Awesome
Curated List of Technical Due Diligence Questions
Technical due diligence process is used to capture a snapshot to develop a thorough understanding of the technological state of a business to be able to make accurate and effective valuations for fundraising and investment rounds.
In this list, you will find a series of questions that range from human resources to disaster recovery where each one addresses a specific aspect of what makes a technology company. The way how handled with these topics is what makes a company unique in its own way.
To get the most out of this document, put your best effort into
answering as honestly and openly as possible* *all the questions that
apply to your business. In any case, you will gain a different
perspective over the current state of your business.
For a professional follow-up evaluation report on your answers or for
further technical auditing services please contact me.
Business
- Briefly introduce your company.
- Briefly introduce yourself. What's your role in the company?
- Which industry is your business in?
- Which phase of funding are you in right now?
- Who are your direct competitors with similar products?
- Do you have domestic/foreign patents/utility models/licenses of the technology / IP you have created?
- How compliant is your business with regional laws such as GDPR / KVKK technology wise?
Product / Service
- Briefly describe the product. What does it do and what problems does it solve?
- What is your target market?
- How far ahead do you have your product roadmap written down?
- How do you do the planning? What do you take into consideration? Who else contributes to the process?
- Have you or someone from your team built a similar product in the past? What was it?
- Do you or your team use your product regularly?
- How do you collect user/ customer feedback about the product? How do you utilize all the feedback?
- Are there any customized versions of your product deployed to some clients that are billed separately from the standard payment methods?
Team / Hiring / Human resources
- How many people are there in your team? How many have shares in the company?
- Briefly explain existing roles and their responsibilities in your team.
- Who are the team key players? Briefly explain.
- How many of them worked for / with you (elsewhere) in the past?
- Is the person who wrote the initial version still one of the main developers?
- How often do you do one-on-ones with your team?
- How does the team communicate and make decisions?
- How do you do the onboarding of new team members? How long does it take for a new member to get into actual coding?
- How do you make sure that the whole team is on the same page?
- What are the values of your engineering organization? Do all your team share those values?
- Do you have a list of missing roles / talent in your organization?
- How do you find and attract new talents?
- How does your interview process work? Who else contribute to the process? Who decides on the hiring?
- What is your career development plan for your team members?
- Last year, how many people have left and how many have joined? What was the main reason for them to leave?
- How do you keep the talent from leaving? How do you keep your team motivated?
- Do you have a list of possible contractors / service providers / former team members at hand if immediate need rises?
- How would you improve the development team?
- How would you improve the hiring process?
Technology / Code
- How do you keep yourself and your team up to date with the latest technologies?
- What technologies (frameworks/languages) do you use for the product? How do you decide on them?
- What are the new technology transformations you are planning?
- Has all the software been coded in the house? How do you choose build vs buy?
- How well is your code documented?
- How well is your product documented?
- How much are you aware of your code's dependencies? What happens if for some reason a dependency is not accessible anymore?
- Do you have anything hardcoded in the code? How do you show certain features to a limited number of users?
- What development methodology do you use? Briefly explain.
- How do you keep a consistent coding style? Briefly explain.
- How do you keep a consistent development / release environment across all involved systems, including developers’?
- How do you evaluate your code's quality?
- How much of your code is reusable?
- How do you use bug / issue trackers?
- How many open issues/defects are there? How old is the oldest? How many of them did you close last month?
- How do you use source / version control?
- How do you do code reviews?
- How do you test your code? How much of your code is covered?
- How do you test your product?
- How much technical debt do you have? What is your pay back strategy?
- What do you optimize for?
- How often do you ship new releases of your product? What is your releasing strategy?
- How do you deliver new releases? Briefly explain your integration and delivery process.
- How accurate is your release timelines? Briefly explain the reasons.
- How often do you find yourself shipping products with known bugs?
- How do you deploy new releases? Briefly explain your deployment process.
- How often do you find yourself carrying out manual tasks on servers? Briefly explain.
- What happens when a deployment task fails?
- Does the software automatically notify you of errors?
- How do you measure the effects / outcomes of each new release?
- How would you improve the development processes?
- How would you improve the deployment processes?
Architecture and Infrastructure
- How much of your architecture and infrastructure is documented?
- How many vendors (AWS, Azure, etc) is your service/ product scattered across? Briefly explain.
- Which 3rd party systems (payment, invoicing, others) do you use? Briefly explain.
- How dependent are you to a specific vendor? What happens if they go down / halt operations?
- What are the possible bottlenecks of your architecture? What keeps you awake at night?
- How do you measure the current max capacity of the system?
- Do you know how much it can support? How close are you to the limits right now?
- Are you able to easily scale up / down your infrastructure on a few clicks?
- What metrics do you use to determine if you are not scaled appropriately?
- What aspects of the system do you think might not scale well?
- Are you able to easily shift your services to other locations / providers? Briefly explain.
- What isn't automated that should be?
- Are there any single points of failure? Briefly explain.
- What would you have to change to accommodate x10, x100, x1000 more users?
- How would you improve maintainability?
Security, Continuity, Monitoring
- What are you monitoring? Briefly explain.
- Which monitoring tools are you using?
- How do you measure usage/user statistics?
- How do you measure the value of users?
- Are there any parts in the system that are understood by only one person?
- What requires admin privileges? Who has it?
- What kind of security measures are taken against standard stuff like SQL injection, XSS, etc?
- In the case of a security breach, how much data/business would be at risk?
- Have you ever had a data breach? What do you think the reason was?
- How do you test your product security wise?
- How would you know if any kind of security breach happens?
- How would you make the system more secure?
- What's your backup strategy? Briefly explain.
- Would a DDoS attack put you out of business? Briefly explain.
- Do you have an IT Disaster Recovery Plan? Briefly explain
- Do you have a Business Continuity Plan? Briefly explain
Budgeting
- What is the technology team budget (ie. %x of total annual) and how is it allocated?
- Are the allocations always used as planned? Briefly explain.