M&A Due Diligence
Technology Due Diligence for PE Firms: What Most Checklists Miss
Lauren B. Jones
CEO & Founder, Leap Advisory Partners
Lauren B. Jones
A PE firm I work with closed a staffing acquisition two years ago. The target had strong financials, good client relationships, and an experienced leadership team. Standard diligence covered legal, financial, and commercial angles thoroughly. Technology was a two-page section in the QoE report: "Systems appear adequate for current operations."
Eighteen months later, that firm had spent $2.4 million replacing a core platform that could not scale past 500 concurrent users. The "adequate" system had been held together by one engineer who quit three months after close. The data migration alone took nine months.
That $2.4 million was not in the model. Neither was the nine months of reduced operational capacity while the migration happened. The deal still worked, but the return was significantly lower than projected because nobody dug deep enough into the technology before signing.
This is not an unusual story. It is the norm.
Technology due diligence is a business valuation exercise because technology in a staffing company is the operating system of the business, not a support function. Most PE firms treat technology diligence as a checkbox. They send a junior associate to confirm the target has an ATS, a CRM, and basic cybersecurity. The IT team at the target company fills out a questionnaire about their infrastructure. Someone reviews the software license agreements. The box gets checked.
The problem is that technology in a staffing company is not a support function. It is the operating system of the business. The ATS is how candidates get matched to jobs. The integrations between ATS, VMS, payroll, and billing systems are how revenue flows from placement to invoice. The data inside those systems is the company's institutional knowledge. When the technology does not work, the business does not work.
Tech debt is a financial liability. It just does not show up on the balance sheet. When a staffing company has been running on an outdated ATS for eight years with accumulated customizations, workarounds, and undocumented integrations, the cost of bringing that technology to a competitive standard is a real expense that should factor into the valuation model.
I have seen technology gaps affect post-acquisition EBITDA by 3-7% in staffing deals. That impact comes from productivity losses during system migrations, from revenue leakage through broken integrations, from compliance risk in understaffed IT operations, and from the opportunity cost of leadership time spent firefighting technology problems instead of growing the business.
A thorough technology diligence process examines five distinct layers. Most checklists cover the first two and skip the rest.
Layer 1: Infrastructure
This is the foundation. Where are servers hosted? Cloud, on-premise, hybrid? What is the uptime history? What does disaster recovery look like? Is there a business continuity plan that has actually been tested?
For staffing companies, pay particular attention to hosting costs and scalability. A company running on-premise servers faces a future cloud migration expense. A company on cloud infrastructure with auto-scaling is better positioned for growth. Check the monthly hosting bill against industry benchmarks. I have seen staffing companies overpaying for infrastructure by 40-60% because nobody optimized the setup after the initial deployment.
Layer 2: Applications
Map every application in the technology stack. Not just the major ones. All of them. The ATS, the CRM, the VMS integrations, the payroll system, the HRIS, the background check platform, the job board connectors, the reporting tools, the communication platforms. Every single one.
For each application, assess: When was it implemented? What version is it running? Is it supported by the vendor? What does the license agreement look like? When does it renew? What are the exit terms?
In staffing, I find that the average agency uses 12-18 distinct software applications. At least 3 of those are typically outdated, unsupported, or being used in ways the vendor never intended. Each one represents a risk that needs to be quantified.
Layer 3: Data
This is where most diligence processes fall short. The quality of data inside a staffing company's systems directly affects its operational capacity and its ability to leverage technology improvements post-close.
Assess data quality across four dimensions: completeness (are records fully populated?), accuracy (does the data reflect reality?), consistency (is the same data stored the same way across systems?), and accessibility (can the data be extracted and used for analysis?).
I run a standard data quality audit on every staffing diligence engagement. Typical findings include: 30-40% of candidate records missing critical fields, duplicate records ranging from 15-25% of total database, inconsistent formatting that breaks reporting, and data trapped in systems with no export capability.
Bad data is not just a nuisance. It is a barrier to every post-close improvement initiative. AI implementation? Requires clean data. Automation? Requires consistent data. Reporting? Requires complete data. Every technology improvement the operating team plans to make post-close depends on data quality, and if the data is bad, those plans take longer and cost more.
Layer 4: Security
Staffing companies handle sensitive personal information: social security numbers, background check results, medical information for healthcare staffing, financial data for payroll processing. A security breach is not a theoretical risk. It is a quantifiable liability.
Assess: Is there a formal information security policy? When was the last penetration test? Is data encrypted at rest and in transit? Who has access to sensitive data, and is access controlled by role? What is the incident response plan?
For staffing companies handling government contracts or healthcare placements, compliance requirements add another layer. HIPAA, SOC 2, state-specific data privacy regulations. If the target company is not compliant and should be, the cost of achieving compliance needs to go into the model.
Layer 5: People
This is the layer that almost no checklist includes, and it is the one that creates the most post-close surprises.
Who maintains the technology? How many people are on the IT team? What is their experience level? Are there single points of failure, meaning one person who is the only one who understands a critical system?
Key-person risk in technology is a real and common issue in staffing companies. I have seen companies where one IT manager maintained 14 critical integrations, and all the documentation lived in their head. When that person leaves (and they often do post-acquisition, especially if the culture changes), the acquiring firm is left with systems nobody knows how to support.
Assess the IT team's depth, documentation practices, and vendor relationships. If the target company relies heavily on one system integrator or consultant, understand that dependency. If that relationship changes post-close, what breaks?
