Technology Due Diligence: Data Driven vs Human Approach
Technology Due Diligence, or IT Due Diligence, is a critical component of mergers and acquisitions, as it assesses the technological capabilities and risks of a company about to be acquired. This process ensures that the technology being acquired will not only generate growth and value but be also secure and compliant. You will find two different approaches to Technology Due Diligence on the market: data-driven and human-led. This article compares the pros and cons of each approach, to help you decide which one is best for your business.
The Data Driven Technology Due Diligence
Data driven Technology Due Diligence is an automated process that uses algorithms to analyse large amounts of data and code lines. It involves scanning the company's source code to identify vulnerabilities and potential risks in cyber security, third-party software license infringement, and scalability. This approach is highly efficient and provides a comprehensive report on the technology's strengths and weaknesses. Additionally, data driven Technology Due Diligence can identify potential compliance issues, which is crucial for companies operating in highly regulated industries.
One of the biggest advantages of data-driven Technology Due Diligence is speed. The process can be completed in a matter of hours or days, depending on the size of the company and the complexity of its technology. This is significantly faster than a human approach, which can take weeks or even months to complete.
However, data driven Technology Due Diligence has some limitations. It is heavily reliant on the quality of the data it analyses, which means that it may miss certain risks or vulnerabilities. Additionally, it cannot fully identify non-technical issues, such as the company's culture or management practices (though it may be able to spot flaws in development practices), which can have a significant impact on the technology's success.
Moreover, the reports produced by source code scanners are usually very technical, making it really difficult for an investor or non-tech person to analyse the results and draw operational conclusions from it.
The Full Human-led Technology Due Diligence
The human manual approach to Technology Due Diligence involves a team of experts who review the company's technology and processes. It includes interviews with key stakeholders and a deep dive into the technology's architecture and design. This approach provides a holistic view of the company's technology capabilities and risks, including non-technical factors such as the company's culture and management practices.
One of the biggest advantages of the human approach is its ability to identify non-technical issues that may impact the technology's success. This is crucial for companies operating in highly regulated industries or those with complex technology stacks, that require an expert to contextualise the findings and adapt the conclusions. For example, let’s take the case of a software company that is being audited and whose systems are not connected to the internet. Where a data-driven automated source code scan could reveal a high-risk cyber-vulnerability, the human expert will know that the system is not connected to the internet and thus decide that this vulnerability is actually a low risk for this particular company.
However, the human-led Technology Due Diligence approach is slower and much more expensive than the data driven approach. It requires a team of experts with specialized knowledge, and the process can take weeks or even months to complete. Additionally, it may be more subjective than a data driven approach, as it relies on the expertise and experience of the individuals conducting the assessment. And last, it cannot dive into the source code and factually identify the existing vulnerabilities. A full human approach relies heavily on what the teams may see or say. And it’s easy to hide the truth.
Human-led or data driven Technology Due Diligence : choose both
Both data driven Technology Due Diligence and human-led Technology Due Diligence have their pros and cons. The data driven approach is fast, efficient, and effective at identifying all technical risks: cyber security, Intellectual Property, scalability and maintainability. However, it may miss non-technical issues and reports are hard to understand if you’re not an IT expert yourself. The full human approach, on the other hand, is slower and more expensive, provides a view of the company's technology capabilities and architecture but may miss many vulnerabilities in the code and remains subjective.
Ultimately, the best approach to Technology Due Diligence depends on your business's needs and priorities. With Vaultinum, you don’t have to choose. The specificities of Vaultinum’s Technology Due Diligence solution is to combine both approaches. Our Technology Due Diligence includes online questionnaires, to understand the IT environment of the audited organisation, and a unique source code scanning process that identifies all cyber, intellectual property and scalability vulnerabilities in the software. The result of these 2 steps are then contextualised by an IT expert, who within 3 weeks will deliver a full risk report, with concrete recommendations, an action plan and an estimation of time and cost to fix the issues. That way, investors can get a full view of the technology they are considering acquiring, and make informed decisions.
The opinions, presentations, figures and estimates set forth on the website including in the blog are for informational purposes only and should not be construed as legal advice. For legal advice you should contact a legal professional in your jurisdiction.
The use of any content on this website, including in this blog, for any commercial purposes, including resale, is prohibited, unless permission is first obtained from Vaultinum. Request for permission should state the purpose and the extent of the reproduction. For non-commercial purposes, all material in this publication may be freely quoted or reprinted, but acknowledgement is required, together with a link to this website.
Recommended for you