At Thought Source, we do many audits and reviews.  Primarily these are based around technology, be it source code, open source consulting, engineering capability, due diligence, roadmap strategy and planning or organizational refinement.  This article gives you a bit of perspective as to what is involved when we undertake a review or audit for you.

Checklist-driven review of evidence

When an audit or review project is undertaken by Thought Source you should expect to work with a structured, custom formulated checklist, hands-on evaluations, detailed technical and executive descriptions and an overall conclusion.  For an audit, this is typically formalized as findings – positive or negative, implications and recommendations.

Thought Source performs a review of evidence.  Relying on a pattern of disclosure or other independent data gathering techniques. The evidence should fulfil a requirement that aligns with an item on the checklist.

When you have invested in systems and controls of your own that Thought Source can rely on, our approach is to understand what you have implemented and independently verify that it is working as expected.  This testing can be sample based.

Building a useful technology review checklist

But what about the items on the checklist – how and why did they get included?

What about the items not on the checklist – why were they excluded?

All reviews have a defined “terms of reference” and a scope which will define the broad review areas and more targeted concerns which may align with specific deal objectives.

A useful review checklist will be comprehensive.  The MECE (Mutually Exclusive Collectively Exhaustive) test can be argued, but our Thought Source view is that some overlap and opportunity for triangulation is useful.

A good example would be modularity and extensibility being considered under two review areas: architecture/design and  software/source code.

Within a review scope we find a two-level hierarchy of dimensions and sub-dimensions works well.  Findings can be represented for each sub-dimension and then roll-up to provide an evaluation for each dimension.

Descriptive findings

Let’s use an example from a mechanic’s point of view when they look at a car:

How thick are the brake pads?  X mm.

This is descriptive but leaves us wanting more.  We know we’d like the car to stop reliably.

When the brake pads are thin then they need to be replaced.  How thin is too thin?  How long do the brakes have before they need replacement?  Are the break pads made of a now unacceptable product such as asbestos?  What is the cost of replacing the pads?

Prescriptive findings

You would prefer to see something like:

Because the brake pads are less than [X] mm thick they should be replaced.

We recommend the brake pads should be replaced.


There are four wheels, so we measure and recommend four times. Braking is important so we want sufficient brake pad thickness on all wheels.

A check on the brake pads is necessary but not sufficient.  We want to check the other parts of the braking system too before we conclude the car is safe to drive.

Technology audits and reviews should be no different, but you will find that many organizations which offer such a service will give you a checklist with ticks and crosses, little understanding and no context for decision making.  That’s where we are very different at Thought Source.

Thought Source provides a Go-To-Green plan

With apologies to our color-blind colleagues, our Go-To-Green plan is to remediate all findings that are Yellow or Red. The target state is Green across the board.

First check across all the dimensions: braking, steering, lights, engine, etc.  Identify all the negative findings and provide a recommended fix for each.

Then once fixed and retested we have a roadworthy vehicle that has passed the registration check.

Expert systems require specialist auditors

It is a no brainer to take your car to an auto mechanic for an inspection and ask “Is it safe to drive?”.

But in the technology industry, particularly in the world of mergers and acquisitions and certain certifications, it is common place to have a software organization and its technology assets assessed by an accountancy firm!

We absolutely respect that accountants are expert in the numbers department, but technology systems and assets need expert and contextual analysis, by a team who intimately understands the inner workings.  That’s what we do at Thought Source

Complex systems require a specialized and tailored assessment.

The ‘good enough’ line

It is always easier to recommend than do.  Normally there are limited resources available, and a prioritization process may be required.  As part of a technology review or audit, this is the type of guidance that we provide in our findings.

We commonly provide information in fix priority.  Perfect is never the goal in software, and we take that context to assist investors at determining the ‘good enough’ line to reach.

At Thought Source, we help our clients with the question – If we implement the recommended fixes, what can we expect?  

Contact us now, to discuss your project requirements



The Thought Source team have produced a video series covering the "behind the scenes" of performing technical due diligence for M&A projects.