Financial and legal due diligence is standard on any acquisition. IT rarely gets the same treatment in SME deals — and yet the IT estate is where a surprising amount of post-deal cost, operational risk, and integration pain actually lives. A few days of proper technical review before you sign usually pays for itself many times over.

When this is useful

• Pre-deal. You’ve agreed heads of terms and you want a technical view before you commit. Valuation implications, red flags, integration cost estimate.
• Post-deal integration. The deal has closed and now you’ve got two IT estates to merge. You need a plan for systems, suppliers, licensing, and people.
• PE platform deals. Investors want an independent technical view of the platform and the bolt-ons, separate from whatever the management team are saying.
• Carve-outs. You’re being sold a division of a larger business and need to work out what IT comes with it, what stays, and what you’ll have to stand up from scratch.

What I look at

Infrastructure

What’s the kit, how old is it, where does it live, who maintains it, what’s end-of-life in the next two years. Are servers physical or virtual, on-premises or cloud. Is anything sitting under someone’s desk that shouldn’t be.

Applications and licensing

Line-of-business systems, versions, support status, and whether the licences are genuinely in order. Microsoft licensing in SMEs is almost always wrong in one direction or the other — sometimes expensively so. Perpetual licences assigned to people who left four years ago. Per-user licensing being treated as per-device. Enterprise agreements the seller forgot to disclose.

Contracts and suppliers

MSPs, telecoms, software vendors, connectivity, cloud. Who’s paying what, what’s auto-renewing, what’s out of contract, what’s got an early-termination penalty buried on page 14.

Cybersecurity posture

Where are they on the basics — MFA, patching, backup, EDR, admin account hygiene. Any known incidents. Cyber insurance in place and honest about the state of things. Any inherited breach liability.

Data and compliance

GDPR housekeeping, data processing agreements, customer data flows. Any ICO history. If the target has contracts with public sector or regulated customers, any certifications that have to transfer or be re-done.

People

Who actually runs IT. Is it one person who knows everything and is about to retire. Is it an MSP relationship the seller built on a golf course. What happens on day one post-deal if the key person walks.

Hidden costs

The stuff that doesn’t show up on the P&L because it’s been deferred. Kit refresh that’s been put off. Software that’s about to go end-of-life. Windows versions coming out of support. Licence true-ups that are due. Cyber remediation that’s been “on the list” for two years.

What you get from me

• A written report in the language the rest of your DD is in — not 60 pages of technical prose, but the key findings, the risks, the costs, and the questions you should be asking the seller.
• A 90-minute debrief with you and your deal team to walk through it and answer questions.
• If relevant, a sensible estimate of post-deal IT integration cost so it can go into the model.
• Optional follow-on: if the deal closes, I can lead or oversee the integration itself on an interim or fractional basis.

Timeline and commercials

Most SME deals take me four to eight days of work, depending on the size and complexity of the target. I can turn a standard review around in two to three weeks from kick-off, faster if the deal timetable demands it and I have access to the information I need.

Fixed-fee quote once I understand the shape of the target. No contingent fees, no deal-dependent pricing — you’re paying me for an honest view, and that’s what you get.

What I won’t do

I won’t tell you what you want to hear. I won’t sign off on a target because the deal team is pressing to close. If I find something that genuinely should change the deal, I’ll say so clearly — and I’ll stand behind it.

Discuss your deal →