Technical Due Diligence
What is Technical Due Diligence?
Typically performed prior to investment, a merger or acquisition, or an initial public offering, technical due diligence is a thorough assessment of a company from a technical perspective. While usually performed on the behalf of an interested third party, technical due diligence can also be applied internally to prepare your company for investment or a major funding push. It can either be executed by an in-house team or a specialized third-party agency.
Generally, the technology due diligence process encompasses the following:
- Software architecture.
- Hardware architecture and infrastructure (if relevant).
- Tools, frameworks, and technologies used in development and deployment.
- Code quality.
- Processes and policies.
- Development workflow.
- Patents and attributions.
- Development strategy.
The Importance of Technical Due Diligence for Startups
Technical due diligence is essentially the last major roadblock a software or technology startup must overcome prior to receiving funding. It helps investors evaluate the company’s actual value, assess the risk of an investment, verify its technical elements, and predict its growth potential. It can also help identify:
- Strengths, weaknesses, and potential opportunities.
- Possible legal or technical issues.
- Potential bottlenecks or market-related concerns.
- Whether or not the company is still on track to fulfill its original objective.
Technical due diligence can benefit your company just as much as it does investors, in other words.
How does technical due diligence work?
Prior to performing any internal technical due diligence, you need to ensure your code is clean. Quality assurance should generally be a component of your development lifecycle. If it’s not, you’ll want to take measures to introduce it.
Once you’re certain your code is clean of bugs and glitches, due diligence can typically be divided into six distinct phases.
The stages of technical due diligence
- Code review. This is intended to assess not just the quality of your code, but also whether there are any errors or inaccuracies. More importantly, it helps assess and verify your product’s deliverables and achievements.
- Business plan and roadmap. A compelling business strategy and product roadmap is a must for this stage. You need to be able to demonstrate that your company is on-track to fulfill its originally stated goals.
- Documentation review. Next, whoever is responsible for assessing your company will examine your technical documentation. The objective here is to ensure that it contains all pertinent details related to your products, including technology, architecture and processes.
- Meeting. At this stage, key individuals in your product’s lifecycle will meet with either the investors themselves or technical experts acting on the investors’ behalf. It essentially takes the form of an interview to help assess both technical and non-technical aspects of your product.
- Follow-up. Whoever is responsible for the due diligence process may request a follow-up meeting if they have any questions that weren’t answered in the initial meeting. Otherwise, they’ll provide you with specific feedback related to each stage.
- Applying feedback. Once you’ve received a report reviewing all the findings of the due diligence process, you can then address any issues it identifies. This may include weaknesses in your business strategy, flaws in your architecture, potential risks, and general expectations.
It should go without saying that a compelling business strategy and roadmap is a must here, and it’s equally important that you ensure your technology is in order prior to undergoing a due diligence review if you’re seeking investment or funding.
Critical questions for technical due diligence
When investors are performing technical due diligence, the questions they ask and the rationale behind those questions includes:
- How reliably does the company adhere to its product roadmap? The occasional delay is to be expected. However, overly frequent delays may indicate delayed revenue or operational issues with product development and engineering.
- What is the company’s plan regarding information technology? Due diligence starts with examining the company’s software and hardware architecture. Will it need to undergo considerable re-architecting or refactoring? Has the company considered how much time and effort will be required to scale if it grows beyond expected projections?
- How well does the company’s technology align with its market, size, and characteristics? Don’t just look at the company’s products — examine the tools and processes it uses for quality assurance, development, integration, deployment and delivery. In other words, look at the technical foundation of the company’s products, as this will give you a reasonable indicator of their long-term resilience.
- What organizations, tools, and processes does the company have in place to maintain velocity and growth? This is somewhat self-explanatory. You need to consider not just the company’s software architecture, but also how well its engineering and operations team will adapt to change and evolve alongside its development team.
- Will the company need to undergo significant staffing changes in the near future? People are the lifeblood of any company, which means they’re also a cornerstone of any technical due diligence assessment. In particular, you’ll want to look at leadership — how well they’re prepared to address the company’s current and future needs and whether or not the company will need to hire new leaders.
- How does the company’s budget look? Does it have all the resources it requires for its current technology projects, or is there something that doesn’t add up. Be wary of any company that makes projections beyond its capabilities to fulfill.
- How effectively does the company differentiate itself in terms of intellectual property? A company that holds a large number of patents might seem attractive on paper, but you need to consider whether or not those patents actually serve any purpose. Does the company’s hold proprietary technology that’s relevant to its product portfolio, or does it maintain a collection of largely unrelated patents?
- How does the company approach cybersecurity? In today’s business landscape, security is non-negotiable. It is imperative that the company have effective measures in place for vulnerability management, risk management, threat detection, and system/data integrity.
- What is the company’s general software development process? What tools, processes, and methodologies does the company use when developing and maintaining software products? Does the company follow or adhere to any specific development frameworks?
- What ar the company’s plans for disaster recovery and business continuity? A company should not only maintain a comprehensive incident response plan, but should also have a well-defined approach to managing disruptive events such as data breaches, catastrophic system failure, and natural disasters.
- Does the company adhere to any regulations? If the company operates in a regulated industry, what measures does it have in place to ensure regulatory compliance? Beyond that, has the company put measures in place to adhere to emerging global privacy and security regulations?
Back to Virtual IT Labs Glossary