years’ working with businesses ranging from Unilever, GSK, ASOS & AO their Blueprint benchmarks businesses against real world best practice and is directly applied to gauge investment risk and drive enterprise value in a digestible way.
After several years on incubation, the Intechnica product suite including the TrafficDefender product was consolidated and extended to become Netacea and a separate company was formed. Netacea products safeguard retailers from automated web, mobile, and API based cyber-attacks. Providing behavioural based machine learning detection at the edge of the network to identify and stop bots responsible for account takeover, credential stuffing, content scraping, inventory abuse, and voucher/points abuse (www.netacea.com)