Print
Hits: 4419

Below is a list of areas that I generally cover during an IT Due Diligence process, which can also be known as an IT Assessment, IT Strategic Review or just an IT Review. Personally, I see an IT Assessment as validating an IT Strategic Plan whereas an IT Review is more focussed on the overall IT service & department. 

However, whether working on an IT Due Diligence or as an IT Assessor or IT Reviewer, many of the steps are common to all three activities. For me, the key outcome is to identify the most significant risks and find focussed, practical and deliverable outcomes for that organisation. Such organisations can range from turnarounds or technology businesses where the growth has stalled, through to potential acquisitions by a venture capital or private equity fund.
 
For each sub section, there are a number of standard questions that I use as a starting point in the conversation. Based on the answers, how they are answered and the areas that I need to focus on, I follow up with further questions as necessary. I also use the scope and focus of the IT Due Diligence process, in order to guide me to which areas I need to drill down on and which areas I can safely cover with only a cursory look. If you would like the full IT Due Diligence template document (it is in Word format) then please contact me and I would be delighted to send it to you, free with no obligation whatsoever.
 
Title
 
Non Disclosure
 
Version control
 
Executive Summary
 
Overview
-Business Model
-Employees
-Financials
-Management team
 
Introduction
-Scope & Caveats
-IT Strategy
-People
-Board interaction
-Structure & knowledge
-Culture
-Cyber Security
-Business Interaction
 
Processes
-Process Flows
-IT Governance
-Development, QA & testing processes
-Security (application, infrastructure & data)
-Compliance, DR & BCP
-Operational Support
-Intellectual Property
-Policies
 
Technology
-Product Management
-Technology Stacks
-AI & Machine Learning
-Integration
-Penetration Tests
-Code Review
-Specific hardware devices
-Diagnostics
-Shadow IT
-Hosting & Cloud
 
Summary of findings
-Key Risks
-Main Recommendations
  
I hope that you found this short article interesting and please feel free to contact me if you have any questions or you would like the template, complete with initial questions.
 
Thanks
 
Peter