Below is a list of areas that I generally cover during an IT Due Diligence process, which can also be known as an IT Assessment, IT Strategic Review or just an IT Review. Personally, I see an IT Assessment as validating an IT Strategic Plan whereas an IT Review is more focussed on the overall IT service & department.
However, whether working on an IT Due Diligence or as an IT Assessor or IT Reviewer, many of the steps are common to all three activities. For me, the key outcome is to identify the most significant risks and find focussed, practical and deliverable outcomes for that organisation. Such organisations can range from turnarounds or technology businesses where the growth has stalled, through to potential acquisitions by a venture capital or private equity fund.
For each sub section, there are a number of standard questions that I use as a starting point in the conversation. Based on the answers, how they are answered and the areas that I need to focus on, I follow up with further questions as necessary. I also use the scope and focus of the IT Due Diligence process, in order to guide me to which areas I need to drill down on and which areas I can safely cover with only a cursory look. If you would like the full IT Due Diligence template document (it is in Word format) then please contact me and I would be delighted to send it to you, free with no obligation whatsoever.
-Scope & Caveats
-Structure & knowledge
-Development, QA & testing processes
-Security (application, infrastructure & data)
-Compliance, DR & BCP
-AI & Machine Learning
-Specific hardware devices
-Hosting & Cloud
Summary of findings
I hope that you found this short article interesting and please feel free to contact me if you have any questions or you would like the template, complete with initial questions.