What is due diligence or a technical audit

The goal of due diligence is simple: figure out the hidden secrets of the target company that may hurt its value or even kill the deal. But that’s a massive challenge. For investments into technical companies, there is an added challenge. It’s especially difficult to determine what problems a startup has if you are non-technical. That’s where a technical, software audit comes in.

My experience is in evaluating venture capital investment as a part of seed stage or Series A rounds. In either case, the company is raising money to survive another 12 to 18 months. This is called runway. Just like a plane, when you are out of runway, you’re going to crash unless you take off.

A seed stage investment round buys time for a company to find market fit, usually with an investment of up to USD 2 million. If the company can find a consistent user base or revenue stream during this time, they might opt for a Series A investment next. Now the clock is really ticking — they need to scale up and hit revenue or growth targets before money runs out.

When taking a larger investment, there is an inflection point which can be challenging for teams, when they must shift from startup to scale-up. There is a cultural shift within the company that must occur, going from quick and dirty solutions to a quality-first mindset. Understanding exactly which corners have been cut is an essential part of IT due diligence and to do that, you need technical expertise.

The main checklist categories of a due diligence

For each category below, we’ll describe what information to look for and include some sample questions. If you’re familiar with investment rounds, consider skipping to the technical checklist section below.

Structure and general organization

The first requirement for proper due diligence is to gather general information about the target company. This includes the company name, address, tax registration number, URLs, ownership structure, and publicity and marketing materials.

Why this matters: Investors want to verify the company's basic information and ensure it’s legally registered. Is it a real business? Who is the investor planning to bet on?

Sample questions might include:

  • In which cities and countries is the company registered?
  • What are the company's tax registration numbers?
  • What are the company's main marketing URLs?
  • Do you have a publicist?
  • Do any owners or employees have secondary or conflicting interests?
  • Who has equity distribution in the company? — This can be determined by analyzing the capitalization table.

Read: The Ultimate guide to Technical Due Diligence

Strategic assessment

It’s important to determine that an investment will be fruitful. Does this company have strategic value? Is this the right market? Who are the competitors in the market? Is the company exploring product-market fit or are they ready to begin scaling?

Why this matters: Understanding the competitive landscape is key to determining if an investment is worthwhile. If the company is a simple clone of an existing business, then it will be approached differently if it’s solving problems for a new market in an exciting way.

Sample questions might include:

  • How large is the total addressable market?
  • What are the growth opportunities for this market?
  • What differentiates you from your main competitors?
  • How will you stay competitive for the next 2 years?
  • What strategic challenges do you foresee in the coming years?
  • What tier 1 problem does your product or solution eliminate or solve?
  • How many customers do you have?
  • What is your value proposition or innovation?

Assets and financials

This section is the driest. Usually, it involves pouring over financial reports and accounting records. It’s all about how the company looks on paper. Think balance sheets and profit & loss statements.

Why this matters: It’s all about the Benjamins. Determining the true value of a company is an important part of determining how to shape a fair investment offer. Understanding the current liabilities and revenue is a key part of this.

Sample questions might include:

  • What real estate is owned or rented by the company?
  • What physical assets exist?
  • What currency financial liabilities exist?
  • Do you have any patents or trademarks?
  • What are your revenue streams?
  • What is the monthly recurring revenue?
  • Do founders’ shares follow a vesting schedule?

Staying in compliance with government regulations is a challenge for many business owners, especially when laws like GDPR exist without practical guidelines. Your job here is to determine what types of legal liabilities the company is exposed to.

Why this matters: Investors want to limit their liability and avoid buying into a company that is in dire straits. Understanding the legal implications of the purchase and existing legal protections will help them understand what risks might be present in the future.

Sample questions might include:

  • Is there any ongoing or proposed litigation?
  • What insurance coverage does the business hold?
  • What licensing and permits does the company hold?
  • What licensing and permits are necessary for this work?
  • Are there any antitrust or regulatory concerns?
  • What is the environmental impact of doing business?
  • What government regulations apply to the business?
  • What significant contracts and obligations exist for customers, partners, vendors, and other service providers?
  • Are employees required to sign non-compete or non-disclosure agreements?
  • Do the equity holders maintain documents detailing power of attorney, living wills, and last wills?
  • How will the situation be handled if a founder leaves the company?

The 5 pillars: how we evaluate startups and scale-ups during our technical due diligence

Operational assessment

The next section is the biggest and most difficult. Its subsections align with our approach to auditing technical companies and our effort to prevent them from failing.

1/ Team and leadership

People and relationships are the key to good business. Psychological safety is the number one trait of high performing teams according to Google's research. You aren’t only investing in a product but the team too. Will they be able to grow as needed? Do they have all the necessary skills? Are they getting enough feedback? This section is all about team and leadership.

Sample questions might include:

  • What is the structure of the team?
  • Can workers contribute remotely?
  • How does the team collaborate?
  • What roles have been outsourced?
  • When does structured feedback occur?

2/ Processes

The structure behind accomplishing the work itself contributes directly to quality. By creating clear processes — ones that aren’t too heavy —, the team will be able to scale while remaining efficient. Every process will break given enough time, so it’s important that the team has a way to reflect on these and improve them over time. This is the true essence of agility.

