December 10, 2024 • 29 mins
In this episode of "Growing EBITDA," we dive into the critical role of IT diligence in private equity investments. Our hosts, James and Mike, discuss why IT diligence has become an essential work stream in today's M&A landscape. From understanding cybersecurity risks to evaluating business enablement and infrastructure, they cover it all. Tune in to learn how IT diligence can uncover hidden risks, influence deal valuation, and ensure successful post-acquisition integration. Whether you're a business leader, private equity professional, or consultant, this episode is packed with insights and a touch of dry humor to keep you engaged.
Follow Mike McSweeney & James Bandy on LinkedIn
Learn more about TriVista
Highlights:
- Introduction to IT diligence and its importance in Private Equity investments
- The evolution of diligence work streams over the past 20 years
- Key components of IT diligence: cybersecurity, enterprise applications, and infrastructure
- Real-life examples of IT diligence impacting deal valuation
- The long-term benefits of conducting IT diligence
- Trivia on the origin and meaning of "due diligence"
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome to the Growing EBITDA Podcast, where we unlock the doors to management and technology
(00:08):
insights in the middle market.
Join us as we explore innovative strategies to drive revenue and EBITDA growth, interviewing
industry leaders and technology experts.
Whether you're looking to streamline operations, understand the latest tech trends, or lead
your company towards exponential growth, you're in the right place.
Stay tuned and let's grow together.
(00:31):
So James, what are we talking about today?
You know, Mike, we're going to talk about IT diligence.
Now everyone expect, hey, we have James on the line.
He's the resident IT expert on the podcast.
We're going to switch it up a bit today.
And I've prepared some questions for you around IT diligence.
Hope you're ready.
Born ready.
Alrighty.
So first question for you, Mr. Redding.
(00:55):
What is an IT due diligence and why is it critical for PE investments?
Well, I think our listeners probably even already at this point realize that I'm not
the IT diligence expert, but I can tell you why we do it from an investor perspective.
And I can tell you why it's important to investors to do a work stream like that during a deal.
(01:16):
So for those of you who may not be as familiar when private equity investors are going to
invest in a business or are thinking about investing in a business, they're going to
hire a number of different outside third parties to come in and help do diligence on that company.
Typical work streams for diligence look like hiring lawyers to do legal work and accountants
(01:41):
to do financial analysis, maybe some operations folks to look at the operations of the business
or supply chain or whatever the case may be.
Maybe they're going to hire some market research folks to do commercial diligence.
What's the size of the market?
Is it growing?
Is it shrinking?
Who are the players?
Who are the competitors?
And last but certainly not least on that list is IT.
(02:03):
And this is something, James, that if you go back 15 years, hardly anybody did IT diligence.
If you go back 20 years, hardly anybody did anything other than legal and accounting diligence
for the most part, maybe a little bit of market research work.
But the diligence landscape has been evolving to include a number of other kind of specialist
work streams.
And I include IT in this kind of in that bucket, a specialist work stream.
(02:24):
And you know, when you're buying a business, thinking about making an acquisition and this
this rings true for add on acquisitions, as well as you know, what are referred to as
platform acquisitions, you kind of want to really understand what it is that you're buying,
right?
So you're going to hire all these experts who are going to go in, they're going to do
a deep dive.
Many of them have very well tuned skill sets, but also tool kits that they bring to be able
(02:47):
to assess a business really quickly.
And if you're talking about a business, maybe that's been owned by an entrepreneur, it's
never been owned by another private equity firm before, it may be quite frankly, the
first time that anybody's going and doing a deep dive into some of the corners of the
business.
So the investors learn a lot.
Oftentimes, the seller of the business can learn a lot about their own business.
And it can be a really, you know, eye opening experience for all parties.
(03:12):
But when it comes specifically to your question about IT diligence, and why it's critical
for private equity investors, you know, in today's day and age, you know, we've talked
in other episodes about things like cybersecurity.
But in today's day and age, where technology is prolific across almost all companies and
all industries, we find that, you know, there's just a lot of exposure, a lot of risk in some
(03:35):
of these operating companies.
So what we try and do during diligence is we try and understand where the risks are,
where the red flags are, where the opportunities for improvement might be from an IT perspective
that could include things like looking at their cybersecurity infrastructure, right?
What's the risk that this company, you know, what kind of exposure do they have from a
cybersecurity breach perspective, the last thing we want to do is pay a lot of money
(03:59):
to acquire a business.
In some cases, it could be hundreds of millions of dollars to acquire a business and find
out two days after we own it, or two months or two years or quite frankly, ever after
we own it, that they've been hacked and or breached by a bad actor.
And we find ourselves in a ransom situation where we can't access our data or our data
(04:21):
has been compromised or our systems have been brought to their knees that would represent
a significant risk.
And when you think about private equity investors in particular, because they tend to use debt
to finance the investments that they make, it's even more risky there, right?
Because the banks aren't really going to care that you got hacked, the banks are going to
care whether or not you make your interest payments and your principal payments.
(04:43):
And quite frankly, it's just a big distraction to most private equity firms are not making
investments hoping that they have a big distraction after they invest, they're hoping to very
quickly grow that business and create value for the shareholders.
And conducting an IT diligence exercise really kind of helps identify those risks.
It goes beyond risks.
There's a big part of IT diligence where we look at business enablement.
(05:08):
You know, you want to make sure that the company has adequate systems and processes to that
enables the company to be run efficiently that enables them to hopefully scale.
We think a lot about ideally not having to upgrade ERP systems during our ownership just
because of the cost and the risk that that represents the distraction of the business
it represents.
So kind of pre-closed pre-investment understanding cybersecurity risk, understanding business
(05:32):
enablement, do they have the right enterprise applications?
Are they the kind of scale and quality that that business needs to go to the next level
or even to support the level that they're currently at?
And then last but not least, you know, infrastructure is kind of the third leg that we typically
see in IT diligence.
Do they have the right hardware?
Are they running the right systems?
Are the computers within warranty?
(05:53):
Like are we going to have the risk that, you know, in the first year of our investment,
we have to go by, there could be 500 employees.
Do we have to go by 500 laptops next year because they've been under invested in laptops
or do we have to spend a lot more than we thought on security software because they
don't have security software or do we have to change MSP providers because their current
(06:14):
MSP just is not, they're a mom and pop shop and they don't have the capabilities that
a medium sized company, you know, with a hundred or 200 or $500 million in revenue really needs
to support them on a day to day basis.
So it's really kind of those three things.
I mean, I'm not the diligence expert.
We're going to talk to you more about some of the nuances of this, but cybersecurity
enterprise applications slash business enablement and infrastructure are the things that we
(06:37):
care about and doing an IT diligence exercise, even though it costs money, that helps us
get comfortable with those aspects of the business.
And while we may find things that we don't like, we're comfortable with that.
