Why Technology Due Diligence Often Misses the Real Risks

Technology due diligence has become a standard part of most transactions, and on its own terms it is usually done competently. Systems are catalogued, contracts are reviewed, security is assessed. And yet integrations still fail, value still leaks, and acquirers are still surprised. The reason is that the risks which actually determine success are frequently not the ones diligence is designed to find.

The conventional exercise looks at technology as a set of assets. The real risks usually lie elsewhere — in how those assets are operated, who understands them, how decisions are made, and whether two organisations can actually work as one. These are harder to assess, do not fit neatly into a checklist, and are often left out as a result.

Culture is an operational risk, not a soft one

It is easy to dismiss culture as a soft factor, irrelevant to the hard numbers of a deal. That is a mistake. Culture determines whether people stay, whether knowledge transfers, whether the two organisations cooperate or quietly resist one another. An integration that ignores culture is relying on goodwill it has not earned.

The practical signs are visible if you look for them: how decisions are really made, how much depends on informal relationships, whether the target’s way of working could survive being absorbed. These are operational realities with direct consequences for whether the integration delivers what the model promised.

Operations reveal what the asset register conceals

A list of systems tells you what an organisation has. It does not tell you how it actually runs. The real operational risk lies in the workarounds, the undocumented processes, the manual steps that hold things together, and the dependencies that no one has mapped because they have always simply worked.

These are precisely the things that break under the strain of integration. Understanding how an organisation genuinely operates — as opposed to how it is described — is one of the most valuable, and most frequently neglected, aspects of diligence.

Governance and decision rights

How a target makes decisions is a risk in its own right. If authority is concentrated, informal or poorly defined, integrating it into a larger structure can stall. Decisions that used to happen quickly now require negotiation; accountability that was clear becomes contested. Diligence that examines governance — who decides what, and how — anticipates friction that asset-focused diligence cannot see.

A list of systems tells you what an organisation has. It does not tell you how it actually runs.

Key-person dependency

In many organisations, critical knowledge and relationships rest with a small number of individuals. They may understand a core system, hold key client relationships, or simply be the people who know how things really work. If the deal does not account for them — and if they have no reason to stay — the acquirer may find that much of what it bought has quietly walked out of the door.

Identifying key-person dependency is not difficult, but it requires asking the question deliberately. Who, if they left, would create a serious problem? What would be lost with them? What, if anything, secures their commitment beyond completion? These questions are far cheaper to ask before a deal than to answer after one.

Integration complexity is the risk that compounds

Each of these risks is manageable in isolation. The danger is that they compound. Cultural friction makes key people more likely to leave; their departure removes the knowledge needed to integrate the operations; the operational gaps then surface governance disputes about who is responsible. What began as separate issues becomes a single, escalating problem.

This is why integration complexity should be assessed as a whole, not as a series of unrelated line items. The real question is not whether each individual risk is acceptable, but whether the integration, taken together, is genuinely achievable with the time, people and money available.

Better diligence asks better questions

None of this argues against technology due diligence. It argues for diligence that looks beyond the asset register to the things that actually determine outcomes: how the organisation operates, who holds it together, how it decides, and whether it can be combined with the acquirer in practice. That requires judgement and operating experience as much as technical analysis. The acquirers who realise value are those who insist on diligence that asks the harder questions while there is still time to act on the answers.