IT Due Diligence – is IT an asset or liability?

Information Technology is an integral part of any organisation and enables the operations of enterprises. Through supporting business operations, IT collates and analyses business data to provide the management information required in making timely and effective decisions. IT can even be the product/service around which enterprises are built. Information is a key business asset. But IT can also be the skeleton in the closet. Technology assets can turn into liabilities costing more and/or introducing risks that are not anticipated. This makes IT a key priority consideration in strategy development, corporate governance and business risk mitigation as well as merger and acquisition (M&A) transactions.

Despite the obvious importance of IT within any organisation, do business executives, who are mostly more focused on the financial and legal aspects, often overlook it. The appropriate attention is not given to the IT diligence as part of corporate governance or during the due diligence in M&A initiatives. This might be due to the continuous limited understanding of the technology discipline amongst business executives and/or the absence of the right expertise within an organisation to conduct the needed IT review. Another contributing statistic is that IT due diligence rarely is the make or break factor in business deals, which in a lot of cases, result in unwanted surprises presented to directors. That is why IT should be part of the scope of business strategy development and be one of the key contributors in M&A negotiations, influencing the deal and price.

The key reason for IT due diligence is to ensure visibility to the directors of concerns relating to IT operations in order to develop addressing strategies and mitigating actions. Investors should also use this information in assessing a potential business asset and it’s associated opportunity versus risk.

A due diligence exercise will cover at least the following main IT considerations: Systems, Projects & Change, Data, Security and IT Service Provision. Each of these considerations should be reviewed covering at least the following four elements: People, Process, Technology and Value.

Meaningful IT due diligence can be accomplished by practitioners who can ask the right questions stemming from the appropriate industry experience and domain knowledge. The art of due diligence is in formulating the right questions around key investment and/or corporate success drivers and interpreting the answers to inform the true state of affairs and it’s associated business enablement ability, future opportunity contributions and the associated business risk. Mostly, this diligence informs on the present and future role and influence of IT assets within the overall business success, for example:

  • Product, service and information Ownership – does the business really own what IT claims to be the property and assets of the business in relation to it’s true value and the balance sheet?
  • Reliability – can the business rely on its technology, now and in the future?
  • Sustainability – does the business have the ability to sustain its IT asset and visa versa?
  • Scalability – can the technology assets keep up with the business’ growth plans?
  • Adaptability – how easy can the technology asset integrate or be adapted to integrate with other systems and new emerging technologies in the future?
  • Compliance – does an IT asset introduce unwanted risk through non-compliance? For example, the introduction of new legislation to address the continuous increase in cyber and information security concerns might have a significant impact on the legality of an IT asset that might result in serious financial risk and penalties, if not addressed.
  • Finance – how much are IT assets likely to cost the business and what contributions will these expenses have on the financial success of the organisation?

A typical IT due diligence exercise could cover the following areas of IT operations (Some of these areas might not always be applicable in all organisations.):

  • Clarity on the Business Value Chain
  • IT Staff
    • IT Organisation Structure
    • Leadership
    • Qualifications & Skills
  • Certifications & Standards i.e. ISO9001 (Quality), ISO17001 (Security), ITIL (Service Management) or ISO20000 (ITSM)
  • Products and Services
  • Documentation
  • Software Development Processes & Methodologies
  • Service Management
  • Software applications and Services utilized
  • IT Infrastructure
    • Hardware
    • IP Network Infrastructure
    • Hosting Environments
  • Business Continuity
    • Service Availability
    • Systems Up-time
    • Backup and Recovery
    • Disaster Prevention & Recovery
  • Security
    • Cyber & Information Security
    • Network Security
    • IT Services & Systems Access
    • Physical Access
  • Governance
    • Operating Model
    • Policies
    • Procedures
    • Risk Management
    • Performance & KPIs
  • Projects & delivery methodologies
  • Compliance
  • Legal
    • SLAs
    • Supplier & 3rd party Service/Support Agreements
  • Intellectual Property
  • Quality Assurance & Improvement
  • Financial
  • Client and/or Customers

Understanding this information is vital in corporate governance, strategy formulation and capital investment decisions ensuring business critical assets are sustained and developed appropriately for a viable ongoing business concern.

The content of an IT due diligence report should focus on the objectives of the due diligence review, outlining priority findings with recommendations that present a clear call to action addressing the key issues found. A typical report should contain:

  • The objectives of the IT due diligence review
  • An executive summary with the key take aways
  • Key findings and the associated risk
  • Recommendations

The review findings and recommendations should be acted upon through appropriate remediation projects and a clear transition & support plan with inclusion into IT & business strategy. The business benefits can only be realised if these post review projects and transition, are successfully integrated into the organisation.