We just want to understand post-close what is the investment required to bring them up
to speed look like, or to bring them up to best in class look like and doing an IT diligence
(06:59):
project or assessment helps us get comfortable with that.
Yeah, great.
It's nice to hear from the business side.
I always love when business folks understand kind of the components and can speak to it
like you can and understand it.
Obviously we've had years of looking at them together and reviewing, but when you have
business folks who understand those components, I think it allows for a deeper and richer
dialogue.
So it's great to hear you talk to the compliments anywhere I can get them.
(07:22):
So appreciate that.
Yeah, no problem.
The, the other side of that, you touched on something that I thought might be interesting
to go a little deeper on, which is how does a IT, again, just the IT diligence actually
influence the valuation of a deal, right?
So we hear a lot of times, you know, we hear on the quality of earnings could affect it,
or if there have some other issues that could affect the deal.
(07:43):
What, what do you see from an IT perspective in your mind?
I know you touched a little about hardware exposure, but what kind of exposures or bogies
or whatever you want to call it?
Do you think that could influence that valuation of a deal?
Well, a couple of things come to mind.
First and foremost, the valuation of a deal could go to zero real quick if we identify,
and value is all relative, but if we were to identify, you know, an issue that was impossible
(08:07):
to solve or resolve, could walk away from a deal.
So from, it depends on what side of the fence that your, your perspective is, right?
But the value could go from a lot to a little real quick.
You know, we've had examples where we've had businesses that had cyber breaches weeks before
closing.
And I'm not, I'm not actually thinking about an example of an investment that we were making.
(08:28):
These were in my consulting days and we were working with a business.
We weren't doing the diligence, but we were working with them on a post-merger integration
plan and the business they were looking at acquiring had a cyber breach a couple of weeks
before, you know, they were supposed to close on that investment and it killed the deal.
Right.
Now, two years later, it ended up coming back to life at a discount.
(08:50):
That business suffered tremendously from that breach.
But in that instance, how much can impact on valuation?
It was a couple hundred million dollar deal went to zero real quick, right?
So hundreds of millions of dollars of shareholder value at risk as a result of there being,
there being an issue.
I would say that other ways that it shows up, and this is probably the more common way
because it's, you know, while cyber breaches are increasingly common, it's not increasing.
(09:13):
It's not that common that they're happening a couple of weeks before close.
That was just tremendously bad luck.
The other place that we should see it show up though is just in general valuation of
a company, right?
If we go and we look at making an investment in a business that has, you talk a lot about
technical debt in some of our other episodes, when we look at a business, if they have been
materially under invested in cybersecurity or under invested in enterprise applications
(09:38):
or under invested in infrastructure, and that's been something that's been happening for years,
we're not going to place as much value on that business as we would had that not been
the case.
You know, if we see a business who is appropriately investing in IT infrastructure, we're going
to, well, A, realize that the leadership team is very thoughtful about that corner of the
(09:59):
business, which is a positive because technology is enabling companies increasingly more frequently.
But we're also going to look at the P&L and go, okay, well, they've been investing and
then shows up in the P&L.
So when I'm underwriting the deal and I'm expecting a certain amount of cashflow in
year one or year two or year three, I'm assuming that the required investment in IT is kind
of baked into the historical numbers.
(10:20):
And when we do our modeling, we can look at that in the future and recognize that that's
been considered.
If you haven't been investing in that, we're probably going to have to discount those future
anticipated cash flows, which is going to have a commensurate discount in the valuation
of the business, right?
So I'm sure there's a lot of entrepreneurs out there.
A couple of them may be right, but I'm sure there's a lot of entrepreneurs out there.
(10:41):
I would argue that most of them are wrong, who may think this way.
But I'm sure there's a bunch who think about it like, hey, if I invest in this next type
of enterprise application, which may be more expensive, or if I invest in those more expensive
firewalls or a more appropriately sized MSP that I'm reducing my profitability, that reduces
my take home, but it increases the profitability of the business if I don't, that ultimately
(11:06):
my business is more valuable and I would maybe offer some counter arguments against them.
I think many investors out there are looking at buying really good businesses.
Some are looking at buying maybe businesses that aren't quite as professionally run, but
those guys tend to pay less because they're going to have to go do more if they're going
to ultimately own a business that is even more valuable in the marketplace.
(11:29):
This is just one lever that you can pull, but increasingly it's an important one.
No, it's an important one, I agree.
I think it's interesting to have this conversation because it's no secret that we're business
folks as well.
As a firm, we decided to focus on standing up a team that focuses on IT diligence and
(11:49):
IT improvement and consulting and those type of things due to seeing some of these market
trends.
I know my last question before maybe we flip the table back and talk about a little more
on the IT diligence side.
For you, what was that driving force that inspired?
I know you're one of the main folks who took the lead on or the charge on trying to get
this stood up and be whether it be via market research or speaking with others, what really
(12:12):
kind of led you to believe that this was an additional service that our clients needed
that you thought was valuable to them and what made you kind of want to push to have
that be part of our offering to our clients?
You're talking about IT diligence, right?
So probably a couple of different factors.
Starting maybe 10 years ago, maybe more, maybe 15 years ago, we started seeing IT diligence
(12:36):
as a emerging workstream.
More and more often, we were seeing some technologists come in and support the deal team, the team
looking at making the investment in the private equity fund and they were increasingly bringing
these technologists in and it was a little bit deal dependent.
If somebody was buying a software company, obviously there's going to be a lot of technologists
(12:57):
involved looking at the business and looking at the software and you know, etc.
The code for a whole host of different reasons.
I would say probably around 12, 15 years ago, we started seeing it show up also though more
frequently in industrial businesses.
I think the reality has been is that if you go back 20 some years in private equity, it
was actually a pretty easy industry to make money and you could buy businesses for a pretty
(13:20):
reasonable price.
It was nowhere near as competitive as it is today.
You could grow earnings, you could pay down debt.
I'm oversimplifying it, but it was pretty easy.
I think as the market for deals became much more competitive over the years and this market
became much more efficient, you had less room for error.
And you know, a lot of people probably think that cybersecurity concerns were the primary
(13:41):
driver of the increase in IT diligence.
I would actually argue that this may be different in different parts of the market, but for
where the vast majority of private equity deals get done kind of sub $500 million of
enterprise value, I think a primary driver of the increase in IT diligence was actually
the risk of unplanned capex.
So think about it from an investor's perspective, I buy a business and if in the first year
(14:05):
or two, I realize I have to replace the ERP system, that could cost several million dollars
and be a distraction that is several years in length.
And when I only wanted to own the business for five years in the first place, I never
even contemplated having to change out this IT system or ERP system and spend millions
of dollars doing so.
I never modeled that in, that's going to have a profound impact on, you know, where I thought
(14:27):
we could get the business and what the financial profile of the investment looks like.
