The critical role of technology due diligence in private equity

Private equity (PE) deal activity is regaining momentum thanks to stabilized interest rates and record dry powder itching to be deployed. As merger and acquisition (M&A) opportunities arise, prospective PE sponsors will engage in third-party due diligence as part of strategic planning. Most companies rely on technology in some capacity for their operations, making a target company’s IT infrastructure a strategic asset worthy of careful evaluation.

Pre-close technology diligence to identify and quantify undisclosed risks related to scalability, stability and supportability of IT systems and processes, including cybersecurity and data protection, can help PE firms realize the full potential of an acquisition. Skipping this crucial step puts a firm’s entire investment thesis at risk.

The high stakes associated with a deal failing necessitate that PE firms evaluate all critical components of a potential investment. PE firms can mitigate their risk and increase the likelihood of deal success by initiating technology diligence earlier in the M&A process.  Knowing ahead of time what IT investments will be needed to meet goals can also give PE firms a jump-start on value creation.

5 critical technology-related deal pitfalls    

With any M&A transaction, strategic alignment with the investment thesis is necessary to ensure that the deal will drive value and generate returns. Technology diligence entails evaluating a potential target company’s systems, software and security posture to determine whether the acquisition is a good fit for the PE firm’s investment objectives.

PE investors should ensure there aren’t any major surprises related to spend that are not captured in the deal thesis. For example, if it is known there is a certain amount of capital spend in years one and two of the hold period but IT was never contemplated, it can delay value creation and diminish expected returns.

Most M&A deals pose a hidden business risk in the form of technical debt, which refers to suboptimal technology infrastructure inherited in transactions such as a platform investment or strategic acquisition. Technical debt can encompass a wide range of issues, from antiquated software to system vulnerabilities. To avoid unforeseen expenses, sponsors should do their due diligence to understand a target company’s technical debt and potential cost to remediate.

As a case in point, an RSM client made a strategic acquisition based on an assumption that potential synergies with the client’s platform company would lead to increased market share. Unfortunately, a post-close technology assessment revealed the target entity’s decades-old, custom-built enterprise resource planning system could not support integration with the platform company’s business applications. If technology diligence had been done ahead of close, the client could have negotiated to account for $30 million in upgrade costs or walked away from the deal.

Before making an acquisition, a PE buyer should understand what and how personal information is collected, stored, used and disclosed by the seller as part of its business operations. Equally important, what are the target company’s policies, procedures and internal controls to fulfill its regulatory requirements for data privacy and protection? After all, the responsibility to maintain compliance will ultimately fall on the buyer, not the seller.

In some situations, diligence can help to identify existing critical vulnerabilities and data breaches that may be unknown to the seller, thereby preventing costly remediation and potential reputation risks to the buyer.

In another cautionary tale, a PE client was forced to spend $2 million outside of their post-merger integration budget on cybersecurity upgrades to meet compliance requirements. Had the deficiency been identified pre-acquisition, the cost to remediate could have been reflected in a purchase price adjustment.

Waiting until after a deal is made to start planning for technology integration or stand-up puts a prospective PE sponsor at a major disadvantage, especially when a transition service agreement (TSA) is at stake.

Understanding the IT capabilities required to continue operations with minimal disruption can ensure a successful TSA exit, whereas misidentifying the duration of technology services and support needed to stand up the business can make meeting the TSA deadline much more challenging. And if the TSA period ends prior to completing the separation and stand-up, the seller can significantly increase service costs for the additional time needed.

Similarly, achieving a sponsor’s 100-day plan may take longer than expected without adequate technology resources. Time spent on evaluating and remediating technology issues is time taken away from developing innovative solutions.

Avoiding risk is only part of the equation; skipping technical diligence may also cause firms to overlook potential opportunities to enhance operational efficiency and drive growth. At RSM, we focus on identifying and planning value creation opportunities during buy-side IT due diligence.

For instance, when performing IT diligence for a client acquiring a technology company, RSM identified the potential for a new revenue stream by charging for maintenance and support services that were already integral to the target company’s operations. By implementing the service contract model, the newly acquired company realized an additional $17 million in revenue in year one. Had the buyer elected to forgo pre-close diligence, they may not have realized the opportunity to capitalize on it.

For every PE investment, assessing a target company’s IT infrastructure is an essential component of the due diligence process. Before entering any M&A transaction, identifying and mitigating IT and cybersecurity risks can help avoid costly oversights, increase the likelihood of a successful acquisition and support the development of a value creation plan.

Working with an experienced third party that provides services across the investment continuum will facilitate seamless progression from diligence to post-close value creation to a profitable exit. Beyond the ability to identify potential risks, a worthwhile provider will have the availability, capacity and capabilities to effectively remediate any issues that may arise.