Due Diligence is an investigatory process helping companies learn as much as possible about another party in order to reduce business risk and ensure required standards are being met.
In outsourcing transactions, there are two types of due diligence:
- Due diligence done by a buyer to confirm a supplier is able to perform given services
- Due diligence done by a supplier to understand the buyer’s environment
This article focuses on the first type of due diligence – the one whose aim is to give confidence to a buyer in their choice of outsourcing partner.
Due diligence forms part of the supplier evaluation process. Regardless of whether an organisation uses an RFP or not, carrying out due diligence by buyers on potential partners is important because it reduces the risk of selecting an inadequate supplier of services.
What is a Due Diligence Questionnaire (DDQ)?
A due diligence questionnaire, or a DDQ serves as a check of compliance with certain standards. It helps buyer organisations to understand the processes of a potential vendor and to filter out the suppliers that do not comply with required standards. Apart from using a DDQ early in the process of finding a supplier, some companies send out DDQs as a regular activity to their existing suppliers to monitor compliance with standards.
Due Diligence in software development outsourcing – what checks to include?
Due diligence practices in software development outsourcing should cover a number of core areas. We propose a DDQ for software development includes checks related to the following:
Basic company information
This includes information confirming that the supplier company exists and has required licenses to do the work it says it does. Apart from contact details, it should cover VAT/tax number, company registration number and information about company ownership. Thinking outside the box, a Google maps picture of a company’s headquarters can serve as a further confirmation that the given organisation exists.
A financial check is necessary to ensure the company you’re about to start working with is financially stable. Ask them to provide financial statements going back 3-5 years; remember to specify the desired currency. The statements should cover profit & loss, assets, liabilities, and equity. It’s a good idea to request help from your Finance Department to check over the information for any red flags. You may also consider asking the vendor for some bank references and financial audits.
When asking about relevant insurance find out the name of the insurance company and check what aspects of services provided to you are and aren’t covered by the general liability insurance.
Information security checks should cover questions about GDPR, processes & policies regulating access to buildings, equipment, data, as well as the topics of anti-virus and password protection, among other areas. An important question to ask is how the company ensures its information security policies are followed by its employees and contractors.
Due diligence practices in the area of risk management should check the existence of adequate plans, procedures, and controls in place for the times of crisis. It’s also important to confirm that such plans are regularly tested by your potential partner.
This section should cover all people-related questions, including those about recruitment, background checks, employee onboarding, employee training and development. You may also want to ask questions about the management to employee communication channels and other HR-related issues you consider important
To protect your interests as a buyer, it’s important to see to what extent the policies applicable to the employees of your potential partner also apply to those of a 3rd party. Ask the company about the screening of subcontractors, their management, and the subcontractors’ potential access to your data.
In this section, you should cover such areas as environmental measures, equal opportunities, charitable activities, anti-bribery guidelines, and other CSR issues that are important to you as an organisation.
Due Diligence Questionnaire Template (DDQ) for Software Development Outsourcing
To see a detailed list of questions for each section, download our Free Template Due Diligence Questionnaire for Software Development Outsourcing.
The list is not exhaustive, you may want to add your own questions which is why the template is editable.
Checking software development providers – going beyond DDQ
To make the process of selecting your supplier even more through, there are more things you can do. Apart from sending out the Due Diligence Questionnaire to your chosen supplier, we recommend that you:
- use a Request for Proposal – check out this editable RFP template
- speak to the supplier’s clients and conduct some reference checks
- check the company website and social media, e.g. LinkedIn
- check the company’s profile on Clutch
- do a site visit and speak to people of all levels at the company’s premises
- ask the vendor to do a test task to check work quality
Looking for a partner in Software Development Outsourcing?
While you’re at it, why not add Future Processing to your list of potential partners? We’re software development experts with over 20 years of experience and an individual approach to each client. We’re here to help.
We hope you’ll find the DDQ for software development and other tools useful!