In the realm of manufacturing, the core mandate is to deliver value to stakeholders. For many in the industry, this is best achieved through a risk-averse approach focused on mastering the essentials—ensuring that automation and control systems function reliably and securely. Only upon establishing this robust foundation should a business consider venturing into advanced optimisation or embracing cutting-edge technological innovations such as industrial AI. Attempting to leap into untested waters without a solid base is a risky strategy, unlikely to appeal to any business owner.
In my work I occasionally participate in due diligence audits where a prospective investor is looking to invest in an existing operation, be it a mine, factory, refinery or other. These due diligence exercises are typically done in a very focused and targeted manner. My role in the audit team is usually to evaluate the business and IT systems and provide an external perspective.
Due diligence and ISO audits have distinct roles, each with its own methodology. Due diligence audits are typically conducted by a multidisciplinary team of experts who assess an operation relative to the strategic goals of the prospective investor. This approach is more flexible, allowing the experts to focus on critical risk areas specific to the investment scenario. These audits go beyond compliance to include identifying opportunities and making informed recommendations. On the other hand, ISO audits, such as ISO 27001, provide a comprehensive assessment to ensure compliance with established standards across all organisational facets. Successfully achieving ISO certification will position a company favourably for due diligence.
The output of a due diligence audit can materially impact the valuation of the company which may mean an acquisition succeeds, or the plant / factory shuts down. In the area of IT, business and supervisory control systems, the physical assets (networks and computers) usually have a low accounting book value relative to other plant and equipment, however the associated data intangibles and intellectual property, together with how it is managed is often very important for an investor.
When engaging in IT due diligence audits, our evaluation typically spans several key areas:
- IT Infrastructure: This includes a review of all hardware and networking configurations, from servers and industrial control systems (like SCADA and PLCs) to cloud and on-site facilities. It is crucial to evaluate their age, condition, and upgrade requirements, focusing on aspects like data centre capabilities and network architecture.
- Software Ecosystem: An audit of software inventories encompasses both business (e.g., ERP and CRM systems) and industrial applications (LIMS, MES, SCADA), with a keen eye on licensing compliance and the integration of various systems. Legacy systems that are out of support are particularly scrutinised to identify any potential risks.
- Cybersecurity Frameworks: Security protocols and policies require rigorous examination, covering vulnerability assessments, access controls, and data protection strategies. Historical incident analysis aids in understanding past challenges and current preparedness.
- Data Management: Understanding how data is stored, protected, and backed up is essential, alongside ensuring data quality and ownership clarity. The audit typically evaluates the practices that secure critical operational data, which is a vital intangible asset in the valuation.
- Operational Support: Assessments extend to IT team structures, vendor management, budget analysis, and change management processes. The alignment of IT operations with business continuity goals is a central concern.
- Compliance and Standards: This involves certifying that the organisation meets industry-specific regulatory requirements and standards, and reviewing audit histories that could impact compliance.
- Continuity and Redundancies: Evaluating disaster recovery plans, system uptime records, and infrastructure redundancy ensures that critical systems maintain operational continuity.
- Integration and Strategic Alignment: Compatibility, scalability, and cultural alignment of the IT systems with organisational goals post-acquisition are essential. Opportunities for cost synergies and eliminating redundancies are also assessed.
- Intellectual Property: It is important to identify proprietary IT systems or innovations and review ongoing projects that might hold potential value for future developments.
- Documentation and Reporting: Comprehensive and up-to-date IT documentation, such as system architecture diagrams and procedural guides, are keys to maintaining robust IT operations.
While innovation such as AI and machine learning is a useful aspect of an IT audit, the real focus lies in inspecting the foundational elements above. These basics more often have the biggest influence on valuation and related strategic decision-making.
In conclusion, while innovation in manufacturing technology is a crucial part of a company’s growth strategy, the foundation must be solid before reaching for the cutting-edge. A regular IT/OT audit not only secures your current operations but also sets the stage for sustainable advancement. By conducting internal audits and adopting a management process geared towards continuous improvement, organisations can be well-prepared for external due diligence.
A proactive approach ensures that, when the time comes, your IT, OT, and business systems are not just compliant, but optimised to add maximum value and readiness for your next phase of business expansion. Good luck!
