Don't Forget to Share this Post

Secrets to Operational Due Diligence Breakfast Seminar Roundup

By Amisha Shah | Thursday, February 21st, 2019



In today’s investor landscape, operational due diligence (ODD) can eliminate a manager from consideration, regardless of a positive investment management analysis. With ODD teams increasingly using this veto-power in the decision-making process, it is important for asset managers to be cognizant and well-prepared for thorough operational due diligence tests. Together, leading accountancy and advisory firm, EisnerAmper, and trusted global provider of managed IT services, Eze Castle Integration, hosted a breakfast seminar to share secrets to operational due diligence excellence with investment firms, in London last week. Today’s blog article will round-up the technology considerations concerning ODD, covered at the event by Dean Hill, Executive Director at Eze Castle Integration.

Key IT Warning Signs Concerning Potential Investors

Technology is an integral part of any due diligence procedure. Top concerns for potential investors include:

  • Cyber threats – firms should look out for insider information being shared on the dark web and offered as a service on criminal forums.
     

  • Phishing and Social Engineering – Highly crafted social engineering tactics are used to extract confidential details from users. Firms are advised to conduct regular managed phishing and training to ensure employees do not fall into the trap of malicious hacks. Our recent webinar on strengthening your human firewall provides a complete checklist for phishing readiness.
     

  • Third-party Vendor Relationships – As more and more subscription-based services and vendors are being introduced to the landscape, namely for technology, operations and mid- and back-office, firms will need to ensure they can illustrate effective management of these relationships, and are carrying out necessary due diligence to eliminate any risks associated with outsourcing.
     

  • Data Loss and Privacy Concerns – Firms should consider data residency policies, availability of data and the ownership of data and services carefully.
     

  • Downtime – A big historical concern of investors is the sustainability of a firm’s operations in the event that something goes wrong with a piece of technology.


Working with an Outsourced IT provider

The transition from having an in-house IT team to handing over the responsibility to a managed IT services provider can be seamless even though the types of architecture and IT deployment methods tend to differ at investment firms and MSPs. With an outsourced provider, firms have many options to choose from when it comes to their technology and infrastructure. E.g., they can benefit from the luxury of having a full-time engineer on-site to provide support. Or, alternatively, they can choose to deploy remote support and technology to reduce costs. An IT provider will work with you to ensure your IT strategy is aligned with your overall business goals and objectives. Benefits of outsourcing IT includes but is not limited to the following:

  • Leveraging emerging technology and trends

  • Automatic IT updates

  • Access to best of breed technology

  • Technical expertise in supporting the needs of your sector

  • Economies of scale

Firms often fear losing control when outsourcing their IT, but this does not need to be the case. Our webinar on Outsourcing in the Alternative Investment Management Industry shares deep insights into managing third-party vendor relationships and structuring agreements to ensure expectations are managed at both ends.

IT Related DDQs to Look Out For

We’ve noticed that DDQs are increasingly focused on security policies for obvious reasons as reputable brands such as British Airways and Facebook have come under scrutiny for falling victim to cyber-crimes. Top areas of thorough due diligence include:

  • Deep analysis of an IT provider’s platform

  • The firm’s internal policies and procedures

  • External auditing and the results of this

  • Requests for proactive security monitoring and security incident and event management

  • The roles and responsibilities of CISO, CCO, DPO, ISM roles

  • A demonstration of live working scenarios to clients/prospects

Other questions we’re seeing asked by potential investors are around the following:

  • Data centres

  • Internal disaster recovery policies and how they pertain to the client

  • Hiring and staffing policies

  • Training and accreditation for our business and staff

In addition to the technology element of ODD, speakers from EisnerAmper and Laven Partners covered specific due diligence deliverables that firms should prepare for investors, as well as ODD red flags that may lead to investment deferment.

Take a look at our events page for upcoming seminars, webinars and industry events we’re attending!
 

Don't Forget to Share this Post

Related Posts

Why Your Firm Needs a Governance, Risk and Compliance (GRC) Program
A Comprehensive Approach to Security Automation
Crafting a Third-Party Partnership for Better Compliance
A “Just Right” Approach for Just-in-Time Access Management
A Third-Party Partner to Bridge the Cybersecurity Skills Gap
Seamless vs. Secure: Striking the Right Balance in Cybersecurity

How Can Eze Castle Integration help you?Contact us today!

Contact Us