Software Due Diligence

What is Due Diligence?

A due diligence is performed by an investor when he intends to acquire all or part of a company in a M&A transaction. The term describes the diligent analysis of the target company. The seller of the company grants the investor access to detailed information for a limited period of time. The provided information (data room, Q&A sessions) about the economic, legal, tax and financial (and other areas of interest) circumstances enables the investor to become insights on the potential risks of that business.  With those data he can either step back from the opportunity or can make a fact-based decision to move ahead with the M&A transaction.

A full due diligence is time-consuming and very costly and only the smaller part of planned acquisitions are successfully completed. If the prospects of success for the investor are still completely open, e.g. because many other investors are still interested, only a Red Flag Due Diligence is usually carried out. In this process, critical points that could turn out to be deal breakers are identified with reduced effort and only in the most critical areas of the company.

This is also in the interests of the seller, because all investors still in the running carry out this due diligence, consuming again and again the time of his most relevant employees. At the latest when one investor has entered into exclusive negotiations, a full due diligence is carried out with more staff, detail and more time. The goal is then to submit a binding purchase offer and enter into contract negotiations.

What is Software Due Diligence?

If the target company a software company or has a software-based business model, a special software due diligence (also called technology due diligence) is carried out to determine whether there are any technology risks that should be considered critical (red flag). If there are several Red Flags, an acquisition would be questionable or it should be factored into the price negotiations.

In a software due diligence, specialists use software analysis tools to analyze the quality, security and future readiness of the software. The tools analyze directly in the code using the code repository and the bug tracker with the records of the last years. The development history provides information and the trends of the relevant quality and technology metrics.

The analysis of the development processes are always part of the Due Diligence scope, to ensure that the team is able to develop the software according to the investor's strategy. With the use of state of the art software analysis tools such as DETANGLE, these results can be efficiently obtained from the code analysis.

The focus of the software due diligence is determined in close consultation with the investor. Common topics of investigation are

• Code quality
• Architecture quality
• Technical debt and scope
• Development priorities for Day 1
• Dependencies on individual contributors and suppliers
• Completeness of documentation
  
• Maintenance process and helpdesk
• Degree of automation of technical development processes
  

How long does a Software Due Diligence take?

The time it takes to perform a software due diligence strongly depends on the complexity and scope (measured in LoC = Lines of Code) of the software. The requested depth of analysis and the scope of the information provided by the vendor also have an impact. Often the effort for the required documentation, reports and presentations is underestimated.

In our experience, a Red Flag Software Due Diligence with a short report takes on average 4-6 days for small systems (<250,000 LoC) and 5-10 days for large systems (>1,000,000 LoC).

A full Software Due Diligence takes between 10 and 25 days (25 days = large system, large scope, extensive documentation) or correspondingly shorter if it can build on a previous executed Red Flag Due Diligence.

What to expect from a Red Flag Software Due Diligence?

In a Red Flag Due Diligence, the client receives a report within about a week that outlines the core risks of the target company's software technology. The focus is on the quality of the code and the trend in quality metrics over the last few years. Possible risks from critical dependencies on individual employees or suppliers are also highlighted.

By conducting several interviews, statements can be made about the development methodologies and culture as well as the leadership in the development area. In most cases, this information is sufficient to identify possible red flags from the software technology perspective of the target company or to recommend the focus of the analyses in the further course of the M&A transaction and the due diligence.

What to expect from a Deep Dive Software Due Diligence?

In another entry the deliverable of a Red Flag Due Diligence is described. 
In a full software due diligence, both risks and the possible future potential from a technological point of view are worked out. By analyzing the quality of the software architecture, sound statements are made about the level of technical debt and the effort required to reduce this debt. This also provides specific indications for the development priorities from Day 1 (=day of transfer of responsibility).

The investor is thus also aware of whether the software may no longer be economically feasible to develop further, or whether his planned strategy cannot be implemented with this code base. The proof of extensibility, scalability and cloud readiness plays a key role here. With the determination of the knowledge distribution and the collaboration in and between the project team(s), it becomes apparent whether a stable and well-organized development department exists.

The completeness of the documentation, which is a basic requirement for the software to be able to be further developed by other developers with normal effort, is analyzed and the code areas with insufficient documentation are listed. In addition, technical development processes are examined for the application of best practices and the degree of automation.

With a professionally conducted software due diligence, the investor is assured that the target company's software technology will meet his expectations.

Why does Software Due Diligence become more and more relevant?

The digital transformation that is irreversibly permeating the world we live in, is being enabled by software. Whether smart shopping carts, networked refrigerators or autonomously driving cars, a significant part of the product benefit, product value and customer satisfaction is based on the features and quality of the software used. Without suitable software, the information content in Big Data cannot be used, there would be no artificial intelligence, there would be no smart farming and online stores would not be as successful.

Software development becomes a central aspect of any product development. The development and maintenance of individual or customized software becomes a growing expenditure item in the IT budgets of companies.

Good hardware or special material qualities are increasingly taking a back seat to customer satisfaction. Instead, great functioning software with new features leads to the purchasing impulse and creates positive reviews. Even old-economy companies now maintain large software development departments to avoid being left behind by new (more digital) competitors.

New revenue streams can be realized in a world of software-defined products by making business and pricing models service-oriented, context-based and personalized. This requires completely new and flexible approaches in the development process. Digitalization is software-driven and we are only at the beginning.

Therefore, an audit of a target's existing software assets becomes increasingly important to the subsequent success of an acquisition.