Due diligence: letting cloud shoulder the burden of change

David Cartwright Advice
11 Jan, 2013

Companies looking for further investment or who are being taken over will find the cloud can help in unexpected ways

Anyone who's been in industry for any length of time will probably have experienced at least one takeover or merger. And if not a full-scale acquisition, then they've probably experienced a major external investment. What all of these will have had in common, will be that he investor has gone through a process of Due Diligence (DD) on the entity it's looking to invest in.

BusinessDictionary.com has probably the most straightforward definition of DD: it's the “duty of a firm's directors and officers to act prudently in evaluating associated risks in all transactions”. When company A is looking to invest in company B, this basically means company A doing a thorough job of looking at the operation and finances of company B, and the latter providing all the information requested by the potential investor.

In all but the most trivial cases, the amounts of data generated and shared as part of the DD process can be huge. Take the IT department as an example: the target company will be expected to share all contracts and leases for data centres, telecoms services, network services, maintenance agreements, WAN links, Internet connections, server and storage hardware, software licences, the list goes on – and that's just one department. So we're looking at large collections of potentially long documents – it's not impossible for a commercial contract to stretch to 100 pages, for example) which need to be shared securely and in a place that has the capacity to take them.

When company A looks to invest in company B, a whole lot more people become involved along the way. The reason is simple: company A doesn't necessarily do DD a great deal, and so they employ specialists to do it for them.

The amounts of data generated and shared as part of the DD process can be huge

It's common, therefore, to see the investor employ a third-party law firm to deal with the DD, and for that firm to involve further third parties who are specialists in the various subject areas – a finance house to deal with the books, a technical due-diligence specialist for the IS department, plus perhaps further subject-area specialists to understand any esoteric things the target company does as part of its operations. Don't be surprised, in a typical medium-sized DD exercise, to see a couple of dozen individuals from six or seven different organisations sharing information with each other and the two major parties.

Access to systems
And now for the catch: just because A is investing in B, this doesn't mean that A can expect access to B's systems. Although in smaller exercises this is what happens, in larger ones it isn't. The target company will generally have some kind of commitment to confidentiality that prohibits them from simply letting a potential investor dig around their systems, even if that's precisely what the potential investor would like to be able to do.

Read more about: