Information Technology Due Diligence in Mergers

By Max Reiboldt, CPA, MBA
March 14, 2022

Until recently, IT due diligence was not considered an essential component of the acquiring entity’s overall due diligence analysis. However, in today’s economy, information management is the currency that drives all businesses, including healthcare.


Before the IT due diligence process begins, the acquiring entity’s leadership should have a clear understanding of the goal of the overall mergers and acquisitions transaction and how technology will play a part in its success. Often, the acquiring entity is looking to leverage its acquisition’s technology and staff as part of its integration plan and support its ability to scale their operations. Conversely, the organization may decide to continue to manage the acquisition as a standalone entity with little to no integration planned.

IT due diligence is a critical exercise in an organization’s investment cycle, whether it is an inpatient health system, private equity firm, investment bank, or acquiring physician practice. Understanding the purpose of information technology, including software, hardware, medical devices, etc., in the overall due diligence process is necessary to knowing how to target your analysis and ultimately maximize the investment of the assets being acquired.

The strategy behind the IT due diligence determines what resources will be needed, where they will spend their time, and what questions must be answered so investors can make sound business decisions. This excerpt provides a brief introduction to some considerations that are relevant when preparing for an information technology disclosure or considering such disclosed information in the context of a mergers and acquisitions due diligence exercise.


The information technology aspects of a due diligence analysis are basically the same as those for any other aspect of the due diligence process. Considerations around the structure of the proposed transaction could include, for example, a share purchase, an asset purchase, or a merger.

The proposed construction of the deal will dictate to a great extent the various aspects of the information technology that require special attention under due diligence. For example, in the event a proposed transaction is an asset transfer, prohibitions or limitations on the assignment of software licenses will be relevant, while change control provisions will be relevant in the case of share purchases.

Beyond the structure of the proposed transaction, it is important to understand in detail the information technology that will establish the subject matter of the due diligence review. More broadly, it will be necessary to obtain details of three specific areas:

  1. The information technology assets owned or used by the entity.

  2. Relevant documents supporting the information technology assets and third parties, including records related to service levels, technical and functional specifications, and warranties.

  3. The rights of and obligations to third parties in respect of those information technology assets.

The complete disclosure of information technology resources and the role each asset plays in the entity’s operations is critical. Having a full understanding of these assets will empower prospective buyers to determine how significant the technology and supporting vendor partners are to the business operations and, consequently, the value of the proposed transaction. For example, if a software asset such as an electronic health record (EHR) system provides the buyer with a competitive advantage or is a direct revenue driver, that asset will be valuable to the prospective buyer and in the due diligence review.

The goal is to identify potential duplications in the information technology systems that the acquiring entity may wish to consider sunsetting or renegotiate contract terms during post-merger activities. With software assets, the typical information collected and evaluated is:

  • An inventory of software used by the acquiring entity.

  • Agreements related to the software assets, such as license, support, maintenance, service levels, escrow agreements.

  • Documented policies and procedures, administrative and user manuals guides, and information on user access protocols.

  • Active or planned co-development programs.

The hardware assets data collected include:

  • Network and system diagrams of the hardware architecture.

  • An inventory of hardware assets.

  • Third-party agreements such as licenses, support, service level, and maintenance agreements, and disaster recovery and business continuity procedures.

Regarding hardware and software assets, contractual arrangements with third parties such as license agreements are important. These agreements highlight the rights and the scope of those rights the buyer may acquire through the proposed transaction. Licensing provisions may only be contained not in license agreements but also be part of various other initiatives, such as joint venture, consulting, development, and settlement agreements.

If the acquiring entity is leveraging open-source software, the buyer is subject to the terms of an open-source software license agreement. Open-source and third-party software licenses may be an important factor in the proposed merger and acquisition (M&A) transaction, as they could dictate the terms on which the software can be licensed to third parties. Integration of open-sourced software and licensed software should be evaluated to determine its impact and future cost of integration into other parts of the business. It also is essential to recognize that information technology is increasingly acquired as software-as-a-service or as part of a cloud computing strategy, which requires careful evaluation.

Because of the extent to which information technology has become an integral part of how businesses operate and often a significant contributor to or source of competitive advantage, the appropriate review of information technology during a due diligence project is critical. In the approach to the due diligence, as established above, the focus is on a more traditional information technology environment.

Excerpted from Affiliation Options for Physicians: Current and Future Strategies.





Join AAPL today






Standardized APIs Could Finally Make It Easy to Exchange Health Records
Do Health Apps Really Make Us Healthier?