These are the findings from my diligence work that most often lead to unplanned post-close expenses:
Proprietary systems with no documentation. If the target built custom tools or integrations and there is no technical documentation, you are inheriting a black box. The cost of reverse-engineering, documenting, and eventually replacing undocumented systems is significant. Ask to see technical documentation during diligence. If it does not exist, price the documentation effort into the model.
Single points of failure in key integrations. The ATS talks to the VMS through a custom API that one person built four years ago. Nobody else knows how it works. If that integration breaks, the company cannot process placements through its largest MSP client. This is not hypothetical. I have seen it happen three times in the last 18 months.
Licensing traps and contract renewals. A three-year ATS contract that renews automatically in four months with a 15% price increase. An enterprise license for a tool the company has outgrown but cannot exit. Software licenses tied to a specific entity name that will change post-acquisition. Each of these creates a financial exposure that should be flagged before close.
Shadow IT. Individual recruiters or managers using tools that IT does not know about. Personal Dropbox accounts with candidate data. Unlicensed AI tools processing resumes. Excel-based tracking systems that circumvent the official ATS. Shadow IT is a data governance and security risk, and it is universal. Every staffing company I have assessed has some form of it.
Staffing is a technology-intensive business, and the technology maturity of an acquisition target should directly inform the deal model.
ATS maturity is the single most important technology indicator. Is the target running a modern, cloud-based ATS with active vendor support? Or is it on a legacy system two versions behind with customizations that prevent upgrading? The gap between those two states can represent a $500,000 to $2 million investment post-close.
Automation readiness indicates operational leverage potential. A company with well-defined, documented processes is ready for automation improvements. A company running on tribal knowledge and manual workarounds will need significant process work before any automation can be deployed. That process work adds 6-12 months to your value creation timeline.
Data quality determines the ceiling for analytics and AI. If the target's data is clean and complete, you can deploy business intelligence tools and AI features quickly. If the data is messy, expect a 6-month data remediation project before any analytics investment pays off.
I benchmark staffing company tech stacks against a maturity model with five levels. Most acquisition targets fall in the Level 2-3 range: they have basic systems in place but significant gaps in automation, integration, and data quality. Understanding exactly where the target sits on this scale helps the operating team build a realistic 100-day plan.
If your fund acquires staffing companies regularly, build a standardized technology diligence playbook. It saves time, ensures consistency, and makes it easier to compare targets across deals.
Standardized scoring. Create a technology maturity scorecard that rates each of the five layers on a 1-5 scale. Define what each score means in concrete terms. A "3" in data quality means X. A "2" in security means Y. This removes subjectivity and makes the assessment comparable across targets.
Vendor risk frameworks. Build a standard set of questions for evaluating the target's key technology vendors. Contract terms, support quality, integration depth, exit provisions. Use the same framework every time so your team develops pattern recognition across deals.
Integration timeline templates. Based on your previous acquisitions, build standard timelines for common post-close technology initiatives: ATS migration, integration consolidation, data quality remediation, security hardening. These templates give the operating team a realistic starting point instead of guessing.
Cost benchmarks. Maintain a database of actual technology costs from previous deals. What did the ATS migration at Portfolio Company A actually cost? How long did the security remediation at Portfolio Company B take? These benchmarks make your financial models more accurate with every deal.
The firms that do technology diligence well treat it as a value creation tool, not just a risk mitigation exercise. The insights from a thorough tech assessment do not just protect you from surprises. They give your operating team a head start on the improvements that drive returns.
The five layers are infrastructure (hosting, scalability, disaster recovery), applications (every software tool in the stack with version and contract details), data (quality, completeness, consistency, and accessibility), security (policies, encryption, access controls, compliance), and people (IT team depth, key-person risk, documentation practices). Most checklists only cover infrastructure and applications, missing the layers that create the biggest post-close surprises.
Technology debt in staffing acquisitions typically creates $500,000 to $3 million in unplanned post-close expenses. Common costs include ATS migration ($500K-$2M), data remediation ($50K-$150K), security compliance ($100K-$250K for SOC 2), and integration rebuilds. Technology gaps typically reduce post-acquisition EBITDA by 3-7% through productivity losses and revenue leakage.
The most dangerous red flags are proprietary systems with no documentation, single points of failure in key integrations (one person maintaining critical systems), licensing traps with auto-renewal and price escalation, and pervasive shadow IT. Each of these creates financial exposure that should be identified and priced into the deal model before close.
Technology risk should affect valuation in three ways: adjust EBITDA for deferred technology maintenance to reflect true operating costs, negotiate escrow or price adjustments tied to specific technology remediation milestones, and build a detailed 24-month technology investment budget that accounts for all identified risks. The combined impact should be modeled alongside the financial and commercial diligence findings.
In staffing companies, technology is the operating system of the business. The ATS processes placements, integrations drive revenue from placement to invoice, and data is institutional knowledge. Tech debt does not appear on the balance sheet but creates real financial liabilities. Treating tech diligence as a checkbox instead of a business valuation exercise leads to unplanned seven-figure expenses.
Want a starting point for your next deal? Download the PE Tech Due Diligence Lite Checklist. It covers the 5 layers, key red flags, and scoring criteria you can adapt to your fund's investment thesis.
Download the PE Tech Due Diligence Lite Checklist
Lauren B. Jones is the CEO and founder of Leap Advisory Partners, with 28 years of experience in staffing technology. She helps staffing agencies, PE firms, and software companies build technology that actually works.
