4 Critical Factors in Software Due Diligence Audits for Mergers & Acquisitions (M&A)
by Phil Odence

The fervor of mergers and acquisitions (M&As) is robust in Asia Pacific, according to leading firm EY (source). The pandemic that has ravaged economies and industries worldwide, led to an acceleration of digital transformation across many industries, even traditionally stoic and static ones like hospitality, food, entertainment, aviation, and travel. Many industries have turned to automation, whether in robotics, AI, and also in digital. This also means companies with aligned interests may look to merging, or acquiring other companies.

In M&A, what is obvious in balance sheets and reports, may not necessarily reveal all that technologies underneath that powers these companies to be merged or acquired, such as software. Some may be proprietary code from large companies or small independent developers, and some may be based on open source software (OSS). One of the things M&A teams should do always, is to audit the software used at companies to be merged or acquired, so that there will not be disastrous outcomes that need extensive and expensive fixing later.

Four aspects of software due diligence audits

Anyone who’s been part of an M&A transaction knows that it’s usually a pretty wild ride. All service providers in that space (including lawyers, accountants, bankers, etc.) know that it is not a 9 to 5 job and that deals often have a mind of their own—and they can proceed at a breathtaking pace. These transactions are also characterized by the millions of details involved.

Expertise and quality of analysis (and the technology to power it) are key aspects of services that support software due diligence as well. Additionally though, the nature of mergers and acquisitions (M&A) add to the list of important features to look for. Look for an external software due diligence audit team that has the track record of handling M&A transactions, which require trust, expertise, and speed.

1. Hyper-responsiveness / timeliness

Due diligence timelines are short, typically a few weeks, and clients are not always bringing in service providers at the front end. So it’s critical that teams are ready to mobilize as soon as the phone rings. Further, transaction close dates are often set in stone, so missing dates is not an option. Scale and flexibility are therefore essential. Look for software due diligence audit teams that respect your requests with responsiveness and follow-through, with the right expertise and proven knowledge to guide you through the audit process to conclusion.

2. Trusted reputation

Uncertainty abounds in M&A transactions, and the due diligence process is about building trust. With so many moving parts, it’s essential that acquirers trust that due diligence teams will do their job and deliver. Clients need to feel that “we’ve got this.” Huge and invasive demands are placed on sellers in these pressure cooker situations, and they need to be comfortable with the people and organizations to which they are disclosing highly sensitive information. Look for software due diligence audit teams that have holistic services and solutions to make the whole audit process smooth and reassuring, while respecting deadlines with continued and sustained communication throughout till conclusion and even beyond.

3. Expertise

Experts are required to assess all aspects of a target’s software and development environment. One of the key elements of trust, beyond confidentiality and delivery consistency, is that the people providing the information are world class, with all the deep and wide knowledge, and are approachable and easy to work with.

4. Quality of results / world-class tools

The bottom line of software due diligence audits is providing useful, insightful results in the form of reports. Behind the scenes are world-class tools and experts who are available to explain, interpret, and advise on results. Look for software due diligence audit teams that come prepared to guide you step-by-step with details you demand, while lending context and professional views to the audit results during review sessions, and handing you a self-explanatory audit report that you can continue to derive insights during and after the M&A.

M&As are exciting and exhilarating, and the stakeholders always desire the best outcomes for all involved. The less hurdles, whether visible or invisible, are cleared out fo the way, the better the outcomes of such M&As. A comprehensive sofware due diligence audit can certainly help tremendously in all M&As, as all modern businesses are run on software, and software can make or break a business.



About the Synopsys Software Integrity Group

Synopsys Software Integrity Group helps development teams build secure, high-quality software, minimizing risks while maximizing speed and productivity. Synopsys, a recognized leader in application security, provides static analysis, software composition analysis, and dynamic analysis solutions that enable teams to quickly find and fix vulnerabilities and defects in proprietary code, open source components, and application behavior. With a combination of industry-leading tools, services, and expertise, only Synopsys helps organizations optimize security and quality in DevSecOps and throughout the software development life cycle. Learn more at www.synopsys.com/software.

About Synopsys

Synopsys, Inc. (Nasdaq: SNPS) is the Silicon to Software™ partner for innovative companies developing the electronic products and software applications we rely on every day. As an S&P 500 company, Synopsys has a long history of being a global leader in electronic design automation (EDA) and semiconductor IP and offers the industry’s broadest portfolio of application security testing tools and services. Whether you’re a system-on-chip (SoC) designer creating advanced semiconductors, or a software developer writing more secure, high-quality code, Synopsys has the solutions needed to deliver innovative products. Learn more at www.synopsys.com.

Author’s Links

Phil Odence

Phil is the general manager of Synopsys’s Black Duck Audit business auditing the composition, security and quality of software for companies on both sides of M&A transactions. He focuses on software due diligence best practices and the M&A market. He also works closely with the company’s law firm partners and the open source community and is a frequent speaker on open source management and M&A. Phil chairs the Linux Foundation's Software Package Data Exchange (SPDX) working group which created an ISO standard for Software Bills of Materials (SBOMs). With decades of software industry experience, Phil held senior management positions at Hammer/Empirix and High Performance Systems, a startup in computer simulation modeling. He began his career in marketing and sales with Teradyne's electronic design and test automation (EDA) software group. He’s also written a book on fly fishing. Phil has an AB and an MS in engineering from Dartmouth College.

Share This