We recognize that stakeholders require greater assurance and value from the audit. They rely on our work and insights, as trusted professional advisors, who bring rigor and appropriate perspectives that help inform decision-making.
Technology is helping businesses but we must ensure that it is secured.
Identify risk. Uncover opportunities. Maximize Value.
A business can only move as fast as the technology that powers it. From IT infrastructure, software, physical devices, and custom applications to cybersecurity and the people who make up the IT team, every component of technology is a two-sided coin; offering both opportunity or – when left unaddressed – risk that can derail an investment thesis when not uncovered pre-acquisition.
Technical diligences are not one size fits all and require depth of experience across all functional areas.
The core foundational elements of any technology portfolio include
data center assets, and cloud or infrastructure services that power
applications and business intelligence. This category of service has
historically been capital intensive and constitutes a vast and complex
array of services and providers.
When evaluating this category of service,key considerations include:
• Infrastructure architecture strategy and roadmap
• On-premise, hosted, cloud & hybrid
• Data centers and facilities
• Location strategy
• Data center and facilities management
• Back up and failover capabilities
• Services and Storage
• Server and storage management
• Resiliency and backup
• Data warehousing and BI
• Enterprise printing
• Scheduling/batch services
• Virtualization and environment management
• Data network
• Network management
• Wide area data operations
• Security detection and management
• Voice network
• Wireline and wireless operations
• PBX operations
IT applications that are typically deployed company-wide can be packaged and, in many cases, are web-based or provided as SaaS (software as a service). Despite the modular nature of IT applications, substantial effort goes into building, deploying, scaling, and even deprecating these services. As companies grow, IT applications need to grow with them.
Key areas to consider as part of any diligence include:
• Architectural considerations, backup, resiliency
• Maintenance including support, patching
• Delivery and deployment of the services
• Manual vs. automation process
Maximizing technology-driven value creation requires more than
hardware and software. Any growth-oriented company requires that the people and the process are in place to sustain the right environment today — and well into the future.
• Strategic planning and roadmap implementation
• Alignment and advocacy organizationally with
• Process definition, training, and governance
• Organizational profiling and role definition
• Service delivery model
• IT services aligned with operational business strategy
And the way to tie all the pieces together for deployments?
Project management. Technology and delivery need to maintain a
cadence and timeline whether it is agile or waterfall – Six Sigma or PMI. There isn’t always a right way, but the approach to managing complex IT projects is integral to the near-term success of the rollout as well as longer term adoption and utilization.
When conducting a technology diligence, be sure to address
the following items in relation to IT projects:
• Project portfolio: In-flight and planned
• Implementation timelines, plans and commitments
• PMO methodology and governance model
• Technology adoption success and utilization
• Assembling the right team: Matching skill sets with
business / project needs
Central to the longevity of any technological solutions are the
financial considerations. Physical devices and hardware — even
software licenses — come with an expiration date. Your Apple Watch,
flat screen TV or iPhone won’t last forever, and enterprise solutions
are no different. Devices like laptops and servers have a lifespan
of three to five years. If a target company’s entire infrastructure
and company laptops need to be refreshed in a year, it is a cost you
need to plan for. While it can be difficult to plan for technology
expenditures and updates, one way to manage the risk is through
different financial models.
Remember to address the following areas in relation
• OpEx budget / actuals
• CapEx budget / actuals
• Software licenses
• Application packages
• System software
• Software tools
• IT vendors
• Hardware and software vendors
• Strategic reseller, SI, and ISV relationships
• Sourcing practices
• Vendor management methodology, quality,
and globalization implications, if any
The logistics of managing devices and related End-of-Life dates need to be managed with precision that often requires highly sophisticated asset management databases. These ensure that there are no surprises — not just around the lifespan of physical devices, but also their service contracts, including maintenance renewals, patching, and support.
Comprehensive diligence includes:
• End-User Computing (EUC)
• Equipment management
• Printer / output management
• Personal device management
• Support model
• IT helpdesk
• Helpdesk operations and management
• Helpdesk routing and triage planning
• Knowledge management
• IT service management
• Change, release, configuration, and demand management
Security needs to be front and center in any IT or technology
conversation. As such, the cybersecurity component of a due diligence needs to be all encompassing including physical perimeter security, logical security, remediation, and policies.
Security components of the checklist include:
• IT security framework and governance strategy
(NIST, COBIT, ISO)
• Data security: in transit and at rest
• Logical security
• Physical security
• Network Security
• IT policies and procedures
• Personnel policies and procedures
• Regulatory compliance
From migrating companies data to the cloud to enabling digital operation within a company. Novio Group is Committed to helping our clients be on the cutting edge of the fast pace digital revolution.