Technical Due Diligence: 5 reasons to look beyond the technology
British technology firms received over $10bn of funding through Venture Capital in 2019. Whilst activity may slow in 2020, we can expect many innovative, digitally focused start ups to emerge from the crisis as prime candidates for future funding.
As such, investors, VCs, corporates, and private equity firms will continue to actively assess the viability of candidates for investment through thorough due diligence exercises.
An integral aspect of this due diligence is a detailed assessment of the technology that powers the organisation’s product or service. Not only can this prove whether the product will scale to the volumes necessary to meet anticipated customer take-up and provide high returns, but it can also identify key risks across the system, potential blockers to growth and recommendations for improvement.
Of course, you need to delve into the code base, understand the system architecture and analyse the solution, but a technical due diligence exercise shouldn’t just be concerned with the underlying technology.
Operational processes, organisational structures and core capabilities are just as likely to limit the growth potential of the technology – and therefore the potential to maximise returns.
Here are five reasons why a technical due diligence exercise is about more than just the technology.
1. Technology doesn’t create bugs – people do
Bugs and errors across the code base – particularly those that aren’t immediately identified and remediated – can create serious risks over time and as you begin to scale.
Most commonly these issues can be identified and addressed through good governance, rigorous release processes, peer code reviews, and thorough automated and manual testing.
These processes will ensure that the product that makes it into the customers’ hands is always of the highest quality, significantly increasing the likelihood of user growth over time.
2. The product acquires customers, the service retains them
A great product will be enabled by the underlying technology – an exceptional technical platform powering a great product will inevitably lead to customer growth – but as customer numbers increase so does the importance of a high quality service.
The operational support model – from platform maintenance through to customer support – can influence customer satisfaction and the ongoing viability of the technology.
3. Skills can be bought, but knowledge cannot
It’s well accepted that, over time, people will leave the organisation and the knowledge that they take with them will somehow need to be retained. However, in start ups and organisations with small teams, it’s likely that most knowledge of the underlying technology resides with one or two people.
These key person risks need to be well understood prior to investment so investors can put in place key-person retention and other mitigation plans to protect their investment and aid the growth of the organisation.
4. Security is as much about process as it is about technology
It is essential that the security of a platform is assessed prior to investment because the cost of rectifying a security breach and the reputational damage to the firm will often spell the end for a fledgling product.
Vulnerability scans and penetration tests will highlight fundamental issues across the tech stack, but security processes should be embedded across the development lifecycle.
The concept of DevSecOps – designing, developing and controlling a system with security in mind – is gaining traction, which sees organisations embracing processes to assess vulnerabilities, model threats and analyse access points as a matter of course.
Without a strong understanding of these underlying processes, it is difficult to vouch for the ongoing security of the platform.
5. Data is managed by people, not just the platform
The way that innovative, start up firms utilise the data that they generate or capture is often a key differentiator for their product. This, coupled with the ongoing proliferation of data in a digital world, serves to highlight the importance of good quality Data Management.
An investor will need to understand how data is handled by the system – from encryption techniques through to retention policies – but also how data, particularly customer data, will be handled across the organisation.
The financial and reputational impact from a breach in GDPR regulations or general data mismanagement only highlights the need to fully understand the data policies that are in place, and the risks in the business.
Technology is more than just code
To properly assess the viability of an organisation’s technical platform, investors must also thoroughly understand the processes and people that support that platform.
This holistic overview of a business’ potential for growth will uncover any risks associated with the investment, enhancing the likelihood of increased return over time.
Woodhurst’s technical due diligence process provides an impartial assessment that is streamlined, repeatable and proven.
“Coupling technical expertise with a thorough process, Woodhurst were able to quickly assess the technical viability of a growing FinTech prior to investment. In a matter of days, and without disrupting the investment target, they were able to provide us with well-documented evidence and recommendations that allowed Major Oak to make an informed investment decision.
I’d happily recommend Woodhurst to organisations looking to perform a similar technical due diligence exercise.”CFO, Major Oak