Reviewing IT in Due Diligence : Are you buying an IT asset or liability PDF

Mergers and acquisitions - are you getting an IT asset or liability?

“I found this book very interesting. Due diligence is one of those functions that happens way before us ‘IT’ers’ get involved and so this is a useful insight into the work that happens up front and the evidence we can obtain for our work even if we were not involved in the initial due diligence."

Chris Evans, ITSM Specialist

“Being new to this subject I found the guidance solid and presented in an excellent style. I found it an excellent and informative read.”

Brian Johnson, CA

When you merge with or acquire another business, you also gain their IT and data. In an ideal world this integration would be seamless and easy. In reality, however, this is often not the case. Mergers can, for example, lead to the loss of sales systems or to badly configured data. The problems don’t stop in the computer room, either – they affect the whole of the business and the success of the merger/acquisition.

Don’t make a risky mistake

Businesses and investors use due diligence reviews to ensure such deals do not have nasty hidden surprises. Many overlook the IT systems and services of the businesses they are acquiring, however, and push information risk management (IRM) professionals to the sidelines in the due diligence process. In a world of increasing cyber attacks and information security threats, this can be a very risky mistake to make.

Product overview

Reviewing IT in Due Diligence provides an introduction to IRM in due diligence, and outlines some of the key IT issues to consider as part of the due diligence process. For those new to the process, it explains how to conduct an IT due diligence review, from scoping to reporting, and includes information on post-merger integration to realise business benefits from the deal.

For more experienced practitioners, Reviewing IT in Due Diligence provides fresh insight into the process, highlighting issues that need to be addressed, and provides a business case for IRM involvement in the due diligence process.

Topics covered include:

• Why IT is important to due diligence
• The importance of IT security
• System reviews and data reviews
• Reviewing projects and changes in progress
• IT service provision value for money
• IT due diligence reporting
• Post-merger integration

Comprehensive case studies are included throughout the book.

About the authors

Bryan Altimas has over 32 years’ experience of technology risk management, having led teams performing technology due diligence, and having advised organisations in numerous business sectors, locations and circumstances on the effectiveness of their technology strategy in delivering business objectives. He is a qualified accountant, Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC). He left KPMG in 2014 after 17 years, having contributed to their IT due diligence methodology.

Chris Wright is a qualified accountant and Certified Information Systems Auditor (CISA) with over 30 years’ experience providing financial and IT advisory and risk management services. He worked for 16 years at KPMG, where he managed a number of IT due diligence reviews and was head of information risk training in the UK. He has also worked in a wide range of industry sectors including oil and gas, small and medium enterprises, public sector, aviation and travel. He is the author of Agile Governance and Audit, which is also available from ITGP.

Understand the key IT issues that need to be considered in the due diligence process – buy this book now.