Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Follow Along
@EzeCastleECI
#ITDueDiligence
The Evolution of Investor
IT Due Diligence
Follow Along
@EzeCastleECI
#ITDueDiligence
Topics Covered
 Influencers to Evolution
 Facets of IT Due Diligence
 Invest...
Follow Along
@EzeCastleECI
#ITDueDiligence
Due Diligence: The Influence to Evolution
Regulation
Sophistication
of technolo...
Follow Along
@EzeCastleECI
#ITDueDiligence
Investor IT Due Diligence
Regulatory challenges
and scandals within
the investm...
Follow Along
@EzeCastleECI
#ITDueDiligence
Facets of IT Due Diligence
 Business History
 Years in business
 # clients
...
Follow Along
@EzeCastleECI
#ITDueDiligence
Facets of IT Due Diligence
Contingency/
Redundancy
Planning
Policy Layer: BCP
S...
Follow Along
@EzeCastleECI
#ITDueDiligence
Facets of IT Due Diligence
 Data/Systems/Network Security
 Protections need t...
Follow Along
@EzeCastleECI
#ITDueDiligence
Facets of IT Due Diligence
 Access Control
 Who has access to what? Server ro...
Follow Along
@EzeCastleECI
#ITDueDiligence
Facets of IT Due Diligence
 What Legal and regulatory
issues/directives (e.g. ...
Follow Along
@EzeCastleECI
#ITDueDiligence
The Investor Perspective on the Cloud
Private Cloud Service On-premise Installa...
Follow Along
@EzeCastleECI
#ITDueDiligence
The Investor Perspective on the Cloud
Private
Cloud
Public
Cloud
Dedicated infr...
Follow Along
@EzeCastleECI
#ITDueDiligence
Common DDQ Questions
Provide a list of
compliance personnel,
their roles and
qu...
Follow Along
@EzeCastleECI
#ITDueDiligence
Common DDQ Questions
What IT upgrades
occurred in the last 12
months? What
upgr...
Follow Along
@EzeCastleECI
#ITDueDiligence
Common DDQ Questions
Describe the
company’s security
measures with respect
to s...
Follow Along
@EzeCastleECI
#ITDueDiligence
Common DDQ Questions
How does the firm
manage employee
remote access? Are
proce...
Follow Along
@EzeCastleECI
#ITDueDiligence
Common DDQ Questions
Has a secondary
working location been
established to which...
Follow Along
@EzeCastleECI
#ITDueDiligence
Final Thoughts
Investors have been influenced by a wide variety of factors
and,...
Follow Along
@EzeCastleECI
#ITDueDiligence
About Eze Castle Integration
Learn more at www.eci.com/blog
Eze Castle Integrat...
Upcoming SlideShare
Loading in …5
×

The Evolution of Investor IT Due Diligence

635 views

Published on

Hedge fund and private equity investors have long been asking questions about firm operations and technology. But with IT evolving at a rapid rate and the industry changing on a number of fronts, investor demands are higher than ever. Discover what factors have influenced this evolution of IT due diligence and see example questions to be prepared to answer at your next investor meeting.

