Technical Diligence Should Reflect Private Equity Response to COVID-19
After years of increasing valuations and transaction volumes, Private Equity firms are now facing new challenges following the effects of COVID-19. In industry publications and blogs, in conversations with clients and partners, we’ve seen a number of new strategies and areas of focus that are consistently mentioned; here we address how those strategies impact technical due diligence (as well as portco management).
Here are some frequently mentioned investment strategies & areas of focus:
Preparing for large work-from-home organizations
With significant numbers of employees now working from home, improvements in basic infrastructure services are required in order to provide necessary access. Employees accessing SaaS services, as well as company VPNs from their own home networks will significantly increase the overall security attack surface of the organization. The company just went from 5 offices to 350 living rooms and dining tables; priority is given to considerations like: How is the company managing the numbers of personal devices now in use? How are they ensuring all devices in use have security patches consistently applied? What other services are these devices connected to at the same time as corporate services?
For new acquisitions, the diligence should provide an accurate risk assessment of security based on policies, procedures and 3rd party evaluations (e.g. recent penetration testing and vulnerability scan results).
For your portfolio, evaluating its overall security profile is a worthwhile project to undertake. Set up portfolio-wide standards (using an established maturity model) and work with each company to understand gaps in their profile and plan necessary steps to close them.
Ensuring resiliency against disruptions
PE firms will need to ensure companies (acquisitions and portfolio) can keep mission-critical systems and projects working through a disruption. Technical diligence should map out a few disruption timelines (e.g. 1, 3, 6 mos) and thoroughly understand and evaluate Disaster Recovery & Business Continuity capabilities (automation levels & testing, risk assessments, business impact).
Other areas of focus include understanding baseline operating costs and the company’s planning capabilities; these are critical components to address as you’re working through multiple financial scenarios and testing your investment strategies. If the company needs to put their platform in “keep the lights on” mode for a period of time, the diligence should provide insight into what it takes to do that. There may be a re-prioritization of planned development efforts; how effective and what quality are the company’s roadmap planning processes to ensure a smooth transition?
Diversifying revenue streams
From a technology perspective, additional focus should be placed on evaluating a platform’s ability to expand the existing market and/or move into adjacent markets.
Expanding the market means that the platform (and associated services/teams) will need to scale. Technical diligence should include evaluations based on a few scaling scenarios (e.g. 2x and 5x the existing customer base and loads) while recognizing critical bottlenecks and understanding where issues may occur. These bottlenecks could be in platform loads (What are the main multiplying effects? Is it the number of customers? Transactions? How are these being modeled in the evaluation?) or in onboarding (How many customers can be onboarded during any given week? Are there any established data conversions for migrating customers from existing competitors? How quickly and easily can this transition be made for those customers?).
In addition, the diligence should include evaluations (at your direction) of how the platform can accommodate (architecture, infrastructure, underlying design of code and data) a few adjacent market scenarios. For example, if your target company provides basic ERP functionality to landscape companies, your partner’s diligence report would include evaluations of what it would take to move into pest control, general contractors (electricians, plumbers), utilities, local cable/satellite providers. These markets have very similar core user workflows and functionalities. Understanding the platform’s extensibility and the team’s ability to innovate will be critical to determining the level of investment needed to move into adjacent markets.
Evaluating supply chain risks
In technology terms, this means understanding the potential failure points among the platform’s external dependencies, such as data providers, mission-critical services (e.g. email/SMS providers) and cloud providers.
Whether data is provided by an API, manual data entry or a labor-intensive technology (e.g. screen-scraping), technical diligence should address how the target will respond to a disruption, whether they have alternate providers and how quickly can they switch if necessary. It will also be important to understand how the platform handles gaps in data and/or out-of-sequence delivery; resilience in content fluctuation is just as important as content availability.
For mission-critical services, is there a risk assessment for each, that includes alternate providers and the level of effort necessary to failover? Keep in mind, even if the failover is manual, a known and tested process (with quality gates and decision points) is the goal.
Deploying to a cloud provider’s single geographic region used to be a low-risk strategy. However, as COVID-19 has shown us, fluctuations in loads (due to WFH, for example) can cause significant disruptions to services. Having a failover region (or the ability to stand one up in a time period that does not create significant revenue impact) will be critical. The company could also leverage the additional regional deployment for performance benefits
Revisiting abandoned deals due to new valuations
We we discussed in a previous blog, as you scale up and look at more and more deals, lean on your diligence partner for advice. They can help you to rapidly evaluate potential deals and identify potential risks, and do so comparatively so you can get a full picture of your options.
You may need to move quickly on some of these potential deals; make sure your diligence partner has mechanisms in place to work on an abbreviated schedule and still deliver consumable and relevant advice.
Technology organizations are experiencing a number of strains due to COVID-19 measures. As you engage in potential add-ons for your portfolios, it will be important to understand their ability to absorb a new organization, platform, and infrastructure. A light organizational or architectural assessment may be a good approach before proceeding. Ideally, you have been provided a consistent diligence team that is already familiar with your portfolio and can provide relevant insight without additional up-front work.
Engaging in PIPE and minority investments
Private investment in public equity (PIPE) deals and minority investments are likely to increase in transaction volume going forward. The deal flows for these activities usually provide a lot less access than you’re used to. Ask your diligence partner how they plan to approach such situations. The ability to deliver a high-fidelity report will be difficult; your partner should have strategies to carry out lighter-access diligences, focusing on key issues (with your guidance) while not impacting the report.
This can mean doing additional research, relying more on documentation, and (most importantly) being able to zero-in on critical questions to ask during the limited time you may get with management. The ability to get a lot from a little will absolutely impact your ability to arrive at a reliable valuation.
The road ahead
… for the new normal is still unknown. You are prudently adjusting strategies for new acquisitions as well as managing overall portfolio health. Your technical diligence efforts should adapt accordingly to ensure a high-fidelity risk assessment can still be delivered, focusing on the right things at the right level.