And I think that after a number of instances and horror stories from hearing from others
of finding yourself in that situation, I think investors got smarter and said, hey, how do
we make sure we know what we're buying?
How do we make sure we've got the right applications in the company?
(14:47):
And if not, let's reduce the value that we're going to place on this thing, knowing that
we have to go through all this pain and all this investment while we're going to be the
owners.
Let's know that before we close.
So there's, you know, less surprises, investors hate surprises.
So I think that was a big driver.
And we've been advisors to the private equity industry before I became an investor for years.
We kind of saw that happening.
(15:09):
We saw some firms start to build IT diligence businesses.
And then what happened was we realized that most of the technology advisors in the marketplace
were pure play technologists and being operators and being very operationally focused.
We always had this belief of, you know, IT and ops kind of go hand in hand and we need
to or we saw rather this opportunity to step into the space and say, hey, we can look at
(15:34):
both.
We can look at operations, we can look at IT.
And most importantly, perhaps most importantly, we can look at both of them at the same time.
So I think we saw this this trend towards IT diligence.
We saw an opportunity that was be like a unique and kind of proprietary angle that we could
bring to bear.
And I would say that then what happened was, you know, cybersecurity, people actually started
paying attention to it.
And with the increase in focus and emphasis on cybersecurity, and then the risks that
(15:57):
are now inherent from a cyber breach perspective, that pushed the insurance companies to start
offering insurance, what's the right word plans, tied to reps and warranties and cybersecurity
and things like that.
And that then just kind of snowballed.
So now now we're at a point where, you know, 15 years ago, I would say that there was an
IT diligence workstream on maybe one in 10 to 15 transactions.
(16:20):
Now there's an IT diligence workstream on probably eight out of 10, 13 out of 15 or
so transactions.
So it is it is rapidly become a kind of mandatory workstream.
And every once in a while, we'll still see deals that get done without it.
We try to make sure that's not any deals that we're involved with.
But we know we're IT diligence evangelists at this point, because it's a controllable
risk.
(16:41):
We're around it.
It doesn't cost that much money to do it.
And I would way rather know if I have exposures pre close so I can factor that into my models.
And we understand what we need to work on post close to protect the investments that
we're making.
Awesome.
Yeah, great summary.
And sure, that's great to hear.
I personally grateful for the opportunity because it's how I found the firm and joined.
But I think it's also something that that our clients have needed.
And we've we've seen that in the response to the offering.
(17:04):
So off the hot seat, I'll go ahead and turn over to you what kind of questions I know.
I mean, essentially, you wrapped it up pretty well for me.
Let's dig into maybe a little more deeper questions that you might have around kind
of the IT diligence side that we could talk to our users.
I think what you're I think what you're saying is let's actually put some meat on the bone
for folks.
Yeah, yeah, let's let's turn the tables because you actually know what IT diligence like actually
(17:25):
is.
Yeah, I just read the reports and pretend like I understand them or call you when I
don't.
So yeah, let's let's turn the tides here.
So how does IT diligence differ from again, you're going to put your you're a technologist
I'm not.
How does it diligence differ from the other forms of diligence that I mentioned?
Yeah, you know, it's interesting.
So my background for years, I worked in M&A and participate in a lot of corporate M&A
(17:47):
and and funny thing is during our time in corporate M&A, we did a lot of IT diligence
without realizing it.
The thing about the other diligence is their name quality of earnings.
Everyone knows it's understood use a big four local firm and you do it people talk about
it.
It's understood for years.
We've been doing a lot of other diligence and just haven't had a name for it.
So I think it differs because it's a little less unknown.
(18:09):
It's one of those things that folks find a little bit nebulous and maybe they don't know
who to go to or who's the right answer.
I think it also is important to note in its simplest form, it focuses on business systems
and infrastructure.
And I think a lot of times folks get wrapped up and while the components are part of that
infrastructure is your cyber risk.
You talked about cyber risk.
I think that's a great conversation.
(18:31):
And if you want to listen to another podcast we had about cyber, I think it's a great conversation
to listen to because part of diligence is understanding your what we like to say your
cyber position.
Where are you on the cyber journey?
And then the last part that we really think is different than others is it really shows
the value that technology is providing your business and the ability to enable outcomes.
(18:52):
So a lot of times we look at quality of earnings.
They'll say the ERP that you have and you'll know the name of the ERP.
But what's different about an IT diligence is it tells you what value is that ERP bringing
to you, whether how you've configured it, why you use it or how you use it.
So it's really talking about tech driven value.
So what do you look at when you go do an IT diligence?
And maybe just to get started, how long does it take?
Yeah.
So an IT diligence ranges, we typically see diligence is from two to six weeks.
(19:15):
Now I'll tell you, I think we all know this as part of a transaction.
Scheduling is one of the most challenging parts.
You get scheduling lined up three weeks to get done.
But we all know how that goes.
We are one of eight teams that are trying to get the deal team's attention or the ownership
group.
So I'd say, you know, that's about the average couple months at max.
Okay.
And what do you look at?
(19:36):
Yeah.
So you hear in the industry a lot, the phrase check the box.
And we try to say that we're not a check the box organization.
But at some point, you got to check the box.
So we're going to look at your full technology stack.
Everything you got, we got to look at, we got to understand.
And we're going to try to do that as quickly as possible.
We do that in two forms.
The first form is sending over a data request where we ask for some information, very prescriptive.
(20:00):
And the second form is a conversation, whether that's in person or remote, where we talk
about your systems.
So it's like a desktop exercise.
The next part that we would look at was what your standards for cybersecurity are.
And that's not the systems you own.
Because you and I both know you can own a system and not use it correctly.
I've got plenty of friends that have high performance cars and you watch them drive
(20:22):
and they shouldn't be in those cars.
Plenty of people own cyber tools and are not using them correctly.
So we need to dig in and understand.
And the last part is whether it's your team or an external team, we need to evaluate those
resources.
Understand the value they're providing.
Understand how rich the data is that they have, their technical aptitude, their ability
to carry the business forward.
(20:42):
You talked about this all the time as part of deals.
Can the business and system scale?
We talk about that all the time.
Sometimes when it comes to IT teams, we need to understand, can that IT team scale with
the business as well?
So we look at humans as well as part of the transaction.
Give me some examples of what you find.
Some examples of red flags.
What would be a red flag that you guys might uncover?
(21:04):
Besides really large font on folks phones because they can't see it without their reading
glasses, that's always the time we come in and we say, hey, we're here to do an IT diligence.
And the joke's always, I can't figure this thing out on my iPhone.
So that's a red flag that everyone thinks that's all we are is technology iPhone helpers.
But I think a lot of times when we look at the smaller businesses and we go and have
those chats with folks, we discover underspend.
(21:28):
And even in the mid-market, we discover some underspend.
