/technical_due_diligence

Curated list of technical due diligence questions

Curated List of Technical Due Diligence Questions

Technical due diligence process is used to capture a snapshot to develop a thorough understanding of the technological state of a business to be able to make accurate and effective valuations for fundraising and investment rounds.

In this list, you will find a series of questions that range from human resources to disaster recovery where each one addresses a specific aspect of what makes a technology company. The way how handled with these topics is what makes a company unique in its own way.

To get the most out of this document, put your best effort into answering as honestly and openly as possible* *all the questions that apply to your business. In any case, you will gain a different perspective over the current state of your business.

For a professional follow-up evaluation report on your answers or for further technical auditing services please contact me.

Business

  • Briefly introduce your company.
  • Briefly introduce yourself. What's your role in the company?
  • Which industry is your business in?
  • Which phase of funding are you in right now?
  • Who are your direct competitors with similar products?
  • Do you have domestic/foreign patents/utility models/licenses of the technology / IP you have created?
  • How compliant is your business with regional laws such as GDPR / KVKK technology wise?

Product / Service

  • Briefly describe the product. What does it do and what problems does it solve?
  • What is your target market?
  • How far ahead do you have your product roadmap written down?
  • How do you do the planning? What do you take into consideration? Who else contributes to the process?
  • Have you or someone from your team built a similar product in the past? What was it?
  • Do you or your team use your product regularly?
  • How do you collect user/ customer feedback about the product? How do you utilize all the feedback?
  • Are there any customized versions of your product deployed to some clients that are billed separately from the standard payment methods?

Team / Hiring / Human resources

  • How many people are there in your team? How many have shares in the company?
  • Briefly explain existing roles and their responsibilities in your team.
  • Who are the team key players? Briefly explain.
  • How many of them worked for / with you (elsewhere) in the past?
  • Is the person who wrote the initial version still one of the main developers?
  • How often do you do one-on-ones with your team?
  • How does the team communicate and make decisions?
  • How do you do the onboarding of new team members? How long does it take for a new member to get into actual coding?
  • How do you make sure that the whole team is on the same page?
  • What are the values of your engineering organization? Do all your team share those values?
  • Do you have a list of missing roles / talent in your organization?
  • How do you find and attract new talents?
  • How does your interview process work? Who else contribute to the process? Who decides on the hiring?
  • What is your career development plan for your team members?
  • Last year, how many people have left and how many have joined? What was the main reason for them to leave?
  • How do you keep the talent from leaving? How do you keep your team motivated?
  • Do you have a list of possible contractors / service providers / former team members at hand if immediate need rises?
  • How would you improve the development team?
  • How would you improve the hiring process?

Technology / Code

  • How do you keep yourself and your team up to date with the latest technologies?
  • What technologies (frameworks/languages) do you use for the product? How do you decide on them?
  • What are the new technology transformations you are planning?
  • Has all the software been coded in the house? How do you choose build vs buy?
  • How well is your code documented?
  • How well is your product documented?
  • How much are you aware of your code's dependencies? What happens if for some reason a dependency is not accessible anymore?
  • Do you have anything hardcoded in the code? How do you show certain features to a limited number of users?
  • What development methodology do you use? Briefly explain.
  • How do you keep a consistent coding style? Briefly explain.
  • How do you keep a consistent development / release environment across all involved systems, including developers’?
  • How do you evaluate your code's quality?
  • How much of your code is reusable?
  • How do you use bug / issue trackers?
  • How many open issues/defects are there? How old is the oldest? How many of them did you close last month?
  • How do you use source / version control?
  • How do you do code reviews?
  • How do you test your code? How much of your code is covered?
  • How do you test your product?
  • How much technical debt do you have? What is your pay back strategy?
  • What do you optimize for?
  • How often do you ship new releases of your product? What is your releasing strategy?
  • How do you deliver new releases? Briefly explain your integration and delivery process.
  • How accurate is your release timelines? Briefly explain the reasons.
  • How often do you find yourself shipping products with known bugs?
  • How do you deploy new releases? Briefly explain your deployment process.
  • How often do you find yourself carrying out manual tasks on servers? Briefly explain.
  • What happens when a deployment task fails?
  • Does the software automatically notify you of errors?
  • How do you measure the effects / outcomes of each new release?
  • How would you improve the development processes?
  • How would you improve the deployment processes?

Architecture and Infrastructure

  • How much of your architecture and infrastructure is documented?
  • How many vendors (AWS, Azure, etc) is your service/ product scattered across? Briefly explain.
  • Which 3rd party systems (payment, invoicing, others) do you use? Briefly explain.
  • How dependent are you to a specific vendor? What happens if they go down / halt operations?
  • What are the possible bottlenecks of your architecture? What keeps you awake at night?
  • How do you measure the current max capacity of the system?
  • Do you know how much it can support? How close are you to the limits right now?
  • Are you able to easily scale up / down your infrastructure on a few clicks?
  • What metrics do you use to determine if you are not scaled appropriately?
  • What aspects of the system do you think might not scale well?
  • Are you able to easily shift your services to other locations / providers? Briefly explain.
  • What isn't automated that should be?
  • Are there any single points of failure? Briefly explain.
  • What would you have to change to accommodate x10, x100, x1000 more users?
  • How would you improve maintainability?

Security, Continuity, Monitoring

  • What are you monitoring? Briefly explain.
  • Which monitoring tools are you using?
  • How do you measure usage/user statistics?
  • How do you measure the value of users?
  • Are there any parts in the system that are understood by only one person?
  • What requires admin privileges? Who has it?
  • What kind of security measures are taken against standard stuff like SQL injection, XSS, etc?
  • In the case of a security breach, how much data/business would be at risk?
  • Have you ever had a data breach? What do you think the reason was?
  • How do you test your product security wise?
  • How would you know if any kind of security breach happens?
  • How would you make the system more secure?
  • What's your backup strategy? Briefly explain.
  • Would a DDoS attack put you out of business? Briefly explain.
  • Do you have an IT Disaster Recovery Plan? Briefly explain
  • Do you have a Business Continuity Plan? Briefly explain

Budgeting

  • What is the technology team budget (ie. %x of total annual) and how is it allocated?
  • Are the allocations always used as planned? Briefly explain.