Due Diligence Checklist & 85 Areas for Tech Due Diligence Questions [2023]
Updated: Jan 4
This article provides an in-depth view of the most common areas (85 in total) to prepare for before a tech due diligence. It includes checklists for due diligence and explores the top technical questions to explore.
It’s worth highlighting three pivotal elements (Strategy, Leadership, and Architecture) from the full checklist in this article. Collectively they ensure a solid base and a great start. We all know the consequences of companies with a weak strategy or none. We also know the importance of solid leadership, which can make or break a company. The software architecture suitability can significantly hinder an investment or delay the benefit causing missed opportunities or an inability to compete.
Weakness in any of the top three areas can hinder most investment thesis or require significant investments to mitigate.
Strategy and Roadmap: There has to be a healthy strategy in place. As a business, you bring the subject matter experience and the path ahead. The roadmap process ensures the strategy has legs and can be achieved.
Organization and Leadership: There has to be a solid, collaborative and cohesive leadership and aligned organization in place.
Software Architecture: The architecture has to align and enable the business strategy. A broken or inadequate architecture or one riddled with technical debt can be severely handicapping to the organization and investment.
Tech Due Diligence Company Focused Checklist
Below, we have included the most common areas to prepare for in-depth with the goals and questions to expect and how to prepare for them.
1. Roadmap & Strategy
Goal: Evaluate the existence of a clear and cohesive strategy and roadmap process across the organization with a healthy SWOT competitive awareness
The Top Areas to Prepare Checklist
Full SWOT awareness and inclusion in the roadmap
Alignment and collaboration with the business roadmap and strategy
Existence, documentation, and propagation of a reasonable roadmap
Roadmap feasibility of execution by the team
Ability to address market needs with clarity on product/service gaps
Product strategy deep dive, including how technology evolves
Product management planning mechanics and abilities
Execution discipline and maturity (e.g. backlog epics, backlog health, etc.)
2. Organization & Leadership
Goal: Explore the technology team setup and health. Understand whether the right skills in the team and leadership are in place to implement the roadmap with cost efficiencies
The Top Areas to Prepare Checklist
Understand the end-to-end organizational setup and reporting structure
Evaluate the inter-disciplinary and functions balance
Understand the ability to attract and retain talent (e.g. attrition trends)
Understand the level of efficiencies in place
3. Software Architecture
Goal: At a high level, this explores the end-to-end architecture suitability for the current business, fit for the investment thesis, efficiency of design, stability, and ability to evolve and stay competitive.
The Top Areas to Prepare Checklist
Architecture design patterns, robustness, limitations, and roadblocks
Maintainability process for the architecture and codebase
Scalability strategy, limitations, and performance with KPIs
Exploration of the levels of technical debt and management approach
Security design, vulnerabilities, and secure programming principles
Integrations and extensibility of the architecture
Data architecture and management lifecycle (collection, cleansing, etc)
Database, data security including handling of sensitive data, encryption, etc.)
Open-source usage, licensing, and intellectual property ownership
Quality processes and ability to deploy and time to market
Cloud readiness best practices (great cloud technical due diligence list)
4. IT Infrastructure
Goal: Explores the understanding of the infrastructure deployment model (on-prem, type of cloud) and whether it is adequate for investment thesis and the current/future architecture needs with reasonable costs.
The Top Areas to Prepare
Cloud and data centers approach for deployment of physical infrastructure
Infrastructure scalability to accommodate the intended thesis
Infrastructure resilient, reliable with the ability to recover from failure
DevOps maturity, deployment processes/tools, and frequency
Business continuity and disaster recovery plans and testability
Internal line of business applications management and suitability
Compliance standards and audit frequency
Security practices and processes (e.g. monitoring, intrusion detection, incident response, employee access, firewalling, intrusion detection, penetration testing, vulnerability scanning)
5. Product Quality
Goal: Explores the overall product quality in terms of feature offerings, design, UX, bug backlog, and production issues
The Top Areas to Prepare
Approach to testing and quality assurance
Level of automation, code coverage, and ability to catch bugs upstream
Test case management process and tools
Quality organization health and inclusion in the team
Bug backlog management and feedback into product
Metrics for product health across the software development lifecycle from definition to production
6. Ways of Working, SDLC, and Tools
Goal: Explores the understanding of the team and engineering practices (PM, Dev, QA) execution capabilities and maturity.
