Red Flag Due Diligence - Identifying IT Risks

Comprehensive due diligence is essential when acquiring a company - but it is also very cost-intensive. It is also cost-sensitive for potential investors, as it always represents a significant investment with an uncertain outcome.

To reduce the cost risk, a full due diligence can be preceded by a so-called "red flag due diligence". A Red Flag Due Diligence enables the buyer to get a first overview of the object of purchase.

This enables him to identify potential deal breakers or obstacles to the further M&A process. Such obstacles include, for example, incorrectly valued assets or facilities, financial difficulties of the target company or a strategy that is not realistic or targeted.

If you compare a company to a landscape of streets, villages and towns, due diligence involves looking into almost every house and driving down every street - in red flag due diligence, on the other hand, experts initially examine only the most important transport links and a few central buildings.

Consultants, lawyers and auditors commissioned by the buyer analyze the target company's documents made available in the Data Room for potential opportunities and risks. Experienced teams of IT experts and auditors also examine the target company's IT organization and systems.

It is important to withdraw in good time if insurmountable obstacles (deal breakers) are identified, in order to limit the costs of the due diligence or, if special opportunities exist, to win the bid by making the better offer.

The result of the Red Flag Due Diligence shows whether IT is more likely to have no problems in the M&A process or whether certain areas of IT would be better looked at in depth.

The focus of Red Flag Due Diligence is on the identification of critical risks - and not on the verification and analysis of possible synergies in or through IT. Red flag due diligence is also carried out before the actual due diligence in the financial sector.

The information collection process is focused on the subject areas that experience has shown to pose the greatest risks. Important in this context are, for example

• the carve-out complexity,
• the transfer of licenses and rights of use, or
• possible incompatibilities for a potential integration.

Additionally, risks from in-house developments, Day 1 readiness, or the need for comprehensive Transition Service Agreements (TSAs) can also be highlighted.

The proven Red Flag Due Diligence risk categories for analysis are:

• Operational Risk Review: Day 1, process and delivery disruptions.
• Monetary risks of the transaction process: unforeseen investments, re-licensing
• Examination of dependency risks: loss of specialized knowledge

Deal breakers do not always emerge immediately, but the report at least provides the investor with valid indications of where deeper analysis is required in order to obtain arguments for pricing and contract design in addition to risk avoidance.

Ultimately, it is up to each investor how he evaluates the risks and problems identified and whether he wants to continue the M&A process into the next phase - the Red Flag Due Diligence provides the necessary facts in a compact form.

IT Red Flag Due Diligence is an upstream investigation of the target company. It is more cost-effective and identifies the most critical issues. This also makes it possible to decide whether a subsequent comprehensive due diligence is worthwhile at all.

The advantage of this two-stage process is that it minimizes the risk of making a bad investment in a cost-intensive and open-ended due diligence. Processes of financial transactions stand and fall with IT. That is why focusing exclusively on financial due diligence is not enough.