I think a lot of times when we go to that red flag, you mentioned at the top here, when
we look at the business, if I haven't bought laptops in 10 years for my business, I know
immediately by simple math, I need to buy X mile laptops by Y amount of dollars.
It's very easy.
And our procedure is we immediately pick up the phone, talk to the acquiring entity, tell
(21:50):
them what we're seeing.
Another common red flag is outdated systems.
So systems that haven't been updated, patched or available for 10 to 15 years.
Those systems you know you have to change or at least secure.
And there's a cost associated with that.
So that's another red flag we would throw up.
And the last one is probably the most famous one, a cyber event.
Have they been compromised?
(22:11):
Has there been a ransomware attack?
Has there been some major issue that we all know those buzz terms of cyber?
We immediately flag those because that could be a large exposure.
And we'll have to bring in other folks to be able to work through how bad or how deep
that exposure was.
So I want to go back to one of the comments that you made a second ago about underspend.
(22:31):
You gave the example of do they have to upgrade laptops?
And I think one of the counter arguments to doing IT diligence in the past for some folks
has been that it felt like a check the box exercise.
I remember having a conversation with somebody one time that said, I don't need somebody
to tell me how many laptops I need to buy.
I'm doing a $200 million transaction.
I don't really care about how many laptops I need to buy.
(22:52):
And I think at that size of a deal, that was a relevant comment.
Now you may find smaller deals where buying 20 or 30 laptops for every person in the organization
has a you know, not insignificant impact on the bottom line, right?
But I have heard that feedback in the past.
Give me some examples of underspend that might be more substantial in a business.
(23:15):
The largest, frankly, is the ERP.
If I've underspend on my ERP, whether that's staying on top of the most recent version,
having staff that understands how to use it, or actually paying for my licensing, which
is a sad event we often discover.
Those are major areas of underspend.
Because that area of underspend is so ingrained in the business.
(23:36):
To your point around the laptops, tomorrow you and I can pop down to Best Buy.
They're not the best, but we can buy 40 laptops, spin them up.
We're off and running.
With an ERP, we know it's not a short journey.
We know our clients take 90 days, six months, a year even, to get these ERPs in place.
So to turn that ship, it's tough.
So I think the largest place that we see the highest amount of risk and underspend is on
(23:58):
ERP and the systems around the ERP.
So one more question before we move on.
You talked about outdated systems.
How do you know if a system is outdated?
So there's a couple ways.
There's a very binary, easy way, right?
So one of the things that we have is we have relationships with all the major tier two
and tier one ERPs.
So when we go through to a diligence, we know the most recent versions and what's been no
(24:19):
longer supported and we understand the support date.
If we have a question, we pick up the phone, they answer our call.
We work with the ERPs all the time.
The other way you know is if it's outdated is there's also when you look at a system,
it's not only the application, it's the server it runs on as well.
Sometimes that hasn't been updated.
So we really just kind of tease out where that outdated piece of the component is, I
(24:40):
guess, since it's software or hardware.
Knowing that, then we can talk about how to get there.
But it is an important question.
There's a bit of nuance here.
Just because my system's outdated doesn't mean it can't be updated.
What our biggest concern is an unsupported system that cannot be updated, that there
is no path forward.
It's not a simple install the patch, do a couple of checks and deploy.
(25:04):
It's I have to rip the whole thing out and change.
That's the part that we worry about.
So when we communicate with our teams and when our decks that we produce that talk about
this, we clearly indicate there's a path forward that simple and easy upgrade just like anybody
updates their phone or their laptops, or this is a full system replacement due to this no
longer being supported or even able to be upgraded.
(25:24):
So let's let's move to a different topic.
Long term benefits.
What do you get out of this?
And it could be short term too.
But what are the benefits of doing it diligence beyond identifying the the red flags?
I think you said a few at the top that were important deal valuation, understand the deal
de risking folks don't like risk and deals.
I think those are all very valid points for the business perspective.
So to tack a few more onto that, I like to say that in a different way is it reduces
(25:47):
the risk of the unknown.
Because a lot of times the folks that are looking at these deals, sometimes we don't
understand all the systems and it and what it means and why it matters.
And when I'm not doing fishing campaigns or fishing reviews, what does that really mean
to you as the investor so that redo that reduction of risk and putting in business terms so you
(26:08):
can understand.
The second is usually in a transaction in this space, there's gonna be additional acquisitions,
whether that's a bolt on, whether that's a transaction where you sell, you are going
to transact, acquire or do something with this business.
So that future integration success is greatly hindered by having some of these outdated
systems.
(26:28):
How many of us know companies that are three, four acquisitions later and three, four ERP
is later, we all know them, the challenges reporting how to get that visibility, how
to have a common thread of my customer number across all my systems challenges folks deal
with every day.
So that's a long term that can affect the business because I'm carrying four counting
teams to be able to do the work that I could consolidate to one.
(26:50):
So that's a big one.
And the last one, it sets you for success to build exit.
We do a lot of sell side diligence work for folks to help them tell that story, articulate
that journey to help sell that entity.
If you haven't done that work, or had that discovery done up front, it can be challenging
you buy an organization, you own it for five years.
(27:10):
And at the time you go to sell it, you realize all the issues you have.
By taking that pain up front and understand what you own, it gives you that five years
to remediate that in preparation for exit to have a successful exit.
I have no trivia for you.
Oh, I have two bits of trivia for you, Mike, in our typical week.
So thanks for those questions.
It's always an opportunity to talk about diligence.
We love it.
(27:31):
We love going on site with folks.
We love having the conversation.
I will say we love tying to those other work streams and helping folks understand.
And I think one of the things that was most interesting is we began in diligence.
And I did the first five delegences to the group myself.
And it's great to see how we have grown in our understanding.
But the market continues to change and things continue to change.
(27:52):
So it's always great to kind of learn.
So speaking of a bit of a history lesson, I thought it'd be interesting to talk about
the term due diligence.
By chance, do you know the origin of the phrase due diligence?
We talk about all the time.
Never looked it up until now.
Twenty years doing due diligence.
And I'm ashamed to say I have no idea.
Well, if I have to guess England, England.
(28:13):
Okay.
Well, you were a young laddie when this came out.
It was the U.S. Securities Act of 1933.
So if you just think back to that, that's what it was.
U.S. Security Act 1933.
Next one.
Now, this one really got me and there's no way I would understand this.
What's kind of fun to think about afterwards, we use this phrase so much, which is due diligence.
(28:33):
What's the literal meaning of due diligence?
It's two words, literal meaning.
I already guessed England.
I think that'd be a bad guess for this one.
I think I got to go with I don't know.
Okay.
Required carefulness.
I think that's a very interesting fact.
Required carefulness.
And I think that's a lot of what we do.
We're careful in how we help our clients manage their day to day.
We're careful in what we talk about.
(28:54):
But required carefulness, due diligence.
What would we do without your trivia questions?
Dude, two bit trivia.
Two bit trivia.