The Top Areas to Prepare
Agility mindset and ability to improve
Ability to stay the course with continuous improvement
Release planning and management process
Sprint planning and management process
Delivery trends across the release cycles
Tools ecosystem adequacy and rationalization for productivity
Ability to deliver quality on time to meet the roadmap and investment thesis
KPIs employees across the lifecycle
7. Customer Support Excellence
Goal: Explores the customer-focus mindset, efficiency of services, product quality hot issues, and competitiveness.
The Top Areas to Prepare
End-to-end customer support process
Defect rates and management process
Escalation rates and management process
Delineating between support and engineering responsibilities
Support tools ecosystem and rationalization
Feedback on the product
8. Security
Goal: Explores security and privacy as a complete layer end-to-end, including design, controls, practices, policies, vulnerability detection, mitigation, and implementation.
The Top Areas to Prepare
Policies and procedures
Security controls
Security approach (e.g. Zero-tolerance)
Third-party assessments and mitigation approach
Inventory and Ownership
Data privacy and security (e.g. PCI, PHI, PII, GDPR) policies
Data storage and access permissions
Infrastructure security
Monitoring and intrusion detection strategy
Physical security strategy
History of breaches and management
Compliance requirements and domain-specific compliance needs
9. Professional Services
Goal: Explores the approach and health of the professional services arm.
The Top Areas to Prepare
Configuration vs. customizations mindset
Professional services structure and delivery approach
Utilization efficacy, delivery metrics, hot-product issues
Collaboration with engineering and IT
Feedback mechanism into the product
10. Corporate IT
Goal: Explores the internal line of business tools, infrastructure suitability, data architecture, and data strategy for suitability to the target
The Top Areas to Prepare
Line of business tools overview and rationale
Data flow, architecture, and integrations across tools and system
Buy vs. Build mindset
Costs efficiency across the tools and systems
Roles and responsibilities for the internal IT team
Business continuity and disaster recovery approach and testability
11. Carve-Out Situations
Goal: In those situations, the goal is to explore the ability of the organization to function as a stand-alone entity and understand end-to-end capabilities, intellectual property ownership, and dependencies.
The Top Areas to Prepare
Organizational chart after the split
Roles and responsibilities
Line of business tools dependencies
Security gaps
Hosting and deployment independence
Contractual agreements and IP concerns
12. Large Portfolios
Goal: Explores the portfolio investment balance across the lifecycle (planning to deployment). Understanding synergy, strategy, planning, and efficiency across the portfolio (e.g. resource sharing).
The Top Areas to Prepare
Ability to scale product planning across different products
Architectural uniformity across products
Level of efficiency for code leverage and reusable components strategy
Prioritized team structure and health across products
It would also be helpful to understand the intention of the diligence as a component of the preparation: Understanding tech due diligence readiness.
Download the technical due diligence definitive guide all you need to know infographic
About the Author
Hazem has been in the software and M&A industry for more than 26 years. As a managing partner at RingStone, he works with private equity firms globally in an advisory capacity. Before RingStone, Hazem built and managed a global consultancy, coaching high-profile executives, conducted technical due diligence in hundreds of deals and transformation strategies. He spent 18 years at Microsoft in software development, incubations, M&A, and cross-company transformation initiatives. Before Microsoft, Hazem built several businesses with successful exits namely in e-commerce, software, hospitality, and manufacturing. A multidisciplinary background in computer engineering, biological sciences, and business with a career spanning a global stage in the US, UK, broadly across Europe, Russia, and Africa. He is a sought-after public speaker and mentor in software, M&A, innovation, and transformations. Contact Hazem at hazem@ringstonetech.com