Let’s Talk – Are you looking to achieve your goals faster? Create better business value? Build strategies to improve growth? We can help – make contact!

SPHERE – Growth through M&A – Due Diligence Case Study

SPHERE – M&A Due Diligence – An Intuitus Case Study

Intuitus logo

Sector: IT Services, Healthcare
Region: UK
Date: September 2017

Summary

Organisations in the healthcare sector, including the NHS, are increasingly reliant on technology to ensure the smooth-running of day-to-day business. It’s important that costs are reduced wherever possible, including within technology and IT operations, to help alleviate the financial pressure faced by businesses in this sector.

West Middlesex University Hospital Trust was acquired by Chelsea and Westminster Hospital NHS Foundation Trust in 2015. IT service provider SPHERE, which is co-owned by Chelsea and Westminster, will be incorporating the IT infrastructure of West Middlesex into their existing IT service provision. Intuitus was approached to provide M&A IT due diligence on West Middlesex in order to identify potential synergies and key risks ahead of the integration by SPHERE.

The Client

SPHERE (Systems Powering Healthcare Ltd) is an IT service provider delivering IT service management and shared IT infrastructure services to the healthcare sector.

The company is jointly and wholly owned by Chelsea and Westminster Hospital and the Royal Marsden NHS Foundation Trusts – SPHERE represents a collaboration and pooling of resources between the Trusts to deliver improved IT services to its members.

Challenges

The management team at SPHERE required full visibility of the current status of the IT services currently in place at West Middlesex, including data centre management, network and communications, computing infrastructure and storage, end-user computing, IT service management, and IT security. This would allow management to plan for the integration of the IT infrastructure at West Middlesex into the existing service offering provided by SPHERE.

The recent transition and merger of the two Trusts, coupled with SPHERE’s planned acquisition of the IT infrastructure at West Middlesex, meant that the merger of the two IT teams had to be handled with sensitivity. This had to be taken into account by any third-party consultant brought in.

How we helped

Intuitus was approached to undertake M&A due diligence on the IT infrastructure and associated service contracts and service provisions at West Middlesex, and advise on how these services align with the service proposition provided by SPHERE. The Intuitus team included Alan Lorimer, who has 20 years’ experience in IT, including many years reviewing the processes and operations of managed service companies in order to provide investment advice.

“Intuitus brought a wealth of experience, wisdom and knowledge to the engagement,” says Renier Botha, Managing Director at SPHERE. “It was a sensitive situation and we needed to get an expert, unbiased, impartial opinion. The Intuitus team was respected by everyone involved because they had been in similar situations many times before and knew exactly where to look and which questions to ask.”

The result was a comprehensive report that clearly outlined what actions were required to ensure the successful integration of the West Middlesex IT infrastructure. This report was then converted into a project initiation document, which acted as a foundation for the entire project. SPHERE was also able to use the report findings to compile a full remediation project scope with costings, which was presented to the senior management team. This clearly outlined the key risks and remediation required to successfully onboard the new infrastructure environment.

Results, Return on Investment and Future Plans

In the short term, SPHERE is focusing on delivering the IT services as they are outlined in the SLAs, and meeting the service expectations of the West Middlesex staff.

The major strategic benefit of the incorporation of the West Middlesex infrastructure in the longer term is in the economies of scale, as Renier Botha points out: “With the onboarding of West Middlesex, the scale of the service delivered by SPHERE has increased by 27%. As a result, we’ve been able to reduce the cost per user by 12%. Furthermore, the cost of running the service is 24% lower than what it would have cost the trusts individually were they to run the IT service without SPHERE. If SPHERE can successfully identify additional trusts to work with then there will be an opportunity to further drive down the total cost of providing a shared service.”

About our M&A Due Diligence

Intuitus’ M&A due diligence is an independent, bespoke assessment on behalf of an acquiring company (or strategic buyer) of a target company’s technology and/or IT operations and, where required, either an assessment or production of the technology and/or IT integration strategy and plan, including potential synergies and key risks. The buyer gains commercially focused, pragmatic insight in the form of an actionable report. Our findings and recommendations form an important part of the (integration) plan going forward and overall value enhancement strategy.

http://www.intuitusadvisory.com

 

Testimonial

“Intuitus brought a wealth of experience, wisdom and knowledge to the engagement. As a result of the M&A due diligence we’ve been able to make significant cost-savings, without compromising the quality of the IT service offering.”; Renier Botha, Managing Director at SPHERE

Original Case Study – intuitusadvisory.com