M&A Diligence checklist: 1a). Management Team, 1b). Financials, 1c)....IT!

Written by
Kapil Kalokhe
Published on
August 25, 2023

Inorganic growth (ie Mergers and Acquisitions) is a highly effective strategy to expedite company long term strategic initiatives.  Many businesses use M&A to expand their market presence geographically, across services and customer segments and to gain competitive edge. While finding the ideal candidate to fill this gap is a challenge, just as important is the pre acquisition diligence assessing the business to ensure a smooth and successful integration.  During an M&A transaction, assessing the management team and the company’s financials are obvious areas of diligence, but investors should place ample focus on the target’s information technology (IT) as well.  In today's digital age, IT plays a central role in almost every aspect of modern business operations. As a result, conducting thorough IT diligence during the M&A process has become paramount to ensure the success of the transaction and mitigate potential risks. In this article, we will explore a few reasons why IT diligence is so crucial in M&A, along with illustrative examples of its importance.

1. Understanding Technology Assets and Liabilities:

During an M&A deal, the acquiror must have a comprehensive understanding of the target company's technology assets and liabilities. This includes software applications, hardware infrastructure, data centers, networks, cybersecurity protocols, and IT personnel. Without proper diligence, the acquiror may end up acquiring outdated or incompatible systems that could hinder post-merger integration and lead to inefficiencies.

Example: Company A acquires Company B, expecting to scale its operations utilizing Company B’s technology solution.  However, after the acquisition, Company A discovers that Company B operates solely with on premise servers.  The costs of maintaining, monitoring, security and auditing can be additional hidden costs that are required to operate the business.  In addition, there may be significant capital expenditures required to upgrade and / or migrate to the cloud that were not factored into the investment thesis.  These additional costs can be significant and recurring which would reduce the profit margins on the business in the near term.  Having a sound grasp of this infrastructure will ensure the team has budgeted ample funds that are incorporated into the business valuation to mitigate risks during the post transaction integration phase.

2. Assessing IT Security and Data Privacy:

In today's interconnected world, data breaches and cyber threats pose significant risks to businesses. Before finalizing an M&A deal, it is vital to assess the target company's IT security measures and data privacy compliance. Cyber criminals are becoming more effective at penetrating an organization and often can disguise their entry to unsuspecting employees at all levels.  Cyber incidents can hamstring an organization and result in significant losses to recover normal operations.  In addition to best practices and trainings shared throughout the organization, it is prudent to secure ample Cyber insurance to mitigate future threats.  Many customers and financing sources request their partners to procure insurance and / or share the company’s cyber security practices as a requirement prior to establishing a business relationship. 

Example: Company X acquires Company Y without conducting proper IT security diligence. A few months later, Company Y suffers a major cyber attack, leading to a data breach that affects millions of customers. This not only results in massive financial losses for Company X but also tarnishes its brand reputation and erodes customer trust.

3. Identifying Hidden IT Costs:

By conducting in-depth IT diligence, acquirors can identify any hidden IT costs associated with the target company. These costs may include ongoing maintenance contracts, license fees, or IT infrastructure upgrades that were not initially apparent. Understanding these costs is essential for accurate valuation and financial planning.  Software license expenses can be included in this category and should consider expiration dates / termination clauses that could have a material benefit to the combined post transaction entity.

Example: Company E acquires Company F and recognizes that Company F uses the same CRM system (eg. Salesforce), business software (eg. Microsoft), expense software (eg. Expensify) and Email platform (GSuite).  Given the size of the organization, Company E is able to procure significantly lower license fees for these administrative tools and recognizes instant savings by converting Company F’s licenses under its contract. This is a benefit that can be recognized within the first 30-60 days post transaction with minimal distraction to the business. 

4. Mitigating Regulatory and Compliance Risks:

In certain industries, IT systems play a crucial role in complying with regulatory requirements. Proper IT diligence ensures that the acquiror is aware of any potential non-compliance issues and can take appropriate measures to rectify them before they escalate into legal problems.  With the increase in data sharing and concerns over privacy, it is important to assess a target’s practice of securing, storing and handling of sensitive data.  Implementing best practices to manage data privacy is a critical component of risk management.

Example: Company G acquires Company H, a healthcare provider. However, Company H's IT systems are not fully compliant with Health Insurance Portability and Accountability Act (HIPAA) regulations, putting Company G at risk of facing hefty fines and legal actions.


In the fast-paced and technologically driven business landscape of today, IT diligence in M&A is indispensable. A thorough assessment of the target’s IT from a perspective of people, process and technology should be mandatory during the diligence phase.  Challenges in the IT organization are usually time consuming to address and can leave the business operating inefficiently for extended periods.  Prioritizing IT during the diligence phase (and in preparation to solicit to investors) lays a foundation for successful and fruitful long term growth.

Kintsugi Capital is an advocate in understanding a company’s IT infrastructure and strategic role during pre transaction diligence.  As seasoned technology advisors, the KCP team has extensive experience providing solutions to its clients and portfolio companies to enable their growth strategy.  As a recent example, KCP’s IT assessment and integration plan played a vital role during its carveout of ePost Global from the parent company and operating as a stand alone business post transaction.  During the diligence phase, Kintsugi recognized the importance of having quality software development talent readily available to support enhancements and identified areas in the IT infrastructure to provide scalability to ePost Global’s platform.  Within the first year after acquiring ePost Global, Kintsugi improved the company’s use of cloud resources, implemented best practices on IT software development and cut out excess IT infrastructure spend.  KCP identified these initiatives during their diligence assessment and prioritized key IT initiatives in the first year.  These initial improvements supported the business and enabled it to double EBITDA within the first year as a stand alone business.  

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Make your company vision a reality

Get in touch
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.