We often find companies don’t value the IT DD as much as some of the other streams. When thinking about the challenges IT is often critical to both the successful process operations and execution as well as the value of IT security dilig to identify any possible previous breach or improper storage of protected data sets (PII, HIPAA, etc).
Perhaps IT DD becomes critical when the operations of a target is to be integrated with the acquirer. The industry in which it operates in will also be relevant. Unless the jewel in the target relates to its IT system (e.g. acquirer is looking to buy certain IT technology), it is not uncommon for IT DD to be neglected.
I work for a company that has an important IT aspects to all deals so the IT DD takes a lot of airtime. It is a difficult DD to do as the teams needs to deepdive in the systems and the Seller is, most of the time, not willing to fully show how the stack is build: this is most of the time a competitive advantage. It sometimes become a more of a theoratical DD as only the surface is presented.
The team then needs to take a lot of assumptions and it seems to be where costs often get out of budget during integration.
IT DD is not considered a critical element of the Due Diligence process. Usually, the buyer’s IT department provides questionnaires to the target’s IT to prepare day-1 activities and future integration planning. Buyers are larger than targets and have a less complex IT landscape. IT issues usually arise during Post Merger Integration.