IT Diligence in the Age of COVID-19

With a speed that remains difficult to fully appreciate, we find ourselves transported to the surreal era of COVID-19. General Motors now manufacturers ventilators, Tito’s produces hand sanitizer, and bidets have gone from vaguely strange to utterly reasonable.

And while we struggle to maintain focus amidst the deluge of heartbreaking headlines, it is clear this is a time for action.

Private Equity as a Catalyst for Recovery

Despite unprecedented global fiscal stimulus, a myriad of businesses have failed and many more will require liquidity to survive. Looking at the volume of dry powder currently held by private equity, it is evident these firms can – and will – play a vital role helping the world through this crisis. If executed well, their effective deployment of capital can save ailing businesses, thereby reducing the scope of economic and societal damage wreaked by this tragic epidemic.

Basics of IT Diligence

In “normal” times, the quality of an IT diligence involves quickly understanding and financially quantifying three things:

  1. What are the fundamental business capabilities technology needs to enable at this company?
  2. How well does the company’s technology and team enable these capabilities today?
  3. What technology skills and capabilities are needed to improve this business in the future?

The emergence of COVID-19 now forces us to ask an additional set of questions related to a new set of business capabilities. And ongoing travel restrictions mean we need to obtain answers in new ways.

New Business Processes = New IT

Now, General Motors has returned its focus to making cars. But for an unforeseeable amount of time, the business requirements applicable to technology will have changed.

Predicting the future evolution of the virus remains devilishly complex, and companies certainly don’t need to have all of the answers related to how their businesses will evolve. But diligence providers should be in a position to help buyers understand how mature targets’ thinking is on the scope of change and the corresponding technology requirements.

Industry Example: Telemedicine in Healthcare

For a simple illustration of the business and operating model implications of COVID-19, we need look no further than the healthcare industry itself. Private equity firms active in this space are no strangers to telemedicine, which involves the remote delivery of healthcare services via supercharged videoconferencing applications integrated with bespoke hardware. But depending on the company, telemedicine has historically been viewed somewhere between mildly interesting and an innovation with promising economics.

The era of social distancing has, however, elevated this to a mandatory capability. At a basic level, the corresponding IT requirement is to have a telemedicine application and enabling architecture. And to fully enable such a solution, organizations additionally need:

  • Clear assumptions around adoption metrics (i.e. how big could this be?)
  • Well-defined roles and supporting processes (i.e. who are all of the groups that will use this?)
  • Roadmap of current and future integrations and application extensions to more fully enable new use cases (i.e. how will the “full solution” evolve?)
  • Understanding of time, skills and costs required to execute the roadmap

Given the pace of change, companies don’t need to have all of the answers. But a good IT diligence provider should surface these topics during the M&A process to help acquirers think through the associated financial, talent, and timing implications of the corresponding technology requirements.

The Mechanics of Remote IT Diligence

While it’s always been preferable to conduct diligence on-site, deal dynamics have always forced a certain percentage of DDs to occur remotely. At Cuesta, we have found the keys to doing this well include:

  • Alignment on a clear agenda: this helps memorialize the areas of focus among all parties
  • Explicit expectations regarding application demos: key gaps and improvement opportunities are often identified via demos conducted by the end users of technology
  • Linear flow through a firms’ core business process(es): tracing a process from end to end naturally highlights integrations between apps and adds helpful context to data requirements

Fortunately, if supported by strong video conferencing and proper expectation setting, remote diligence can be conducted with a high degree of fidelity.

Additional “Table Stakes”

As we’re all painfully aware, social distancing forced most of us to work from home and now the world has transitioned to an increasingly hybrid structure to the workplace. At a tactical IT level, this migration of work has had meaningful implications to connectivity, security, and application performance that now need to be vetted via IT diligence.

Connectivity: it has been interesting to observe the assumptions embedded in firms’ VPN posture. A conversation we’ve had dozens of times recently goes something along the lines of, “We have VPN, but we never thought we’d need to accommodate 90% of our staff at once. We need a complete overhaul.” For businesses with large numbers of office workers, this has now become an explicit requirement.

Video conferencing, another thing most firms believed they were already good at, is another area that has left some organizations exposed. In addition to the change management around driving universal tool adoption, companies have had to manage through Zoom’s recently well-documented security vulnerabilities.

Security: the number of endpoints accessing company systems / data has grown dramatically, rendering previous assumptions inadequate. And many well-formed policies and response protocols – ideally vetted through table-top exercises – have now become outdated.  In IT diligence, it is important to get an understanding from CSOs how they view these changes and what they’ve done to adjust.

Application performance: one area that’s been impacted at some firms by the shift to remote work are historical networking assumptions, such as the physical location of users accessing critical business applications. Just because a legacy, on-premise ERPs is performant when 80% of the load is located in the same building does not mean it will work well when everyone is remote. And even if businesses primarily leverage SaaS applications accessed via the web, many firms have business process workflows that rely on file shares that are not always readily accessible.

Combining the implications of operating model changes with these newly expanded table stakes can help enable private equity firms to effectively deploy capital during these challenging times.

Background Image

Technology doesn’t wait. Let’s start the conversation.

You want to achieve all your goals. We want to hear about them. Let’s talk about the future of your technology.