It's worth what you pay for.
Well, James, yet again, thank you for shedding some light on this very important topic.
And hopefully I didn't sound too unintelligent when I was talking about why we do IT diligence
from a business perspective.
Thanks everybody for joining and looking forward to chatting with you guys soon.
(29:19):
Thanks for tuning into this episode of Growing EBITDA.
If you like this episode, hit subscribe or follow us on LinkedIn for updates.
Got a topic you'd like us to cover?
Drop us a message.
We'd love to hear from you.
Welcome to the Growing EBITDA Podcast, where we unlock the doors to management and technology
(00:08):
insights in the middle market.
Join us as we explore innovative strategies to drive revenue and EBITDA growth, interviewing
industry leaders and technology experts.
Whether you're looking to streamline operations, understand the latest tech trends, or lead
your company towards exponential growth, you're in the right place.
Stay tuned and let's grow together.
(00:31):
So James, what are we talking about today?
You know, Mike, we're going to talk about IT diligence.
Now everyone expect, hey, we have James on the line.
He's the resident IT expert on the podcast.
We're going to switch it up a bit today.
And I've prepared some questions for you around IT diligence.
Hope you're ready.
Born ready.
Alrighty.
So first question for you, Mr. Redding.
(00:55):
What is an IT due diligence and why is it critical for PE investments?
Well, I think our listeners probably even already at this point realize that I'm not
the IT diligence expert, but I can tell you why we do it from an investor perspective.
And I can tell you why it's important to investors to do a work stream like that during a deal.
(01:16):
So for those of you who may not be as familiar when private equity investors are going to
invest in a business or are thinking about investing in a business, they're going to
hire a number of different outside third parties to come in and help do diligence on that company.
Typical work streams for diligence look like hiring lawyers to do legal work and accountants
(01:41):
to do financial analysis, maybe some operations folks to look at the operations of the business
or supply chain or whatever the case may be.
Maybe they're going to hire some market research folks to do commercial diligence.
What's the size of the market?
Is it growing?
Is it shrinking?
Who are the players?
Who are the competitors?
And last but certainly not least on that list is IT.
(02:03):
And this is something, James, that if you go back 15 years, hardly anybody did IT diligence.
If you go back 20 years, hardly anybody did anything other than legal and accounting diligence
for the most part, maybe a little bit of market research work.
But the diligence landscape has been evolving to include a number of other kind of specialist
work streams.
And I include IT in this kind of in that bucket, a specialist work stream.
(02:24):
And you know, when you're buying a business, thinking about making an acquisition and this
this rings true for add on acquisitions, as well as you know, what are referred to as
platform acquisitions, you kind of want to really understand what it is that you're buying,
right?
So you're going to hire all these experts who are going to go in, they're going to do
a deep dive.
Many of them have very well tuned skill sets, but also tool kits that they bring to be able
(02:47):
to assess a business really quickly.
And if you're talking about a business, maybe that's been owned by an entrepreneur, it's
never been owned by another private equity firm before, it may be quite frankly, the
first time that anybody's going and doing a deep dive into some of the corners of the
business.
So the investors learn a lot.
Oftentimes, the seller of the business can learn a lot about their own business.
And it can be a really, you know, eye opening experience for all parties.
(03:12):
But when it comes specifically to your question about IT diligence, and why it's critical
for private equity investors, you know, in today's day and age, you know, we've talked
in other episodes about things like cybersecurity.
But in today's day and age, where technology is prolific across almost all companies and
all industries, we find that, you know, there's just a lot of exposure, a lot of risk in some
(03:35):
of these operating companies.
So what we try and do during diligence is we try and understand where the risks are,
where the red flags are, where the opportunities for improvement might be from an IT perspective
that could include things like looking at their cybersecurity infrastructure, right?
What's the risk that this company, you know, what kind of exposure do they have from a
cybersecurity breach perspective, the last thing we want to do is pay a lot of money
(03:59):
to acquire a business.
In some cases, it could be hundreds of millions of dollars to acquire a business and find
out two days after we own it, or two months or two years or quite frankly, ever after
we own it, that they've been hacked and or breached by a bad actor.
And we find ourselves in a ransom situation where we can't access our data or our data
(04:21):
has been compromised or our systems have been brought to their knees that would represent
a significant risk.
And when you think about private equity investors in particular, because they tend to use debt
to finance the investments that they make, it's even more risky there, right?
Because the banks aren't really going to care that you got hacked, the banks are going to
care whether or not you make your interest payments and your principal payments.
(04:43):
And quite frankly, it's just a big distraction to most private equity firms are not making
investments hoping that they have a big distraction after they invest, they're hoping to very
quickly grow that business and create value for the shareholders.
And conducting an IT diligence exercise really kind of helps identify those risks.
It goes beyond risks.
There's a big part of IT diligence where we look at business enablement.
(05:08):
You know, you want to make sure that the company has adequate systems and processes to that
enables the company to be run efficiently that enables them to hopefully scale.
We think a lot about ideally not having to upgrade ERP systems during our ownership just
because of the cost and the risk that that represents the distraction of the business
it represents.
So kind of pre-closed pre-investment understanding cybersecurity risk, understanding business
(05:32):
enablement, do they have the right enterprise applications?
Are they the kind of scale and quality that that business needs to go to the next level
or even to support the level that they're currently at?
And then last but not least, you know, infrastructure is kind of the third leg that we typically
see in IT diligence.
Do they have the right hardware?
Are they running the right systems?
Are the computers within warranty?
(05:53):
Like are we going to have the risk that, you know, in the first year of our investment,
we have to go by, there could be 500 employees.
Do we have to go by 500 laptops next year because they've been under invested in laptops
or do we have to spend a lot more than we thought on security software because they
don't have security software or do we have to change MSP providers because their current
(06:14):
MSP just is not, they're a mom and pop shop and they don't have the capabilities that
a medium sized company, you know, with a hundred or 200 or $500 million in revenue really needs
to support them on a day to day basis.
So it's really kind of those three things.
I mean, I'm not the diligence expert.
We're going to talk to you more about some of the nuances of this, but cybersecurity
enterprise applications slash business enablement and infrastructure are the things that we
(06:37):
care about and doing an IT diligence exercise, even though it costs money, that helps us
get comfortable with those aspects of the business.
And while we may find things that we don't like, we're comfortable with that.
We just want to understand post-close what is the investment required to bring them up
to speed look like, or to bring them up to best in class look like and doing an IT diligence
(06:59):
project or assessment helps us get comfortable with that.
Yeah, great.
It's nice to hear from the business side.
I always love when business folks understand kind of the components and can speak to it
like you can and understand it.
Obviously we've had years of looking at them together and reviewing, but when you have
business folks who understand those components, I think it allows for a deeper and richer
dialogue.
So it's great to hear you talk to the compliments anywhere I can get them.
