For savvy investors, startups can become literal gold mines. Just take a look at the explosive growth of emerging tech-based industries such as AI assistance, where the CAGR is estimated to stay around 30% for the coming decade.
This leads to a somewhat paradoxical result, however. With so much promise from any given industry, startups can pop up left and right in it. However, not all startups will be worthwhile to invest in. After all, a substantial number of businesses close their doors after just one year.
So, how do you, as an investor, ensure that the startup you can invest in will be the right choice for your portfolio? A big part of that comes in performing due diligence, thus ensuring that the business has a solid footing before it receives an injection of capital. And technical due diligence is perhaps one of the most important processes, all things considered.
What Is Technical Due Diligence?
In simple terms, technical due diligence (also known as “tech DD” or “TDD” in some circles) ascertains a company’s technical infrastructure, applications, and readiness. More specifically, what tech DD looks for is the company’s capacity to scale and grow in line with its (and your) business goals.
A properly conducted TDD reveals potential risks, which can come from business processes, cybersecurity infrastructure, and even code quality and database design. With those in mind, investors can get a much clearer picture of how a startup might perform in both the near and the far future. This opens the door to calculating the potential for short- and long-term return on investment, or even the sheer viability of funneling funds into the company in the first place.
Ultimately, TDD is there to ensure transparency between investors and companies that are opening themselves up to funding. For the former, it allows them much greater insight into the company’s potential. For the latter, it creates a deterministic improvement list to minimize and remove risks before the business enters the market.
Who Performs Technical Due Diligence and Why?
This is a bit of a difficult question to answer. Due to the sheer scope of conducting a TDD, as well as each company’s technological stack being different, the actual people who do the job will vary between one project and the next. Typically, these will include not only various software and hardware engineers, project managers, and security and cybersecurity experts but also legal and economic consultants.
There’s another possible layer to the question. You see, a company can technically order a TDD by itself. In those cases, the contractor is a third-party company that specializes in audits, performance checks, and software development. But more often, it’s up to you as the investor to order a TDD check. After all, it’s called “due diligence” for a reason.
In some cases, investment companies onboard permanent members that perform due diligence checks for every client. This creates three major opportunities. First, it can lower the actual cost of conducting a tech DD, as team members will usually be paid less on average than outside consultants. Secondly, it allows an investor to build rapport with experienced technicians and engineers, potentially streamlining the entire process due to familiarity and past projects. Finally, if your investment company performs all of its tech DDs by itself, you can create a customized checklist for vital metrics and tech stack aspects to look out for. It allows you to more quickly determine if a company would be a good fit for your time and money.
Key Areas to Evaluate During a Technical Due Diligence Audit
As mentioned, TDD audits can vary significantly between one company and the next, depending on what industry you’re focusing on and the extent of the company’s offer on the market. However, there are a few aspects of the company that pretty much have to be checked to ensure you don’t fall into a trap and invest in a company that will quickly go under.
Business Proposal, Strategy, and Roadmap
Somewhat paradoxically, the first step towards conducting a technical due diligence audit might not have anything to do with the actual software platforms and tools, but with project management.
Therefore, the audit should include a detailed SWOT analysis (strengths, weaknesses, opportunities, threats), especially when it comes to competitors. This can be vital in industries that are seeing a significant jump in the number of startups. You as an investor might be approached by multiple companies that all ultimately try to solve the same problem.
How the business is organized and how its business roadmap aligns with its mission will likely allow you to notice and react to “green” or “red flags” from the get-go. Additionally, pay close attention to monetization strategies, especially in terms of their scalability or the break-even points that the company is forecasting. These could be vital in ensuring that the business is not actually a non-starter, as the entire TDD audit becomes relatively meaningless if there’s no organizational foundation to support it.
Technology Stack
This is the foundation of the company’s development and design suites. It includes everything from the programming languages and frameworks that the company plans to use to build and deliver its offer, to the actual tools, platforms, and applications that it will use to maintain its services.
