The four-part tech audit.
A 4-step process for the four-part tech audit.
- Part 1: System inventory and ownership Request a complete list of every software and subscription: email, domain, accounting, payroll, CRM, payment processor, marketing tools, file storage, industry software. For each system, document: who owns the account email, who has admin a (Part 1)
- Part 2: Domain and email ownership Who owns the domain registration - GoDaddy, Namecheap, Cloudflare? Is it registered to the business entity or the seller personally? Is email hosted independently through Google Workspace or Microsoft 365, or bundled through the domain prov (Part 2)
- Part 3: Data access and export For each critical system, confirm you can export customers, financial history, and operational data. Map any API integrations (automated connections between systems) that will break on transfer. You do not want to discover mid-transition th (Part 3)
- Part 4: Security and continuity risks Check for MFA on the seller's personal phone, passwords in the seller's head rather than a vault, no offsite backups, and single points of failure where one person or one device is the only path into a critical system. (Part 4)
- System inventory and ownership transforms Domain and email ownership: Step 1 naturally follows from the prior action.
- Domain and email ownership transforms Data access and export: Step 2 naturally follows from the prior action.
- Data access and export transforms Security and continuity risks: Step 3 naturally follows from the prior action.
The team deep dive.
Map which functions the owner performs with no backup, and assess whether key employees will stay after the transition. These are different risks requiring different protections.
- Step 1: Build the responsibility matrix List 10 to 12 critical business functions: sales, operations, finance, customer service, vendor management, hiring, marketing, IT, quality control. For each, document who does it today and who could do it if that person left tomorrow. Key p (Step 1)
- Step 2: Run one-on-one employee conversations Schedule 20 to 30-minute conversations with the top 3 to 5 employees, without the seller present. Ask: how long have you been here and what do you do, what would make you leave, could the business run without the owner tomorrow, and what on (Step 2)
- Step 3: Build retention plans by risk level High risk, hard to replace: retention bonus of 6 to 12 months salary paid over 1 to 2 years contingent on staying. Medium risk, replaceable with effort: stay bonus of 3 months salary at 12 months if still employed. Low risk: standard severa (Step 3)
- Build the responsibility matrix transforms Run one-on-one employee conversations: Step 1 naturally follows from the prior action.
- Run one-on-one employee conversations transforms Build retention plans by risk level: Step 2 naturally follows from the prior action.
System access and key employee retention are day-one issues, not 30-day ones
Discovering on day one that you cannot log into your payment processor or that your operations manager is already interviewing elsewhere is not a diligence failure. It is a planning failure. Both are preventable if you do this work before close.
This course is operational guidance, not investment, legal, tax, or financial advice. SilverShore Partners is not a registered broker-dealer or investment adviser; in qualifying private-company transactions we may operate within the federal M&A broker exemption under Section 15(b)(13) of the Securities Exchange Act. Confirm specifics with your own advisors.