• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Management Leadership Finance Governance, Risk and Compliance

Managing tech due diligence from a social distance

Phil Odence by Phil Odence
July 8, 2021
Photo by MART PRODUCTION from Pexels

Photo by MART PRODUCTION from Pexels

Due to the pandemic, numerous Merger and Acquisition (M&A) transactions were put on hold while the parties waited to see what would happen. Travel bans, quarantines, social distancing, closures of nonessential businesses, and shelter-in-place orders made it impossible to conduct due diligence in a normal fashion. It is still the case throughout most of the world that travel is limited. So how do you assess technology when no one can travel?

Some organisations may choose to put such activities on hold until borders are open again. However, this may not be practical for others. But the reality today is that M&A transactions have come back and are as active as ever. Savvy companies have worked out that adapting their strategy to meet the current limitations is crucial.

Here are some practical tips for the CIOs and IT teams charged with completing technical due diligence in a time of social distancing, when your teams cannot meet, go to the office, or travel.

Set expectations early

We understand that there is much value to meeting in person, getting to know the other party in a transaction, and gaining an intuitive feel for the business and the technology itself. However, with the limitations brought on by a global pandemic, it is important to set expectations as early as you reasonably can in the transaction.

On the sell-side, make it clear that you do not have access to certain physical files, computer systems, and individuals, and describe these files, systems, and people so the buyer knows what not to expect at the outset.

For example, if your business still uses paper files, or has legacy contracts on paper, you need to make it clear early in the process that access to these documents is going to be difficult. If there are employees in your company who have been laid off or furloughed, this can translate to having certain information or institutional knowledge missing.

On the buy-side, explain to the seller that since it will be impossible to complete typical due diligence, you will rely more on reps and warranties, indemnification, and holdbacks/escrows. Consequently, the seller should expect heavier-than-typical deal terms and that some diligence will be completed later in the transaction than usual.

Third parties on both sides can help clients understand the new normal in this regard. In addition, in areas where it is still possible to conduct diligence, it may be more thorough than what may be considered typical, and function as a proxy for the inability to conduct diligence in other areas.

Leverage trusted third-party technical due diligence providers

Since it’s hard for the parties to explore the technology together, a trusted third-party evaluator can help close the gap. An analysis of what is in the code and its face value can serve as a proxy for how well the target manages software development.

A code audit on various aspects of the code provides insights into the output of a development organisation. Scanning the codebases can occur remotely. Audit results identify code risks that an acquirer must consider, but they can also reveal a great deal about a company’s code development and management practices.

Thus, it can act as a barometer for the quality of the processes used to produce that code.

An audit to identify the open source and other third-party software components is even more important today. Few targets are able to identify all the third-party code in their codebases, and that becomes even harder when the engineers can’t easily collaborate.

Similarly, a third party with access to the code can quantitatively evaluate it for security vulnerabilities (in both open source and proprietary code), bugginess, and architectural quality. The qualitative information from the third-party evaluator will greatly complement the qualitative assessment during the video chats when both teams meet online.

The buyer will need to formulate integration plans, preclosing remediation, deal terms, or adjustments to valuation. From the seller’s perspective, a proactive audit can be useful as a roadmap to prepare for diligence in advance, avoid surprises, and resist a buyer’s demands for more onerous deal terms.

Utilise expert, tech-savvy counsel

In today’s environment, it is especially vital that tech counsel can craft reps, warranties, and other provisions that appropriately address all the heightened risks.

Use specialist attorneys to address issues identified in the reports from the technical due diligence provider with terms in the definitive agreement. The attorney can also assess the target’s legal practices, in comparison to peer companies.

A skilled practitioner can quickly learn a great deal about the target’s practices by reviewing its open-source/third-party software policy and any notice/attribution files and conducting remote interviews with the target’s team regarding their typical approval process and approved/denied licenses.

An assessment of the target’s outbound open-source contribution practices and a review of any public code repositories may help evaluate whether the target has procedures in place to ensure that valuable intellectual property isn’t inadvertently released as open-source and define whether it obtains sufficient rights in third-party contributions to its open-source projects. Again, this information can provide valuable insight into the company’s development practices. This will also allow the legal counsel to provide guidance on data compliance risks, requirements, and licensing.

Although the points noted above are buyer-focused, the sell-side can also follow the best practices in these areas to obtain more friendly deal terms and smooth the transaction process.

Overall, by leveraging trusted technical diligence providers and expert open-source counsel, even without onsite face-to-face meetings, group dinners, and handshakes, it should be possible to complete diligence, get a feel for the target’s overall practices as a proxy for diligence in certain other areas, and include suitable protections in the acquisition documents.

Related:  COVID-19 accelerates digitalization of dealmaking
Tags: Black Duck Auditdue diligenceM&Amergers and acquisitionSynopsys
Phil Odence

Phil Odence

Phil Odence is the general manager, Black Duck Audit at Synopsys Software Integrity Group (SIG). He and his team advise on software due diligence in many Merger & Acquisition (M&A) transactions every year. He works with strategic buyers and PE firms to understand content, licensing, quality, and security of their targets' software assets, and help sellers prepare for due diligence. In addition to management responsibilities, Odence spends time with customers, law firms and partners as well as writing and speaking about open source and software due diligence best practices.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe