The objective of an IT Audit is to identify where improvements are needed in the organization of IT and in projects, and to develop a plan for implementation of improvements that is feasible.
The objective of an IT Due Diligence is to identify issues and risks that may be “deal breakers” for a merger or acquisition or that may have an impact on the value of the company.
The subjects to be analyzed during an IT Audit and IT Due diligence are in principle the same. An IT Audit is usually more focused in specific areas, while an IT Due diligence covers all areas but not in depth. The scope of both is in principle the same:
1 Business strategy and IT
- Support of the business strategy and business processes by IT
- Analysis of IT Strategy and plan for the next 3 years
- Analysis of business critical applications and projects
- Analysis of management information
3 IT infrastructure
- Overview of hardware, systems software, operating systems
- Overview of networks
- Overview of databases
4 IT organization
- Overview of IT organization, employees, suppliers, contracts
- Analysis of IT capital expenses and operational expenses
5 IT processes and procedures
- Analysis of business critical processes (e.g. Change management, Incident management, Release management)
- Analysis of disaster recovery planning and business continuity
- Analysis of security
The content of the IT Due Diligence report will be structured according to the subjects above.
Costs and Benefits
The costs of an IT Due diligence and IT audit are usually 10 to 15 days for a medium-size organization, depending on the size, complexity and the available documentation. The duration is usually three weeks, depending on the availability of key persons for interviews and depending on the available documentation.
The benefits of an IT Due diligence are:
- reduce the risks of a merger or acquisition
- reduce the purchase price due to identified risks
The benefits of an IT Audit are:
- identification of improvements and a plan for implementation
- mitigation of risks and better risk management