(07:22):
So appreciate that.
Yeah, no problem.
The, the other side of that, you touched on something that I thought might be interesting
to go a little deeper on, which is how does a IT, again, just the IT diligence actually
influence the valuation of a deal, right?
So we hear a lot of times, you know, we hear on the quality of earnings could affect it,
or if there have some other issues that could affect the deal.
(07:43):
What, what do you see from an IT perspective in your mind?
I know you touched a little about hardware exposure, but what kind of exposures or bogies
or whatever you want to call it?
Do you think that could influence that valuation of a deal?
Well, a couple of things come to mind.
First and foremost, the valuation of a deal could go to zero real quick if we identify,
and value is all relative, but if we were to identify, you know, an issue that was impossible
(08:07):
to solve or resolve, could walk away from a deal.
So from, it depends on what side of the fence that your, your perspective is, right?
But the value could go from a lot to a little real quick.
You know, we've had examples where we've had businesses that had cyber breaches weeks before
closing.
And I'm not, I'm not actually thinking about an example of an investment that we were making.
(08:28):
These were in my consulting days and we were working with a business.
We weren't doing the diligence, but we were working with them on a post-merger integration
plan and the business they were looking at acquiring had a cyber breach a couple of weeks
before, you know, they were supposed to close on that investment and it killed the deal.
Right.
Now, two years later, it ended up coming back to life at a discount.
(08:50):
That business suffered tremendously from that breach.
But in that instance, how much can impact on valuation?
It was a couple hundred million dollar deal went to zero real quick, right?
So hundreds of millions of dollars of shareholder value at risk as a result of there being,
there being an issue.
I would say that other ways that it shows up, and this is probably the more common way
because it's, you know, while cyber breaches are increasingly common, it's not increasing.
(09:13):
It's not that common that they're happening a couple of weeks before close.
That was just tremendously bad luck.
The other place that we should see it show up though is just in general valuation of
a company, right?
If we go and we look at making an investment in a business that has, you talk a lot about
technical debt in some of our other episodes, when we look at a business, if they have been
materially under invested in cybersecurity or under invested in enterprise applications
(09:38):
or under invested in infrastructure, and that's been something that's been happening for years,
we're not going to place as much value on that business as we would had that not been
the case.
You know, if we see a business who is appropriately investing in IT infrastructure, we're going
to, well, A, realize that the leadership team is very thoughtful about that corner of the
(09:59):
business, which is a positive because technology is enabling companies increasingly more frequently.
But we're also going to look at the P&L and go, okay, well, they've been investing and
then shows up in the P&L.
So when I'm underwriting the deal and I'm expecting a certain amount of cashflow in
year one or year two or year three, I'm assuming that the required investment in IT is kind
of baked into the historical numbers.
(10:20):
And when we do our modeling, we can look at that in the future and recognize that that's
been considered.
If you haven't been investing in that, we're probably going to have to discount those future
anticipated cash flows, which is going to have a commensurate discount in the valuation
of the business, right?
So I'm sure there's a lot of entrepreneurs out there.
A couple of them may be right, but I'm sure there's a lot of entrepreneurs out there.
(10:41):
I would argue that most of them are wrong, who may think this way.
But I'm sure there's a bunch who think about it like, hey, if I invest in this next type
of enterprise application, which may be more expensive, or if I invest in those more expensive
firewalls or a more appropriately sized MSP that I'm reducing my profitability, that reduces
my take home, but it increases the profitability of the business if I don't, that ultimately
(11:06):
my business is more valuable and I would maybe offer some counter arguments against them.
I think many investors out there are looking at buying really good businesses.
Some are looking at buying maybe businesses that aren't quite as professionally run, but
those guys tend to pay less because they're going to have to go do more if they're going
to ultimately own a business that is even more valuable in the marketplace.
(11:29):
This is just one lever that you can pull, but increasingly it's an important one.
No, it's an important one, I agree.
I think it's interesting to have this conversation because it's no secret that we're business
folks as well.
As a firm, we decided to focus on standing up a team that focuses on IT diligence and
(11:49):
IT improvement and consulting and those type of things due to seeing some of these market
trends.
I know my last question before maybe we flip the table back and talk about a little more
on the IT diligence side.
For you, what was that driving force that inspired?
I know you're one of the main folks who took the lead on or the charge on trying to get
this stood up and be whether it be via market research or speaking with others, what really
(12:12):
kind of led you to believe that this was an additional service that our clients needed
that you thought was valuable to them and what made you kind of want to push to have
that be part of our offering to our clients?
You're talking about IT diligence, right?
So probably a couple of different factors.
Starting maybe 10 years ago, maybe more, maybe 15 years ago, we started seeing IT diligence
(12:36):
as a emerging workstream.
More and more often, we were seeing some technologists come in and support the deal team, the team
looking at making the investment in the private equity fund and they were increasingly bringing
these technologists in and it was a little bit deal dependent.
If somebody was buying a software company, obviously there's going to be a lot of technologists
(12:57):
involved looking at the business and looking at the software and you know, etc.
The code for a whole host of different reasons.
I would say probably around 12, 15 years ago, we started seeing it show up also though more
frequently in industrial businesses.
I think the reality has been is that if you go back 20 some years in private equity, it
was actually a pretty easy industry to make money and you could buy businesses for a pretty
(13:20):
reasonable price.
It was nowhere near as competitive as it is today.
You could grow earnings, you could pay down debt.
I'm oversimplifying it, but it was pretty easy.
I think as the market for deals became much more competitive over the years and this market
became much more efficient, you had less room for error.
And you know, a lot of people probably think that cybersecurity concerns were the primary
(13:41):
driver of the increase in IT diligence.
I would actually argue that this may be different in different parts of the market, but for
where the vast majority of private equity deals get done kind of sub $500 million of
enterprise value, I think a primary driver of the increase in IT diligence was actually
the risk of unplanned capex.
So think about it from an investor's perspective, I buy a business and if in the first year
(14:05):
or two, I realize I have to replace the ERP system, that could cost several million dollars
and be a distraction that is several years in length.
And when I only wanted to own the business for five years in the first place, I never
even contemplated having to change out this IT system or ERP system and spend millions
of dollars doing so.
I never modeled that in, that's going to have a profound impact on, you know, where I thought
(14:27):
we could get the business and what the financial profile of the investment looks like.
And I think that after a number of instances and horror stories from hearing from others
of finding yourself in that situation, I think investors got smarter and said, hey, how do
we make sure we know what we're buying?
How do we make sure we've got the right applications in the company?
(14:47):
And if not, let's reduce the value that we're going to place on this thing, knowing that
we have to go through all this pain and all this investment while we're going to be the
owners.
Let's know that before we close.
So there's, you know, less surprises, investors hate surprises.
So I think that was a big driver.
And we've been advisors to the private equity industry before I became an investor for years.
We kind of saw that happening.
