Awesome

Curated List of Technical Due Diligence Questions

Technical due diligence process is used to capture a snapshot to develop a thorough understanding of the technological state of a business to be able to make accurate and effective valuations for fundraising and investment rounds.

In this list, you will find a series of questions that range from human resources to disaster recovery where each one addresses a specific aspect of what makes a technology company. The way how handled with these topics is what makes a company unique in its own way.

To get the most out of this document, put your best effort into answering as honestly and openly as possible* *all the questions that apply to your business. In any case, you will gain a different perspective over the current state of your business.

For a professional follow-up evaluation report on your answers or for further technical auditing services please contact me.

Business

• Briefly introduce your company.
• Briefly introduce yourself. What's your role in the company?
• Which industry is your business in?
• Which phase of funding are you in right now?
• Who are your direct competitors with similar products?
• Do you have domestic/foreign patents/utility models/licenses of the technology / IP you have created?
• How compliant is your business with regional laws such as GDPR / KVKK technology wise?

Product / Service

• Briefly describe the product. What does it do and what problems does it solve?
• What is your target market?
• How far ahead do you have your product roadmap written down?
• How do you do the planning? What do you take into consideration? Who else contributes to the process?
• Have you or someone from your team built a similar product in the past? What was it?
• Do you or your team use your product regularly?
• How do you collect user/ customer feedback about the product? How do you utilize all the feedback?
• Are there any customized versions of your product deployed to some clients that are billed separately from the standard payment methods?

Team / Hiring / Human resources

• How many people are there in your team? How many have shares in the company?
• Briefly explain existing roles and their responsibilities in your team.
• Who are the team key players? Briefly explain.
• How many of them worked for / with you (elsewhere) in the past?
• Is the person who wrote the initial version still one of the main developers?
• How often do you do one-on-ones with your team?
• How does the team communicate and make decisions?
• How do you do the onboarding of new team members? How long does it take for a new member to get into actual coding?
• How do you make sure that the whole team is on the same page?
• What are the values of your engineering organization? Do all your team share those values?
• Do you have a list of missing roles / talent in your organization?
• How do you find and attract new talents?
• How does your interview process work? Who else contribute to the process? Who decides on the hiring?
• What is your career development plan for your team members?
• Last year, how many people have left and how many have joined? What was the main reason for them to leave?
• How do you keep the talent from leaving? How do you keep your team motivated?
• Do you have a list of possible contractors / service providers / former team members at hand if immediate need rises?
• How would you improve the development team?
• How would you improve the hiring process?

Technology / Code

• How do you keep yourself and your team up to date with the latest technologies?
• What technologies (frameworks/languages) do you use for the product? How do you decide on them?
• What are the new technology transformations you are planning?
• Has all the software been coded in the house? How do you choose build vs buy?
• How well is your code documented?
• How well is your product documented?
• How much are you aware of your code's dependencies? What happens if for some reason a dependency is not accessible anymore?
• Do you have anything hardcoded in the code? How do you show certain features to a limited number of users?
• What development methodology do you use? Briefly explain.
• How do you keep a consistent coding style? Briefly explain.
• How do you keep a consistent development / release environment across all involved systems, including developers’?
• How do you evaluate your code's quality?
• How much of your code is reusable?
• How do you use bug / issue trackers?
• How many open issues/defects are there? How old is the oldest? How many of them did you close last month?
• How do you use source / version control?
• How do you do code reviews?
• How do you test your code? How much of your code is covered?
• How do you test your product?
• How much technical debt do you have? What is your pay back strategy?
• What do you optimize for?
• How often do you ship new releases of your product? What is your releasing strategy?
• How do you deliver new releases? Briefly explain your integration and delivery process.
• How accurate is your release timelines? Briefly explain the reasons.
• How often do you find yourself shipping products with known bugs?
• How do you deploy new releases? Briefly explain your deployment process.
• How often do you find yourself carrying out manual tasks on servers? Briefly explain.
• What happens when a deployment task fails?
• Does the software automatically notify you of errors?
• How do you measure the effects / outcomes of each new release?
• How would you improve the development processes?
• How would you improve the deployment processes?

Architecture and Infrastructure

• How much of your architecture and infrastructure is documented?
• How many vendors (AWS, Azure, etc) is your service/ product scattered across? Briefly explain.
• Which 3rd party systems (payment, invoicing, others) do you use? Briefly explain.
• How dependent are you to a specific vendor? What happens if they go down / halt operations?
• What are the possible bottlenecks of your architecture? What keeps you awake at night?
• How do you measure the current max capacity of the system?
• Do you know how much it can support? How close are you to the limits right now?
• Are you able to easily scale up / down your infrastructure on a few clicks?
• What metrics do you use to determine if you are not scaled appropriately?
• What aspects of the system do you think might not scale well?
• Are you able to easily shift your services to other locations / providers? Briefly explain.
• What isn't automated that should be?
• Are there any single points of failure? Briefly explain.
• What would you have to change to accommodate x10, x100, x1000 more users?
• How would you improve maintainability?

Security, Continuity, Monitoring

• What are you monitoring? Briefly explain.
• Which monitoring tools are you using?
• How do you measure usage/user statistics?
• How do you measure the value of users?
• Are there any parts in the system that are understood by only one person?
• What requires admin privileges? Who has it?
• What kind of security measures are taken against standard stuff like SQL injection, XSS, etc?
• In the case of a security breach, how much data/business would be at risk?
• Have you ever had a data breach? What do you think the reason was?
• How do you test your product security wise?
• How would you know if any kind of security breach happens?
• How would you make the system more secure?
• What's your backup strategy? Briefly explain.
• Would a DDoS attack put you out of business? Briefly explain.
• Do you have an IT Disaster Recovery Plan? Briefly explain
• Do you have a Business Continuity Plan? Briefly explain

Budgeting

• What is the technology team budget (ie. %x of total annual) and how is it allocated?
• Are the allocations always used as planned? Briefly explain.