Sample questions might include:

  • What ISO certifications do you hold?
  • How do new hires spend their first week?
  • How often is code deployed to production?
  • What happens when a user files a GDPR request?
  • What pain points would exist if the team size tripled in the next month?

3/ Written communication and documentation

It might not seem important, but for small teams, , is the number one way to mitigate the risk of key non-replaceable employees leaving the team. As the company scales, having robust documentation will allow a company to accelerate quickly.

Sample questions might include:

  • Can you show me the vacation policy?
  • Is there a glossary of terms for the work you are doing?
  • Who is responsible for writing technical documentation?
  • How often is the technical documentation updated?
  • In which language is your documentation written?

4/ Problem and solution

Problem and solution are all about the discovery, shaping, and definition of the product is an area that many startups struggle with. Engineers love to build stuff, and they often do just that. It is vital that they are building the right things.

Sample questions might include:

  • Do you perform formal product interviews with end users and customers?
  • How do you validate your ideas?
  • What product metrics do you use to create hypotheses?
  • What assumptions and hypotheses have been tested with experimentation and prototyping?
  • What manually intensive work is necessary to deliver the solution?

5/ Engineering

The most challenging area for non-technical investors is determining the quality of the engineering work. As a CTO in residence, I deeply understand the challenges that startups and scale-ups face. By digging deep into these areas with the help of our talented software engineers, we can determine exactly what will prevent a company from continuing to grow. We do this by gaining access to the code repositories and through interviews.

Sample questions might include:

  • Are your backups automatically tested and regularly restored?
  • Do you use containerization such as Docker or Kubernetes?
  • How is your continuous integration and continuous delivery pipeline configured?
  • What would break if 100 times as many customers sign up tomorrow?
  • What is your open-source licensing strategy?

How to audit people, processes, and technology

We don’t follow a checklist when auditing companies. Instead, we build a relationship with employees in that company and have a conversation about the way things are. There are no right or wrong answers.

Instead our report documents the situation as it is. In this way, we can get an accurate picture of the company and find the gaps between what management believes is true and what is actually going on. In the first year of operation, 22% of professional, scientific, and services focused startups fail. We also wrote an extensive blogposts about the most common challenges faced by startups in 2022.

Technology failure: Jawbone’s case study

A decade ago if you wanted a wearable device, it was made by Jawbone. At the time, wearables were mostly limited to Bluetooth headsets and wireless speakers. In 2014, Jawbone had raised almost USD 1 billion and was valued at USD 3 billion with investments from Sequoia Capital, Andreessen Horowitz, and other big silicon valley names.

So what happened?

Jawbone became the second-costliest VC-backed startup failure of all time. — CB Insights’ research report, Why Do So Many Hardware Startups Fail?

Physical activity trackers were a new market for the company. With small success in earlier versions, they bet big on the 3rd generation of their product. The bracelet was supposed to do two things well for the holiday season: calculate your activity and monitor your heart.

The technical implementation of this product did not match the customer needs and directly led to the failure of the company. Several key features were missing or poorly implemented. By the time issues were addressed, competitors such as Fitbit had captured the market share. Customers made their voice heard, loud and clear. Two years later, the company stopped competing. Could this have been avoided? Would an audit have revealed the quality gap or the lack of customer focus? We think so.

People cause failure too — Why company culture is so important

I’ll start by saying that diversity is absolutely essential to a thriving company. When I’m talking about company culture, I’m not referring to the fun ways that companies spend their leisure time together but instead the values that permeate throughout the organization. And you should absolutely focus on aligning employees with these beliefs and priorities. 

When it’s obvious to your team and your community that the company rewards people for acting in certain ways, or punishes them for not, you should codify those actions and make their importance transparent, or realize that it’s something you don’t want as part of the culture and work to abolish it. — Rand Fishkin, Former CEO & Founder at Moz

Companies that have fundamental issues with culture will not be capable of building stable products. Think of the situation where a manager wants something made quick and dirty, but the team is focused on quality. If a deadline is looming, what is the right decision?

Culture is where you find your answer and the team needs to be aligned. We are a big fan of the idea of culture add where new hires challenge the status quo. Employees can easily lose motivation if they feel that their personal values conflict too much with those of the company.

Audits and due diligence - madewithlove
Audits and due diligence content by madewithlove. Helping SaaS startups and scale-ups build teams and software. Welcome to our knowledge base.

Are you an expert auditor?

We’ve performed scores of audits as part of technical due diligence. Our most difficult audits involved working with interpreters for Chinese engineering teams. Nuance is key when it comes to uncovering the sticky bits of a company. A slight hesitation here. A leading question there. Experience in asking these questions and recognizing patterns in responses is essential to defining the situation with accuracy.

One approach is to hire freelance engineers to help evaluate a codebase. This can give you an excellent baseline when it comes to code quality and the technical solution itself. But as you’ve seen above, there are 4 other core pillars to the operational side of things. Has this freelancer worked in a high performance team? Do they understand the best practices and necessary processes? Are they also experts in product design and discovery?

If this seems like a big challenge… it is. Madewithlove can find the answers to your questions and concerns. Check out our due diligence report for software investment. You can read more about our audits or download a sample report.

A little bit about our audits