(15:09):
We saw some firms start to build IT diligence businesses.
And then what happened was we realized that most of the technology advisors in the marketplace
were pure play technologists and being operators and being very operationally focused.
We always had this belief of, you know, IT and ops kind of go hand in hand and we need
to or we saw rather this opportunity to step into the space and say, hey, we can look at
(15:34):
both.
We can look at operations, we can look at IT.
And most importantly, perhaps most importantly, we can look at both of them at the same time.
So I think we saw this this trend towards IT diligence.
We saw an opportunity that was be like a unique and kind of proprietary angle that we could
bring to bear.
And I would say that then what happened was, you know, cybersecurity, people actually started
paying attention to it.
And with the increase in focus and emphasis on cybersecurity, and then the risks that
(15:57):
are now inherent from a cyber breach perspective, that pushed the insurance companies to start
offering insurance, what's the right word plans, tied to reps and warranties and cybersecurity
and things like that.
And that then just kind of snowballed.
So now now we're at a point where, you know, 15 years ago, I would say that there was an
IT diligence workstream on maybe one in 10 to 15 transactions.
(16:20):
Now there's an IT diligence workstream on probably eight out of 10, 13 out of 15 or
so transactions.
So it is it is rapidly become a kind of mandatory workstream.
And every once in a while, we'll still see deals that get done without it.
We try to make sure that's not any deals that we're involved with.
But we know we're IT diligence evangelists at this point, because it's a controllable
risk.
(16:41):
We're around it.
It doesn't cost that much money to do it.
And I would way rather know if I have exposures pre close so I can factor that into my models.
And we understand what we need to work on post close to protect the investments that
we're making.
Awesome.
Yeah, great summary.
And sure, that's great to hear.
I personally grateful for the opportunity because it's how I found the firm and joined.
But I think it's also something that that our clients have needed.
And we've we've seen that in the response to the offering.
(17:04):
So off the hot seat, I'll go ahead and turn over to you what kind of questions I know.
I mean, essentially, you wrapped it up pretty well for me.
Let's dig into maybe a little more deeper questions that you might have around kind
of the IT diligence side that we could talk to our users.
I think what you're I think what you're saying is let's actually put some meat on the bone
for folks.
Yeah, yeah, let's let's turn the tables because you actually know what IT diligence like actually
(17:25):
is.
Yeah, I just read the reports and pretend like I understand them or call you when I
don't.
So yeah, let's let's turn the tides here.
So how does IT diligence differ from again, you're going to put your you're a technologist
I'm not.
How does it diligence differ from the other forms of diligence that I mentioned?
Yeah, you know, it's interesting.
So my background for years, I worked in M&A and participate in a lot of corporate M&A
(17:47):
and and funny thing is during our time in corporate M&A, we did a lot of IT diligence
without realizing it.
The thing about the other diligence is their name quality of earnings.
Everyone knows it's understood use a big four local firm and you do it people talk about
it.
It's understood for years.
We've been doing a lot of other diligence and just haven't had a name for it.
So I think it differs because it's a little less unknown.
(18:09):
It's one of those things that folks find a little bit nebulous and maybe they don't know
who to go to or who's the right answer.
I think it also is important to note in its simplest form, it focuses on business systems
and infrastructure.
And I think a lot of times folks get wrapped up and while the components are part of that
infrastructure is your cyber risk.
You talked about cyber risk.
I think that's a great conversation.
(18:31):
And if you want to listen to another podcast we had about cyber, I think it's a great conversation
to listen to because part of diligence is understanding your what we like to say your
cyber position.
Where are you on the cyber journey?
And then the last part that we really think is different than others is it really shows
the value that technology is providing your business and the ability to enable outcomes.
(18:52):
So a lot of times we look at quality of earnings.
They'll say the ERP that you have and you'll know the name of the ERP.
But what's different about an IT diligence is it tells you what value is that ERP bringing
to you, whether how you've configured it, why you use it or how you use it.
So it's really talking about tech driven value.
So what do you look at when you go do an IT diligence?
And maybe just to get started, how long does it take?
Yeah.
So an IT diligence ranges, we typically see diligence is from two to six weeks.
(19:15):
Now I'll tell you, I think we all know this as part of a transaction.
Scheduling is one of the most challenging parts.
You get scheduling lined up three weeks to get done.
But we all know how that goes.
We are one of eight teams that are trying to get the deal team's attention or the ownership
group.
So I'd say, you know, that's about the average couple months at max.
Okay.
And what do you look at?
(19:36):
Yeah.
So you hear in the industry a lot, the phrase check the box.
And we try to say that we're not a check the box organization.
But at some point, you got to check the box.
So we're going to look at your full technology stack.
Everything you got, we got to look at, we got to understand.
And we're going to try to do that as quickly as possible.
We do that in two forms.
The first form is sending over a data request where we ask for some information, very prescriptive.
(20:00):
And the second form is a conversation, whether that's in person or remote, where we talk
about your systems.
So it's like a desktop exercise.
The next part that we would look at was what your standards for cybersecurity are.
And that's not the systems you own.
Because you and I both know you can own a system and not use it correctly.
I've got plenty of friends that have high performance cars and you watch them drive
(20:22):
and they shouldn't be in those cars.
Plenty of people own cyber tools and are not using them correctly.
So we need to dig in and understand.
And the last part is whether it's your team or an external team, we need to evaluate those
resources.
Understand the value they're providing.
Understand how rich the data is that they have, their technical aptitude, their ability
to carry the business forward.
(20:42):
You talked about this all the time as part of deals.
Can the business and system scale?
We talk about that all the time.
Sometimes when it comes to IT teams, we need to understand, can that IT team scale with
the business as well?
So we look at humans as well as part of the transaction.
Give me some examples of what you find.
Some examples of red flags.
What would be a red flag that you guys might uncover?
(21:04):
Besides really large font on folks phones because they can't see it without their reading
glasses, that's always the time we come in and we say, hey, we're here to do an IT diligence.
And the joke's always, I can't figure this thing out on my iPhone.
So that's a red flag that everyone thinks that's all we are is technology iPhone helpers.
But I think a lot of times when we look at the smaller businesses and we go and have
those chats with folks, we discover underspend.
(21:28):
And even in the mid-market, we discover some underspend.
I think a lot of times when we go to that red flag, you mentioned at the top here, when
we look at the business, if I haven't bought laptops in 10 years for my business, I know
immediately by simple math, I need to buy X mile laptops by Y amount of dollars.
It's very easy.
And our procedure is we immediately pick up the phone, talk to the acquiring entity, tell
(21:50):
them what we're seeing.
Another common red flag is outdated systems.
So systems that haven't been updated, patched or available for 10 to 15 years.
Those systems you know you have to change or at least secure.
And there's a cost associated with that.
So that's another red flag we would throw up.
And the last one is probably the most famous one, a cyber event.