Auditing the technology stack is vital for three reasons:
- It determines whether the company can actually scale from a startup to a large business. This is typically indicated by the complexity of the stack, various integrations that the company’s solution relies on, and the presence of ongoing support for these tools.
- It creates an accurate overview of how modern the company tools are. The more outdated the platform, the harder it might be to find key personnel to develop and maintain solutions in them. This comes from the fact that experienced designers could be prohibitively expensive to hire for the company and be one of the main reasons behind the company trying to find an investment in the first place.
- It ascertains if the company might be over-relying on a single vendor or tool for the bulk of its production. This can create a potential risk. The vendor taking its products off the market or raising prices could mean that the business plan might need a major overhaul, which could be out of scope for a startup.
Code Quality
Beyond what tools and platforms the company uses, how it codes can have a monumental effect on the final result. The code needs to be clear, with minimal errors and inaccuracies. Additionally, how the code is outlined, documented, and commented on can determine long-term prospects of maintaining it and the feasibility of collaboration.
One of the key phenomena to look out for here is technical debt. It refers to using shortcuts that technically solve the problem at hand and might seem like elegant solutions, but only at first. Dig a bit deeper, and the shortcuts usually turn out to be less than helpful. They could lead to more issues, or subsequent designs become less efficient or more difficult to implement.
In general, some amount of technical debt might be unavoidable, depending on the scale of the project. However, an excess of it could mean that the developers who create the shortcuts ultimately become solely responsible for maintaining or improving on it. This can reduce collaboration capacities, lengthen development times, and lead to an over-reliance on a single team member, which can result in frustration.
Security and Compliance
Cybersecurity is one of the rising issues in pretty much every modern industry, as most companies rely on huge swaths of data to conduct business. Unfortunately, the breakneck development of AI and more robust offensive practices means that startups that don’t start planning for cybersecurity from the get-go are unlikely to survive. After all, a significant number of attacks on small businesses puts them at an unreasonably high risk for data loss.
Therefore, a DTT audit should properly review existing and planned security measures, both inside the code and platform itself but also in the organization and member training.
Additionally, note all possible security and compliance standards in the company’s industry. These will guide the company’s security measures, and their implementation (or lack thereof) can guide you toward making a decision on whether to invest in the business.
Intellectual Property Risks
Using open-source code has become relatively commonplace in many tech-based industries. However, this can lead to an over-reliance on foreign code. In some cases, the company might unknowingly (or even knowingly) start using third-party code or libraries. This could create ownership disputes and increase the risk of litigation, which could very well bury the company before it gets off the ground.
Check whether the company owns the patent for its product or service, and make sure that the use of third-party or open-source tools and software is properly documented and tracked. Typically, startups will try their best to provide all the necessary documentation of ownership, but combing through the data can be a complex endeavor if you don’t know what to look for. A legal expert can come in handy here.
Team Members, Organization, and Workflow
While this doesn’t technically fall under the purview of “tech,” determining how each team member “slots into” the company’s infrastructure and mission is a vital aspect of figuring out if it’s a worthy investment. Perhaps more importantly, check the startup’s hiring practices, as well as the availability of competent and experienced talent outside of the company. If a company is trying to make waves in an industry that doesn’t see a lot of high-quality talent, it might suffer from being unable to persuade experts to join a venture that is still in its infancy.
Additionally, consider the cohesiveness of the company’s structure and the distribution between management, executives, and designers or developers. In a small company, it’s relatively normal for people to fill multiple roles on the team. However, executives filling vital development roles might mean that they’re stretched too thin for the company to both grow and manage its products or services in a timely manner.
Even more vitally, it’s important to consider just how your investment can help a business. Your role as an investor in this case might just be to get the company enough funding to fill positions and create a more evenly distributed workload between the team. This permeates through the entire act of performing a technical due diligence audit.
