“JFDI provided a thorough examination of everything that had been produced and a professional evaluation of each part. We were left with a clear path forward as well as the ammunition we needed to pursue a satisfactory outcome from what was otherwise an adversarial us-and-them situation at a complete impasse.”CTO

Technical Due Diligence Consultancy for a prominent financial services company

Our client had adopted a new low-code technology on advisement from a Big Four consultancy and had their developers create a small, simple pilot system intended to be the first of many to clear a backlog of unfulfilled requirements in IT systems. The project started, a team of business analysts worked on collecting user requirements, then the developers started work, and users began to use the system as it was developed. After nearly £3M expenditure, it was clear the unfinished system had severe flaws and that the project was running out of control. A growing catalogue of user bug reports hinted that there might be several severe structural issues. JFDI was called in to review the project and evaluate what had gone wrong.

JFDI’s Approach

JFDI’s consultants obtained a copy of the entire code base, frozen at the point of the developers’ exit. We collated an extensive table of complexity metrics for each code module to prioritise those modules requiring closer examination. We looked at user bug reports that could indicate performance bottlenecks or structural problems.

The Findings

1. Business Analysis & Documentation

We requested the outputs from the lengthy and manpower-hungry BA stage. The consultancy was not forthcoming with any documentation: no BA, no requirements, no system design, and no wireframes.

2. Code Quality

In a “low-code” development project consisting of several hundred thousand lines of code, we found many examples of divergence from vendor-published best practice, a lack of functional decomposition, and even hard-coding of special-case scenarios depending on specific database record IDs. There were hardly any code comments explaining why a particular methodology had been used.

3. Performance

The database was found to have no indices. Queries/stored procedures/views were plentiful but often unused. In many cases, processes would perform multiple whole-table scans, returning large data sets to the code where iterative processing would be performed on the data. We, therefore, discovered that performance could be significantly improved through better database design and algorithms.

4. Security

Although ostensibly the developers had followed vendor-established best practices in authentication and authorisation, one of the algorithms adopted in their code had opened up vulnerabilities to attacks such as code injection.

Client overview

Company:
A Prominent UK Financial Services Company

Country or Region:
United Kingdom

Industries:
Financial Services

Company Profile:
The company is a prominent Financial Services company, with no internal software development capability, and a considerable backlog of IT systems requirements to fulfil.

JFDI services provided

Services used:

  • Technical Due Diligence Consultancy

Software:

  • A leading low-code software platform

JFDI’s unique Technical Due Diligence Consultancy services

Essential intelligence for M&A, VCs, and Private Equity.

Most investors don’t have the in-depth experience required to evaluate technology assets. It’s just not their speciality. But to make good decisions, knowledge is essential.

Where technology is the critical asset, TDD specialists like JFDI can give you the detailed analysis, insights & recommendations you need to minimise your risk exposure.