Have they been compromised?
(22:11):
Has there been a ransomware attack?
Has there been some major issue that we all know those buzz terms of cyber?
We immediately flag those because that could be a large exposure.
And we'll have to bring in other folks to be able to work through how bad or how deep
that exposure was.
So I want to go back to one of the comments that you made a second ago about underspend.
(22:31):
You gave the example of do they have to upgrade laptops?
And I think one of the counter arguments to doing IT diligence in the past for some folks
has been that it felt like a check the box exercise.
I remember having a conversation with somebody one time that said, I don't need somebody
to tell me how many laptops I need to buy.
I'm doing a $200 million transaction.
I don't really care about how many laptops I need to buy.
(22:52):
And I think at that size of a deal, that was a relevant comment.
Now you may find smaller deals where buying 20 or 30 laptops for every person in the organization
has a you know, not insignificant impact on the bottom line, right?
But I have heard that feedback in the past.
Give me some examples of underspend that might be more substantial in a business.
(23:15):
The largest, frankly, is the ERP.
If I've underspend on my ERP, whether that's staying on top of the most recent version,
having staff that understands how to use it, or actually paying for my licensing, which
is a sad event we often discover.
Those are major areas of underspend.
Because that area of underspend is so ingrained in the business.
(23:36):
To your point around the laptops, tomorrow you and I can pop down to Best Buy.
They're not the best, but we can buy 40 laptops, spin them up.
We're off and running.
With an ERP, we know it's not a short journey.
We know our clients take 90 days, six months, a year even, to get these ERPs in place.
So to turn that ship, it's tough.
So I think the largest place that we see the highest amount of risk and underspend is on
(23:58):
ERP and the systems around the ERP.
So one more question before we move on.
You talked about outdated systems.
How do you know if a system is outdated?
So there's a couple ways.
There's a very binary, easy way, right?
So one of the things that we have is we have relationships with all the major tier two
and tier one ERPs.
So when we go through to a diligence, we know the most recent versions and what's been no
(24:19):
longer supported and we understand the support date.
If we have a question, we pick up the phone, they answer our call.
We work with the ERPs all the time.
The other way you know is if it's outdated is there's also when you look at a system,
it's not only the application, it's the server it runs on as well.
Sometimes that hasn't been updated.
So we really just kind of tease out where that outdated piece of the component is, I
(24:40):
guess, since it's software or hardware.
Knowing that, then we can talk about how to get there.
But it is an important question.
There's a bit of nuance here.
Just because my system's outdated doesn't mean it can't be updated.
What our biggest concern is an unsupported system that cannot be updated, that there
is no path forward.
It's not a simple install the patch, do a couple of checks and deploy.
(25:04):
It's I have to rip the whole thing out and change.
That's the part that we worry about.
So when we communicate with our teams and when our decks that we produce that talk about
this, we clearly indicate there's a path forward that simple and easy upgrade just like anybody
updates their phone or their laptops, or this is a full system replacement due to this no
longer being supported or even able to be upgraded.
(25:24):
So let's let's move to a different topic.
Long term benefits.
What do you get out of this?
And it could be short term too.
But what are the benefits of doing it diligence beyond identifying the the red flags?
I think you said a few at the top that were important deal valuation, understand the deal
de risking folks don't like risk and deals.
I think those are all very valid points for the business perspective.
So to tack a few more onto that, I like to say that in a different way is it reduces
(25:47):
the risk of the unknown.
Because a lot of times the folks that are looking at these deals, sometimes we don't
understand all the systems and it and what it means and why it matters.
And when I'm not doing fishing campaigns or fishing reviews, what does that really mean
to you as the investor so that redo that reduction of risk and putting in business terms so you
(26:08):
can understand.
The second is usually in a transaction in this space, there's gonna be additional acquisitions,
whether that's a bolt on, whether that's a transaction where you sell, you are going
to transact, acquire or do something with this business.
So that future integration success is greatly hindered by having some of these outdated
systems.
(26:28):
How many of us know companies that are three, four acquisitions later and three, four ERP
is later, we all know them, the challenges reporting how to get that visibility, how
to have a common thread of my customer number across all my systems challenges folks deal
with every day.
So that's a long term that can affect the business because I'm carrying four counting
teams to be able to do the work that I could consolidate to one.
(26:50):
So that's a big one.
And the last one, it sets you for success to build exit.
We do a lot of sell side diligence work for folks to help them tell that story, articulate
that journey to help sell that entity.
If you haven't done that work, or had that discovery done up front, it can be challenging
you buy an organization, you own it for five years.
(27:10):
And at the time you go to sell it, you realize all the issues you have.
By taking that pain up front and understand what you own, it gives you that five years
to remediate that in preparation for exit to have a successful exit.
I have no trivia for you.
Oh, I have two bits of trivia for you, Mike, in our typical week.
So thanks for those questions.
It's always an opportunity to talk about diligence.
We love it.
(27:31):
We love going on site with folks.
We love having the conversation.
I will say we love tying to those other work streams and helping folks understand.
And I think one of the things that was most interesting is we began in diligence.
And I did the first five delegences to the group myself.
And it's great to see how we have grown in our understanding.
But the market continues to change and things continue to change.
(27:52):
So it's always great to kind of learn.
So speaking of a bit of a history lesson, I thought it'd be interesting to talk about
the term due diligence.
By chance, do you know the origin of the phrase due diligence?
We talk about all the time.
Never looked it up until now.
Twenty years doing due diligence.
And I'm ashamed to say I have no idea.
Well, if I have to guess England, England.
(28:13):
Okay.
Well, you were a young laddie when this came out.
It was the U.S. Securities Act of 1933.
So if you just think back to that, that's what it was.
U.S. Security Act 1933.
Next one.
Now, this one really got me and there's no way I would understand this.
What's kind of fun to think about afterwards, we use this phrase so much, which is due diligence.
(28:33):
What's the literal meaning of due diligence?
It's two words, literal meaning.
I already guessed England.
I think that'd be a bad guess for this one.
I think I got to go with I don't know.
Okay.
Required carefulness.
I think that's a very interesting fact.
Required carefulness.
And I think that's a lot of what we do.
We're careful in how we help our clients manage their day to day.
We're careful in what we talk about.
(28:54):
But required carefulness, due diligence.
What would we do without your trivia questions?
Dude, two bit trivia.
Two bit trivia.
It's worth what you pay for.
Well, James, yet again, thank you for shedding some light on this very important topic.
And hopefully I didn't sound too unintelligent when I was talking about why we do IT diligence
from a business perspective.
Thanks everybody for joining and looking forward to chatting with you guys soon.
(29:19):
Thanks for tuning into this episode of Growing EBITDA.
If you like this episode, hit subscribe or follow us on LinkedIn for updates.
Got a topic you'd like us to cover?
Drop us a message.
We'd love to hear from you.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.