Book Review: “Reviewing IT in Due Diligence”

By   ISBuzz Team
Writer , Information Security Buzz | Feb 17, 2015 05:02 pm PST

When you merge with or acquire another business, you also gain their IT and data. In an ideal world, this integration would be seamless and easy. In reality, however, this is often not the case. Mergers can, for example, lead to the loss of sales systems or to badly configured data. The problems don’t stop in the computer room either – they affect the whole of the business and the success of the merger/acquisition.

“I found this book very interesting. Due diligence is one of those functions that happens way before us ‘IT’ers’ get involved and so this is a useful insight into the work that happens up front and the evidence we can obtain for our work even if we were not involved in the initial due diligence.” — Chris Evans, ITSM Specialist

“Being new to this subject I found the guidance solid and presented in an excellent style. I found it an excellent and informative read.” — Brian Johnson, CA

Don’t make a risky mistake

Businesses and investors use due diligence reviews to ensure such deals do not have nasty hidden surprises, but many overlook the IT systems and services of the businesses they are acquiring and sideline information risk management (IRM) professionals in the due diligence process. In a world of increasing cyber attacks and information security threats, this can be a very risky mistake to make.

Understand the key IT issues to consider as part of the due diligence process – buy this book now.

Key IT issues to consider

Reviewing IT in Due Diligence provides an introduction to IRM in due diligence and outlines some of the key IT issues to consider as part of the due diligence process. For those new to the process, it explains how to conduct an IT due diligence review, from scoping to reporting, and includes information on post-merger integration to realise business benefits from the deal.

For more experienced practitioners, Reviewing IT in Due Diligence provides fresh insight into the process, highlighting issues that need to be addressed, and provides a business case for IRM involvement in the due diligence process.

Topics covered include: Why IT is important to due diligence. The importance of IT security. System reviews and data reviews. Reviewing projects and changes in progress. IT service provision value for money. IT due diligence reporting. Post-merger integration. Comprehensive case studies are included throughout the book.

About the authors

bryan altimasBryan Altimas has over 32 years’ experience of technology risk management, having led teams performing technology due diligence, and having advised organisations in numerous business sectors, locations and circumstances on the effectiveness of their technology strategy in delivering business objectives. He is a qualified accountant, Certified Information Systems Auditor (CISA) and Certified in Risk and Information Systems Control (CRISC). He left KPMG in 2014 after 17 years, in which he contributed to their IT due diligence methodology.

chris wrightChris Wright is a qualified accountant and Certified Information Systems Auditor (CISA) with over 30 years’ experience of providing financial and IT advisory and risk management services. He worked for 16 years at KPMG, where he managed a number of IT due diligence reviews and was head of information risk training in the UK. He has also worked in a wide range of industry sectors including oil and gas, small and medium enterprises, public sector, aviation and travel. He is the author of Agile Governance and Audit, which is also available from ITGP.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x