April 2015 | Point of View

Eight things private equity firms should consider when assessing the CIO during diligence

Eight things private equity firms should consider when assessing the CIO during diligence

A sound IT function is not only critical for enabling business performance; it's vital to producing the information necessary to manage on a day-to-day basis. 


Throughout the diligence process, your primary goal is to learn as much information as possible in order to ensure a transparent understanding of Target. If done correctly, diligence helps you reduce or eliminate any surprises after close. One area that is ripe for surprises is the Information Technology (IT) function. A sound IT function is not only critical for enabling business performance—both current and future; it also is vital to producing the information necessary to manage on a day-to-day basis. One key way to assess the IT function is through an evaluation of the company’s Chief Information Officer (CIO).

As you navigate the diligence process, these are eight key considerations for assessing Target’s CIO. By addressing each of these topics, you will develop a sound understanding of the CIO’s capabilities, leadership skills, his/her fit to lead your new portfolio company, as well as an advance notice of any potential need to embark on a replacement strategy immediately after close. 

IT background 

A good starting point is looking at the CIO’s professional background. Did he/she grow up in IT? If so, does he/she have an infrastructure or application background? Statistically speaking, a CIO who grew up doing application work has greater business acumen and business process knowledge than someone who grew up on the infrastructure side. Alternatively, some CIOs may not have had any IT training, but they have been very successful because of their deep understanding of the business and ability to optimally align information technology with business requirements. For companies with revenue under $150 million, however, having a CIO with no IT background can be problematic, given their need to be more involved in technical decisions. Finally, the value of an application or infrastructure background can differ based on the company type or industry. For example, an application background is better suited for a software company, while an infrastructure background might better align with a hosting provider. Take the time to understand the CIO’s background and understand how his/her strengths or weaknesses align with your new business. 

Business and industry knowledge 

Once you identify the CIO’s background, the next step is to evaluate his/her understanding of the business and overall industry knowledge. Simply put, does he/she understand how the company makes money? Can the CIO articulate the key business processes? Can the CIO name the top 10 clients? A CIO who lacks sound understanding of the business will struggle to provide innovative ideas and will likely mold the function into a “cost center.” In addition to assessing the CIO’s business understanding, you should determine whether he/she has industry domain knowledge. This is particularly important for certain industries, such as healthcare or financial services. For example, it is important for a CIO to understand HIPAA requirements or banking regulations. The CIO doesn’t need to be the expert in the room but should have a high level understanding of the key industry regulations that will impact IT services or customer solutions. 

IT strategy 

Once you understand the CIO’s background and business/industry knowledge, it is essential to assess the IT strategy. Focusing on the following six areas can provide you with specific insight: 

  • Lead with the simple question, “Can I see the IT Strategy?” Often, the answer is, “Well, I don’t really have anything documented…”. This is a bad start and likely an indication that the IT function is reactive, doesn’t understand the business strategy, and maintains a “cost center” mindset. Without a formal IT strategy, it’s difficult to understand if the company is prioritizing IT investments appropriately. 
  • If the company has an IT strategy, you should then validate that the very first section is an articulation of the business strategy. Without it, it is impossible to develop a sound IT strategy. The IT strategy should support the business strategy; accordingly, all key IT initiatives should align with the IT strategy, which can then be linked to the business strategy. 
  • Next, seek to understand how the IT function views itself. The IT strategy should shed some light on this. Does IT play the role of a cost center, service center, or innovation center? What is the function’s “identity”? The business strategy will, to some extent, shape this identity, but the IT function should have an ownership stake in how the company defines its role. 
  • The mobile movement is here, and it is changing facets of every business, particularly the customer experience. The IT strategy should articulate how mobile technology impacts the various stakeholders – from the internal sales force to external customers – and document a plan for capitalizing on this new technology medium. 
  • Data Management is the concept of identifying, capturing, storing, protecting, and mining company data for both internal and external use. Does the company capture data that it could leverage as an external asset? While this may not be applicable for every company, data management should be addressed in every IT strategy. 

The “Run, Grow, Transform” framework is used to categorize IT investments, projects, or effort. Once the “identity” (see above) is defined, the IT function should use this framework to categorize initiatives. A typical allocation is 60 percent, 20 percent, 20 percent, but this can (and should) fluctuate each year based specific business priorities. Ideally, the IT strategy should reflect this framework (or similar) in the way it categorizes and prioritizes IT initiatives. As an aside, this framework provides a great communication lexicon with the business. 

Outsourcing, managed services, software as a service (SAAS), etc. 

It’s okay if these concepts are confusing to you as the new owner, but they can’t be confusing to the CIO. Outsourcing and cloud based solutions are becoming more prevalent as functionality increases, costs flatten, and data security concerns are alleviated. Be sure to understand the CIO’s strategy for leveraging these solutions. Whether it is used for data backup, payroll, or application development, outsourcing—in some form—has a role in every organization. These solutions can reduce capex spend greatly and ease the “Run” aspect of the IT framework described above, allowing IT to focus on more strategic initiatives—those classified as “Grow” and “Transform.” Finally, these solutions can increase business operations spend (due to the large decrease in capex spend); therefore, you should also discuss the impact on EBITDA. 

Acquisition experience 

If acquisitions are in your future, having a CIO who has been through acquisitions or mergers will pay dividends. He/she will understand the technology challenges and likely have some valuable acquisition scars. More importantly, though, he/she will understand the organizational change that is required to ensure a successful acquisition—a factor that is always underestimated and undervalued. If you do plan more acquisitions, inquire about the number, size, duration, technology platforms, and outcome of the acquisitions through which the CIO has been. 

Performance metrics 

During your conversation with the CIO, ask for performance data or metrics regarding the IT environment. CIOs love to use technology buzz words and acronyms – but be sure to get past that and inquire about how the IT function measures component maturity (application availability, scalability, capacity), as well as service level metrics (online orders processed, orders shipped, etc.). This data will shed light on the maturity of the IT environment. For some industries, such as financial services, certain metrics are critical given that minutes of downtime can equate to millions in lost revenue (also known as the Cost of Poor Quality - CoPQ), not to mention damage to the company brand. 

Reporting environment 

Very early in the diligence phase, and likely well before you talk with the CIO, you’ll gain an understanding of the reporting environment based on how well Target was able to respond to your data/reporting requests. In addition to inquiring about certain reports, seek to understand the processes behind developing those reports. How much manual activity is involved in the financial consolidation process? How many data sources are providing operational data? Is the company generating financial reports from a centralized data store? Understanding the processes behind the reports will give you a better picture of the reporting infrastructure and how/if the company will be able to generate the additional reports you need to run the business. 


We all know people who are so frugal that you cringe at some of their short-sighted decisions. Being cost conscious is good, but being too frugal is not. One such CIO who comes to mind beamed with pride as he described his data backup solution: a thumb drive on which he manually copied data (daily) and that he stored at home (which violates HIPAA regulations). While you can’t directly ask questions about frugality, you should always be listening for signs of it. A CIO who measures him/herself based on how little he/she spends will pay for it in other ways. Be wary. 

Starting early is critical 

Gathering the information above can help you assess the quality of Target’s CIO and whether he/she is a good fit to lead your new portfolio company. Given that it may take six to 12 months to find the right replacement (which could be 25 percent of your hold period), it’s critical to perform this assessment as early as possible. 

Explore our latest perspectives