Tenth Gear Consulting Logo
Cover photo
Updated September 5, 2024
Reading time: 7 minutes

Digital Asset Due Diligence in Business Acquisition: Part 1

Essential Considerations for Evaluating Software Assets.

Part 1 | Part 2

Buying a business is complex and requires due diligence. Quality of software assets is an important part of the check that can make or break your investment. Businesses advertising “proprietary software systems optimized specifically for this business” as their USP require especially attentive review. 

Skipping due diligence can increase your investment risk.

Why Digital Due Diligence Matters

​Would you buy a house after a partial home inspection – looking everywhere but in the basement and the attic? 

Purchasing an existing business and then building it up is an excellent strategy – and with the baby boomer generation retiring, small business acquisitions will continue to grow.

Due diligence is critical– pouring over financial statements, balance sheets, marketing, and strategy plans. But it’s essential to look in every corner before feeling satisfied – and that includes the digital foundation of the business you are considering.

Digging deep is especially important for non-franchise small businesses – because their digital systems have evolved with time and often have a combination of vendor software, custom solutions, and unapproved adopted technology (also known as shadow IT). Detailed due diligence is critical when proprietary software is advertised as USP or moat.

Missing a potential problem is more common than you may think—and it can happen with small or large deals. During my career, I had multiple front-row seats to the consequences of not uncovering the true state of the digital assets pre-purchase. Quite often, there is no ill intent—the owner may not realize the true state of their system. 

Potential Consequences

What potential consequences must you be aware of?  

  • Overpaying for the business due to overstated software assets value and not meeting your ROI goals.
  • Unplanned early expenditures required to manage software or make it support your business plan.
  • Lock-in and dependencies on third-party software limit how you can evolve the business.
  • Business continuity – interruptions or complete inability to conduct daily operations. 
  • Exposure to liabilities and fines. 
  • Overstated software quality, robustness, reliability, and ability to solve the problem. 

Specific Areas of Concern

In-house Legacy Software Fragility 

The software requires a computer to run on. If there is no enforced update process, eventually, the modern operating system will not be able to run the older code.

While there are short-term solutions that can address it – temporarily – you may find that if this computer fails due to hardware issues, it would be challenging to migrate the software to a different machine – or the cloud. If your entire future business depends on this software, be realistic about your disaster and strategy plan.   

Technical Debt  and Software Construction Quality

There is nothing more permanent than temporary. 

The term “technical debt” is used to describe the less-than-optimal solutions that were done during code development and were expected to be temporary. However, they still remain in the production code. The impact of the technical dept is slowness in making updates and the inability to scale or make significant changes without major investments. This may affect your plans for business modernization. 

The software assets should be analyzed against the suggested scenarios that you are planning to use them for. For example – if you are interested in expanding, determine if the increased traffic can be handled by the existing solution without extensive redesign. 

Reliance on Third-Party  

If software relies on third-party services to function, it’s critical to understand their SLA, license terms (to ensure there is no violation), historical cost increases, and redundancy plans if something happens with the vendor, your account, or to handle potential service interruptions.

If the business operations rely heavily on vendors – mainly if the software they provide is very industry-specific without major competitors in place – include these points in your due diligence: 

  • Is software going to be supported going forward for the next years at this price point – or is there vendor discussions about discontinuing? 
  • How vendor-locked is the solution, and is it possible to migrate out if needed? 

Lack of documentation and lack of understanding of the business logic 

Business logic (what rules should software follow) is the brain of your operations. Without having documentation, the software is a black box where some incoming data or actions generate the output, but you have no idea if the output is correct and what to do if it is appears to be broken.

No organization ever has sufficient documentation of its software. But at the very least, you can expect some process diagrams explaining what happens for each defined user flow.

If the diagram does not exist and cannot be produced in a reasonable period of time, it is a red flag. It can mean that the company has lost its domain experts who know how the system works, putting you—a person unfamiliar with the processes—at an even bigger disadvantage.   

Maintenance and support 

Who created this software, and are they still available? In other words, whom are you going to call when everything breaks?

If it’s an in-house developer, the acquisition creates a risk of resignation, and you may need to find a replacement fast. In this case, it’s crucial to understand the skill level required and include the market compensation and hiring in your projected costs.

If the software was provided by the vendor,  consider a contingency plan for cost increases and get a realistic SLA on response times.

Ensure that the solution was supported regularly before purchase and understand what it takes to do so in the future. Have more than one resource available and obtain developer documentation explaining the code location, versions, and directions to build and deploy

Also, weigh out the popularity of the language. Finding a developer to maintain a custom solution written in a popular language is significantly more straightforward.  

Licensing and compliance issues 

There are multiple data privacy and security regulations that you need to follow. In simplest terms, you may have an unexpected license cost, be required to release the custom code that powers your business or pay fines for unwittingly using third-party code for commercial purposes without paying the fee.

The security of the product is critical to maintaining the trust of your customers. Make sure you know what PI (private information) is being collected and how it’s being stored – and make plans to invest in tightening up authentication or adding data encryption if the processes are not up to modern standards.   

Infrastructure costs 

If this software is running in the cloud – how did it get there? More specifically, was it a result of a “lift and shift” process where in-house servers were moved to the cloud without optimization, or was the solution optimized for cloud computing – saving on future costs?

For software running on in-house computers, understand the future costs of replacing the hardware and paying for the licensing.   

Process Controls 

Processes revolve around business continuity and disaster recovery. Understand the process of making changes and deploying new software updates, the location of the code, and practices followed for testing and reviews.

If something happens to the computers running your business operations, how quickly would you be back online? 

Shadow IT is a process where custom automations are created by what are known as power users – employees who are not software developers but feel very comfortable around technology to create automations or sign up for free or low-cost SaaS to improve their jobs.

Often these processes are not documented but with time become a secret sauce that makes the business run smoothly. Automations may run under user accounts, causing potential security problems and resulting in interruptions once users had left the company.   

Promise of the Future

If the seller tells you that they are about to be wrapped up with this exciting new system, treat the offer price as if the system never existed. A demo is never an indication of software near completion unless you have the technical expertise to ask the right questions and dig under the hood.   

Your existing business capacity

If you already own a business, it’s critical to have a realistic plan on how you are going to integrate a new business technology stack with your own and understand if you have the internal capacity and budget to do so.      

With so many things to consider, where do you start?

Part 2 will cover types of digital assets and how to discover and review them.