When reviewing a technology platform during an acquisition, merger, or investment, it's easy to be dazzled by demos and promises. But beneath the surface, hidden ICT risks can turn into costly roadblocks. Based on years of due diligence reviews, here are the top five red flags every board should keep in mind.
1. Aging Monolithic Architecture
If a platform is still running on a monolith with no clear roadmap for modularisation, expect scalability issues. This slows down go-to-market, inflates delivery estimates, and blocks innovation. Without a plan for microservices or modernisation, technical debt becomes a drag on growth.
2. Weak Governance and Delivery Discipline
Scrum ceremonies on paper, but no real backlog governance, no prioritisation framework, and reactive product delivery? That's a sign of weak leadership alignment. It often leads to missed RFPs, unhappy customers, and internal friction.
3. Over-Reliance on Key Individuals
A handful of senior engineers or architects holding the critical knowledge? That's a classic key man risk. If one leaves, delivery schedules collapse. Investors should always ask: how resilient is the team without its top two people?
4. Poor Security and Compliance Posture
ISO 27001 certification is a good baseline, but check the details:
- •Is penetration testing done regularly, with fixes tracked?
- •Are APIs properly secured with OAuth2/OpenID or just static keys?
- •Is data isolation between tenants enforced and monitored?
Compliance gaps here can derail deals, especially in regulated industries like health or finance.
5. No Product Strategy, Just Client Requests
A purely client-driven backlog signals a reactive culture. Without a product vision and ROI-driven roadmap, resources are wasted on low-value features, leaving the platform uncompetitive. Boards should see this as a risk to valuation.
The Bottom Line
Each of these risks is fixable with the right leadership and focus. The danger lies in not recognising them early enough. A strong ICT due diligence doesn't just identify the problems—it provides a clear, pragmatic path to remediation.