Nine pillars: how we structure IT risk in mid-market deals

Mid-market M&A rarely needs a twelve-week IT programme that costs more than the estate under review. It needs structured coverage and auditable scoring in a timeframe deal teams can use.

We use nine pillars from strategy through to cost and scalability. Together they cover governance, infrastructure, applications, security, licensing, data, operations, integration debt, and run-rate economics. Each pillar gets a RAG rating and feeds a weighted risk picture.

Why nine instead of twenty

A long category list feels thorough. In practice it produces noise. Nine focused workstreams keep diligence proportionate to mid-market complexity while still catching issues that move price or post-close cost.

Where carve-outs differ

Generic trade sales and PE carve-outs do not carry the same integration profile. Separation cost, transitional service agreements, and licence portability often dominate. The framework re-weights those areas when the deal type demands it.

If you are on the buy side, ask how your adviser scopes workstreams and derives RAG. If the answer is narrative only, you do not yet have something you can defend in the deal room.