5 QUESTIONS TO ASSESS

IT'S IMPACT

INDUSTRY INSIGHT

BY CHRIS DEMICHAEL

Managing Director,

RKON PE SERVICES

EVALUATING IT

The following 5 questions are designed to help you determine major red flags in IT’s impact on valuation. Though these questions won’t give you the compressive numbers to assess actual value impact, they can be predictive of a situation where further analysis is warranted. 

IT Stakeholder Perception Assessment 

1

How would major IT stakeholders (CEO, CFO, CMO, sales) grade IT on a scale of 1 to 5 (5 = Outstanding/Always; 1 = severely underperforming or never)? 

A.  IT Agrees to Deliver

1

2

3

4

5

B.  IT Delivers On Time

1

2

3

4

5

C.  IT Delivers On Budget

1

2

3

4

5

D.  IT Enables Company Growth

1

2

3

4

5

E.  IT is Tracked by KPIs

1

2

3

4

5

If you’ve scored an average of 4s and 5s, then well done! However, the more 1s and 2s you get, the greater the likelihood that IT is not optimized for value. 

 From our experience, RKON has seen companies either leverage technology as a competitive advantage to drive value or remain in what we call ‘broken’ or ‘survival’ mode, where IT gets in the way of strategic progress. In broken or survival mode, infrastructure and operational costs exceed benchmark pricing. A major event, usually cultural, needs to transpire to stop IT from competing with strategic goals and to start collaborating with them. The more that’s spent on what we call ‘keeping the lights on’ IT (infrastructure and security), the less is spent on IT that supports growth and becomes a tool for marketing (data, web), customer service, and sales. 

Cybersecurity

2

Have there been any major cybersecurity events that have risen to the board (outages, breaches, ransomware, lost data, etc.)? 

PE firms’ board members are usually the last to know about events that happen in IT. Information moving up the chain of command is generally controlled, but it’s pervasive in this industry. There may be events that haven’t been communicated to the PE firm, or events that IT staff are simply unaware of. However, events serious enough to make it all the way up to the board level are cause for concern and usually mean more expertise and/or remediation are needed to prevent such events from happening again in the future. 

Compliance

3a

Is IT management presenting large investments that seem excessive in order to upgrade security for the purpose of compliance? 

3b

For B2B companies, are you losing deals because you can’t fulfill client RFP requirements, or are there capital requests around technology (the driver for question 3A) as a result of customer requests? 

RKON has seen that inexperience in cybersecurity compliance adds time and cost to becoming compliant or proving compliance to auditors. Skillfully dealing with auditors limits scope and cost. Question 3A is aimed at determining if compliance is on the board’s radar, and, if so, if the costs are alarming. Those costs may not be so high with the right partner. RKON has found a way to implement compliance (i.e., PCI) very quickly at lower-than-expected costs. Question 3B addresses a growing trend where mid-market companies are losing deals because they don’t meet compliance requirements of potential customers, as the rate of companies mandating compliance as table stakes for doing business is growing. 

Cost Optimization

4a

Do you host IT at your own location, or is it hosted in the cloud? 

4b

If IT is hosted at your own location, has a cloud business case been completed? 

We’ve seen PE firms take a hands-off approach in many instances. However, we’ve also seen IT environments where PE owners, CEOs, and CIOs don’t have a comprehensive view of the state of their IT infrastructure and the associated costs. The reality is that oftentimes the people providing information to the CIO (or the CIO presenting information to the CEO) leave out a complete cost assessment while performing a business case. Frankly, this is often done because there’s a culture of DIY (do-it-yourself) that either stems from a legacy mindset or from people making decisions to protect their jobs. As finance people, PE operating partners should understand that a cloud business case should include ALL of the following to make a true assessment of value: 

  • Complementary costs: power, floor space, and storage;

  • Indirect costs like network (“pipes,” connection to the world);

  • The overhead costs of owning a technology: procurement, accounting personnel, and change-management personnel;

  • The prorated salary mapped to time that IT mid-level and executive management dedicate to forecasting, planning, operating, and responding to trouble associated with capacity and performance;

  • Cost of downtime, including preventative maintenance (if PM is done at all);

  • 24/7 system operations for the entire technology ecosystem;

  • Legal and business time to negotiate with multiple vendors;

  • Time to manage multiple hardware and software vendors vs. a single full-service cloud provider: upgrades, training, new feature integration, etc.;

  • HR fees for hiring and developing new people (see IT turnover below); and

  • Lifecycle costs because of technology obsolescence after 3 to 5 years, and the time and cost to refresh. 

IT Staffing Assessment

5

Does IT have continuous turnover, both at the engineering and management levels, and pay contractors because they can’t find replacements? 

Pending the answer for question 1 on how stakeholders rate IT, this non-finance question can be huge in determining how IT is impacting EBITDA. Our IT experience has shown us several things about the mid-market: 

  • IT employees, especially with security expertise, are in demand like never before;

  • At small companies, top people are expected to ‘wear more hats’ than at bigger places, and top talent may be paid more to do less at a bigger company;

  • Many IT people lack skills in cloud operations, new technology (like virtualization), or security;

  • Working in a place where IT is in broken or survival mode is simply not fun and usually involves a ton of overtime and taking blame for things beyond their control. Culture impacts risk and cost, especially in bad times; and

  • A loss of one person at a mid-market company impacts productivity in ways that large companies may not feel. The small staff forces a lot of institutional knowledge on one person. 

+

Additional Follow-Up Questions:
  • How many job openings are there in IT and for what positions? 

  • What’s been the turnover in IT over the last 2 years? 

  • How long has the CIO been in place? 

Want More Insights?
Subscribe to Read More from RKON PE Experts

328 S. Jefferson, Suite 450

Chicago, IL 60661

©2019 by RKON Private Equity