Press Releases

Press releases > Selling Your Business: IT Audit Will be Part of Buyer's Due Diligence

Selling Your Business: IT Audit Will be Part of Buyer's Due Diligence

By Generational Equity

Aug 23, 2016, 04:00 et

IT Due Diligence

A complete review of a company's IT processes and systems is a growing trend in the due diligence process required prior to the sale of a company. Business owners who do not take IT security into account may wind up receiving less money for their enterprise or face a reduced list of prospective buyers willing to review their opportunity due to the IT-related risk.

"Keep in mind that more and more professional buyers are adding IT policies and security procedures to their standard due diligence protocol," said Terry Mackin, Managing Director of Mergers & Acquisitions with Generational Equity, a leading M&A consulting firm.

"This means that if you are considering exiting your business in the next few years, getting your IT policies, systems and procedures, especially as they relate to security, fully up to industry standards will be critical."

"In past years, buyer due diligence focused largely on the financials, operations, marketing, sales and HR of the target company," said Carl Doerksen, Director of Corporate Development for Generational Equity.

"Today there is a growing trend to have due diligence encompass IT because buyers are realizing that the company they are acquiring is only as strong as the weakest link in its IT system."

"For this reason, as we are working with our clients to prepare to take their company to market, we are encouraging them to re-double their cybersecurity efforts to ensure their computer systems are protected with solid firewall, malware and virus software policies in place," added Doerksen.

According to a recent study conducted by the Ponemon Institute sponsored by IBM, the cost of a data breach is currently estimated to run as high as $4 million on average, an increase of 29% since 2013.  

While large data breaches receive the most publicity, the reality is no business is safe from unwanted attacks, no matter how small the company or what industry it is in.

"If you are lax and lazy with your computer controls, at a minimum you are open to an attack. Even worse, when you sit down with a buyer, their concerns in this area could kill the deal or be taken into account when determining what they are willing to pay for the business," said Mackin. 

"The last thing a buyer wants to acquire is a company with an antiquated IT system that is full of holes that hackers can enter. The liability is just too great."

Even if you are never attacked, having a policy in place that clearly outlines how you are protecting your company and key data will give buyers more confidence that not only are they buying a solid, well run business, they also are not going to wake up one day and find that all of the data they have acquired has been compromised.

About Generational Equity

Generational Equity provides mergers, acquisitions, strategic growth advisory services, and information for privately held and family-owned businesses to exit their companies successfully.

Generational Equity uses a four-phase approach that includes M&A education, financial analysis and reporting, sales documentation and deal-making ability to offer business owners an unparalleled level of commitment and experience, all focused on helping to release the generational equity and wealth in every business.

Generational Equity is headquartered in Dallas, TX, has more than 200 professionals located throughout North America, and was recently recognized by the M&A Advisor as the Valuation Firm of the Year.

For more information, visit, or the Generational Equity Press Room.