Preparing for digital due diligence: an app developers perspective

By Tobin Harris, April 24, 2021

Managing Director at Pocketworks, app development specialists.

Planning Your App 


← Back to the blog

If your company is taking VC or PE or some other form of investment, it is likely that your digital products and processes will be audited as part of their due diligence.

Our team have recently supported this process, so I’m sharing a few things that might help you prepare for digital due diligence, mostly from a digital product perspective where UX, development, quality and agility are all important. This mostly covers the digital skillsets angle.

I'll start by discussing a few more “human” things.

Is it stressful?

If you're anyone who's built a business or department, the thought of having external experts come in and judge everything you’ve done is quite stressful. And it is. However, in my experience, the audit will create a lot of work for you, but there is nobody really out to “get you”. They just want to get a clear and detailed picture of where your products and practices are at.

So, yes, you’re going to have to answer a ton of questions and document what you’re doing. But nobody is perfect and your auditors will know that.

What are auditors looking for?

A quick confession. I’m not an expert at digital due diligence, nor have I had to lead the effort. I’ve only dealt with it as part of supporting another business.

In my experience, the main objective of digital due diligence is to understand what needs to be fixed or improved. Your investor is likely to increase the EBITDA of your company, so they need to assess the efficiency of the processes and effectiveness of the digital products.

If there are any flags, that will feed into a roadmap of improvements to drive up the value of the business.

What is audited during digital due diligence?

I run a UK app development company, and our team has offered support in answering questions around UX, digital products and processes. Here’s a high-level list of areas under scrutiny.

  • User Experience
  • Agility & Product Process
  • Technical Architecture
  • Technical Infrastructure
  • Product Metrics (important!)

Finding all this information will take time, but the good news is that you will be able to answer it all. After all, they’re pretty straight forward questions.

Next, let’s take a brief look at each of these areas.

User Experience Audits

A UX audit helps an investor understand the quality of experience customers or employees have using your digital products. Some areas they’ll look at are.

  • Customer Tasks: how easy is it to perform the core tasks using your mobile app or digital product?
  • Competitor Features: how do your features compare to those of competitors?
  • Accessibility: To what degree is the solution usable by people with disabilities?
  • Heuristic Evaluation: How does the product UX feel, from a professional designers perspective?

This is all fairly standard in the world of UX. Most UX companies (including Pocketworks) will be doing these tasks as part of a discovery process unrelated to due diligence.

Agility & Product Process Audits

A software delivery team should have healthy practice and be able to respond to change - which is what agility is all about.

When looking at your agility and processes, expect to answer questions such as:

  • What is the end to end product development lifecycle?
  • Where do product changes originate? Customers? The business?
  • What process measures do you have (velocity? Cycle time?)
  • Who is involved?
  • What are the quality practices?
  • What product metrics do you measure?

Technical Architecture

This covers details about your mobile apps, middleware, web applications etc.

You will need to document key decisions made, such as:

  • For each product, what is the architecture?
  • What languages and frameworks is it built on?
  • What 3rd party components do you use?

For a typical app, there might be dozens if not hundreds of dependencies on open source libraries, commercial components etc. You may also need to look at the individual licenses for these - MIT, GPL etc.

Technical Infrastructure

This covers the infrastructure they are built on. You will be asked to create diagrams that cover:

  • Deployment architecture (servers, firewalls, OS)
  • Integration points (APIs etc)
  • Security & encryption
  • PEN testing procedures
  • Application release procedures
  • Continuous Delivery vs ad-hoc delivery

On security, it’s worth knowing what encryption you have in place. Is data encrypted at rest? What version of TLS do you use? For mobile apps, is all data in the application sandbox? Did you run PEN tests?

Product Metrics

This is probably the most important one. Some questions you should be able to answer?

  • What are your user retention numbers for your app or product?
  • What is your customer lifetime value?
  • What is your customer-acquisition cost?
  • What is your generated by each digital product? 

Revenue may fall under another area of due diligence, but you'll still need a handle on some of these basic product metrics. 

Need help?

If you’re an investor and want any help conducting digital due diligence, we’d be happy to carry out audits around the topics covered here. We also work closely with another Leeds based consultancy that specialises in helping PE companies conduct audits. We’re happy to make an introduction to them too.

Find this interesting?

Find this interesting? Why not chat with Tobin over a coffee?

Reach me on LinkedIn or contact us if that's easier.


About Pocketworks

Pocketworks is a mobile-first software company that helps organisations improve their customer experience with mobile technology. We enable our clients use research and data to find the right solution for their business. Then, we deliver apps and digital products that increase customer satisfaction and retention.
Learn more.