IT Due Diligence

IT Due Diligence

During Information Technology (IT) Due Diligence, FTI will…

  • identify and report on current IT strengths, weaknesses and threats
  • assess future state opportunities and requirements to reduce IT risks and costs
  • recommend capability and service delivery improvements to add enterprise value

Types of IT Due Diligence We Perform:

Back Office
Red Flag Risk Assessment

  • Assess high, medium and low risks within a target’s IT organization, infrastructure, applications, cybersecurity, compliance and business continuity.
  • Recommend risk mitigation activities, as well as estimated time and cost to achieve.

Thesis Based Risk,
Capability and Cost or Synergy Assessment

  • Within the context of an investment thesis (e.g. carve-out, stand-up, platform creation, add-on, tuck-in), assess a target’s IT strengths and weaknesses with respect to capability, stability, cybersecurity, supportability, scalability and total cost of ownership.
  • Quantify one-time risk mitigation and/or transition effort, timelines and costs, as well as run-rate costs and/or synergies. 

Technology Enabled and
Technology Product Assessment

  • For clients/targets that develop and sell technology products or use enabling technologies to deliver services or products, we assess R&D organization, development operations, technical architecture, infrastructure, code, tools and methodologies.
  • Evaluate maturity, capability, strengths and weaknesses, and recommend enhancements based on strategic and investment objectives

Typical IT Due Diligence Objectives:

Identify and
Assess Risks and Threats

  • Identify, understand, assess and quantify risks and threats
  • Identify and quantify potential mitigation strategies

Common Findings

  • Cybersecurity vulnerabilities
  • Data security and privacy compliance risks
  • Key person dependencies and risks
  • Aging or inadequate infrastructure or applications

Identify and Assess 
Strengths and Weaknesses

  • Identify and assess strengths and weaknesses
  • Prioritize and evaluate actions to capitalize on strengths and remediate weaknesses

Common Findings

  • Strong IT application development capabilities able to accommodate digital transformation
  • Weak IT governance and project management
  • Weak budget, spend and vendor  managements

Identify and
Assess Opportunities

  • Identify and assess value creation opportunities
  • Evaluate revenue enhancement and cost savings opportunities

Common Findings

  • Developing or implementing enhanced digital customer experiences
  • Implementing automated workflows and robotic process automation
  • Migrating infrastructure and applications to the cloud and outsourcing IT support

Assess Strategic and
Investment Implications

  • Align diligence with strategic objectives and investment thesis
  • Tailor recommendations to support strategic and investment objectives

Common Findings

  • Recommending outsourced IT managed services and support to rapidly stand up a carved-out business
  • Recommending a scalable SaaS ERP to accommodate a merger integration or platform creation

What We Do

IT Applications

  • Assess suitability of off-the-shelf business process and reporting applications for the functions they support (ERP, CRM, SCM, HRIS, EPM, BI, etc.)
  • Assess suitability of proprietary and/or custom applications, databases, interfaces and reports
  • Assess suitability of desktop,  collaboration and reporting applications and services

IT Infrastructure

  • Assess suitability of on-premise, hosted and/or cloud-based hardware and services (servers/storage, networks/telecom, end-user devices, backup/recovery)
  • Assess event and performance monitoring, ITSM, licensing management, and other support tools and capabilities

IT Security and Compliance

  • Assess physical, data and cyber security policies, procedures, monitoring, incidents, vulnerabilities and training
  • Assess adherence to applicable data security, privacy and compliance regulations (PII, PCI, PHI, HIPPA, etc.)

IT Organization and Service Providers

  • Assess the current technology organization composition, required skill sets and staffing mix
  • Assess the use of outsourced services and/or third-party contractors to provide cost-effective services or specialized skills to supplement existing Technology staff

IT Spend and Budget

  • Assess current technology opex and capex spend and budgets and compare to industry best practices and benchmarks
  • Identify recommended spend or budget adjustments based on strategic objectives, investment thesis and due diligence findings

IT Projects and Opportunities

  • Assess in-flight and planned projects and priorities with regard to strategic objectives, investment thesis and due diligence findings
  • Recommend adjustments based on identified risks and value creation opportunities 

IT Due Diligence in Action:


A Company was negotiating to purchase another company in an adjacent market and needed to understand what IT risks, and opportunities exist, and what synergies could be expected. The company also wanted to know what the future run-rate IT costs would be, and what their one-time investment might be.


FTI was engaged to perform an IT Risk, Opportunity and Synergy Assessment, as well as develop a future state run-rate cost model and a one-time integration and cost to achieve analysis.  


FTI identified several security and key person risks that needed to be remediated. We also analyzed and quantified synergy target areas, including standardizing onto a single ERP system. We also provided a cost model including projected run-rate costs and one-time costs to integrate and achieve the identified synergies.

Contact Our Experts

John Stiffler

Senior Managing Director

Corporate Finance

Gary Jacobs

Managing Director

Corporate Finance