Published in: Investor Relations
  • Be the first to comment

  • Be the first to like this

The Evolution of Investor IT Due Diligence

  1. 1. Follow Along @EzeCastleECI #ITDueDiligence The Evolution of Investor IT Due Diligence
  2. 2. Follow Along @EzeCastleECI #ITDueDiligence Topics Covered  Influencers to Evolution  Facets of IT Due Diligence  Investor Perspective on the Cloud  Common DDQ Questions
  3. 3. Follow Along @EzeCastleECI #ITDueDiligence Due Diligence: The Influence to Evolution Regulation Sophistication of technology Increased outsourcing Prevalence of cyber threats Large-scale disasters
  4. 4. Follow Along @EzeCastleECI #ITDueDiligence Investor IT Due Diligence Regulatory challenges and scandals within the investment industry have forced investors to sharpen operational due diligence dramatically. Organization/ Company Background Contingency/ Redundancy Planning Systems, Network & Information Security Practices Access Control & IT Security Policies Compliance Facets of IT Due Diligence
  5. 5. Follow Along @EzeCastleECI #ITDueDiligence Facets of IT Due Diligence  Business History  Years in business  # clients  Company Financials  Corporate Structure  Third-Party Providers  What functions do you outsource?  Tell us out about THEIR backgrounds! Organization/ Company Background
  6. 6. Follow Along @EzeCastleECI #ITDueDiligence Facets of IT Due Diligence Contingency/ Redundancy Planning Policy Layer: BCP Strategies Management Layer: BCP Plans, Validation & Testing Infrastructure Layer: Data Backup, Replication, Storage, Alt. Site, etc.
  7. 7. Follow Along @EzeCastleECI #ITDueDiligence Facets of IT Due Diligence  Data/Systems/Network Security  Protections need to be in place at each infrastructure level – from the desktop to the data center  Identify system vulnerabilities and risk mitigation procedures  Network and physical security practices  Intrusion detection & prevention  Regular vulnerability assessments  Are mature threat management practices in place? Systems, Network & Information Security Practices
  8. 8. Follow Along @EzeCastleECI #ITDueDiligence Facets of IT Due Diligence  Access Control  Who has access to what? Server room, data center, shared drives, etc.  Cybersecurity/Risk Management  Written, documented security plans/policies  Access control  Personal information security  Incident response  Third party risk  Culture of Security? Access Control & IT Security Policies
  9. 9. Follow Along @EzeCastleECI #ITDueDiligence Facets of IT Due Diligence  What Legal and regulatory issues/directives (e.g. Dodd-Frank, SEC Cyber Exams) are applicable?  Does your firm conduct a regular/annual assessment or audit?  Do you have a compliance manual?  Do you have a written information security plan (WISP)? Compliance
  10. 10. Follow Along @EzeCastleECI #ITDueDiligence The Investor Perspective on the Cloud Private Cloud Service On-premise Installation Delivery Fully Managed & Hosted On-Premise Implementation & Turnaround < 1 week 4 – 6 weeks Pricing Subscription (All Inclusive) Perpetual OS/Application Licensing + Maintenance Cost Allocation Expensed (Over Time) Capitalized (Upfront) Additional Costs Additional Users & Resources Customization Updates/Upgrades Maintenance Ongoing Support Platform Multi-Applications & OS Updates Shorter – Automatic – Invisible – Defined Larger – Frequent – Ubiquitous
  11. 11. Follow Along @EzeCastleECI #ITDueDiligence The Investor Perspective on the Cloud Private Cloud Public Cloud Dedicated infrastructure per customer Shared infrastructure for all users Layers of security. Less likely to be target of external hack Security offerings vary. More susceptible to external attacks Built-in DR DR not guaranteed; could be additional cost
  12. 12. Follow Along @EzeCastleECI #ITDueDiligence Common DDQ Questions Provide a list of compliance personnel, their roles and qualifications, the date of his/her appointment and position within the company’s organizational structure. When was the last date on which the company tested its internal policies and procedures? Please provide a summary of the results.
  13. 13. Follow Along @EzeCastleECI #ITDueDiligence Common DDQ Questions What IT upgrades occurred in the last 12 months? What upgrades are planned for the next 12 months? How do you stay current with technology? Provide details on relationships with third- party integrators and support providers, including an overview of their credentials and length of relationship.
  14. 14. Follow Along @EzeCastleECI #ITDueDiligence Common DDQ Questions Describe the company’s security measures with respect to systems access, including who has access and at what level. Describe in detail (i) what records the company retains on behalf of the client (in both electronic and physical format) and (ii) for how long the records are kept.
  15. 15. Follow Along @EzeCastleECI #ITDueDiligence Common DDQ Questions How does the firm manage employee remote access? Are procedures in place to ensure remote access is delivered securely? How do you screen employees prior to employment? What background checks are undertaken?
  16. 16. Follow Along @EzeCastleECI #ITDueDiligence Common DDQ Questions Has a secondary working location been established to which employees should report in the event of a disruption or outage? How often is the company’s disaster recovery plan tested?
  17. 17. Follow Along @EzeCastleECI #ITDueDiligence Final Thoughts Investors have been influenced by a wide variety of factors and, as a result, have increased their technology savvy Due diligence is about more than demonstrating successful performance. It is about taking responsibility for all areas of your organization ADVICE: Be thoughtful in how your firm approaches technology & cybersecurity, in particular, as they can make or break your relationship with investors
  18. 18. Follow Along @EzeCastleECI #ITDueDiligence About Eze Castle Integration Learn more at www.eci.com/blog Eze Castle Integration is the leading provider of IT solutions and private cloud services to more than 650 alternative investment firms worldwide, including more than 100 firms with $1 billion or more in assets under management. We provide one global financial cloud platform that is complimented by exceptional service and operational excellence. Our Eze Private Cloud is built to deliver the high performance, applications and exceptional user experience demanded by the hedge fund and investment industry.

×