Appraisal and Reporting

You can't manage what you don't measure. Technology appraisals provide objective assessment of software systems, technical infrastructure, development practices, and technology strategy. Whether you're conducting due diligence for an acquisition, inheriting a legacy system, planning a major investment, or simply want an independent health check, appraisal services deliver clarity on what you actually have and what it will cost to maintain, improve, or replace.

Most organizations lack visibility into their technology estate. Code quality, technical debt, security vulnerabilities, scalability limitations, and total cost of ownership remain opaque until a crisis forces evaluation. By then, options are limited and costs are high.

According to CAST Software's 2025 Application Intelligence Report, 72% of organizations have "no accurate visibility" into technical debt across their application portfolio, and the average application carries £1.2M in technical debt remediation costs. Meanwhile, Gartner reports that 58% of M&A transactions discover post-acquisition technology issues that weren't identified during due diligence, with average remediation costs of £840,000-£2.4M.

Independent technology appraisals provide evidence-based assessment covering codebase quality and technical debt, security vulnerabilities and compliance gaps, scalability and performance characteristics, infrastructure costs and optimization opportunities, development team capability and practices, total cost of ownership (TCO) analysis, and risk assessment with prioritized recommendations.

Why organizations need independent appraisals

1. Acquisition due diligence reveals hidden liabilities

The scenario: Private equity firm acquires SaaS company for £18M based on strong revenue growth and customer metrics. Technical due diligence was cursory — 2-hour call with CTO, review of infrastructure diagram, no code review. Post-acquisition, new technical leadership discovers: codebase is unmaintainable spaghetti code with 15,000+ lines in single files, no automated testing (QA is 100% manual), critical security vulnerabilities including SQL injection and exposed API keys, customer data stored in non-compliant manner (GDPR violations), infrastructure costs are 4x industry benchmark due to poor architecture, and single point of failure (entire system knowledge resides with 2 developers who are job-hunting).

The cost: Post-acquisition remediation: £3.2M over 18 months to rewrite critical components, implement security fixes, achieve compliance, optimize infrastructure, and rebuild team. Additionally, customer churn during remediation period: £1.8M annual recurring revenue lost. Total hidden liability: £5M+ not identified during due diligence. Acquisition price would have been negotiated £4-6M lower with proper technical appraisal.

2. Technical debt invisibly erodes productivity

The scenario: E-commerce company's development velocity has inexplicably decreased over 3 years. Features that used to take 2 weeks now take 6-8 weeks. Engineers are increasingly frustrated. Leadership doesn't understand why productivity has collapsed — headcount increased from 6 to 14 developers, yet output hasn't improved proportionally. No one has quantified technical debt or its impact.

Solution: Independent technical appraisal reveals: 34,000 lines of duplicated code across codebase (DRY principle violations), cyclomatic complexity averaging 28 (industry standard: <10), test coverage 12% (making any change risky and slow), 180 TODO comments indicating shortcuts and deferred work, database with 40 missing indexes causing query performance issues, and dependency versions 2-4 years out of date with 23 known security vulnerabilities.

The cost: Technical debt is costing approximately 45% of development capacity — engineers spend half their time working around problems, debugging mysterious issues caused by technical debt, and being overly cautious with changes due to lack of tests. For 14 developers at £75,000 average, that's £472,500 annually in lost productivity. Technical debt remediation cost estimated: £180,000 over 6 months. ROI: eliminating £472k annual productivity drain for £180k investment.

3. Unclear migration options lead to poor decisions

The scenario: Financial services company runs critical application on legacy infrastructure (physical servers, Oracle database, Java 8). Hosting provider announces end-of-life for data centre in 18 months. Leadership must decide: migrate to cloud? Rebuild application? Replace with COTS product? They lack technical insight to make informed decision and estimates range wildly from £200k ("simple lift-and-shift") to £2.4M ("complete rebuild").

Solution: Independent appraisal assesses: application architecture and cloud compatibility, database complexity and migration path, dependencies and integration points, current total cost of ownership, and feasibility and cost for three scenarios: (1) lift-and-shift to AWS: £280k, 4 months; (2) re-platforming (containerize, managed services): £520k, 7 months; (3) rebuild with modern stack: £1.8M, 14 months.

Recommendation: Re-platforming approach balances risk, cost, and modernization. Provides cloud benefits without full rebuild risk. Decision made with confidence based on evidence rather than vendor pitches or guesswork.

4. Security vulnerabilities remain undiscovered until breach

The scenario: Healthcare provider assumes their patient portal is "secure enough" because it passed a penetration test 3 years ago. They've made numerous changes since but never repeated security assessment. A security researcher discovers the portal is vulnerable to authentication bypass — any user can access any patient record by manipulating URL parameters. ICO notified after discovery affects 28,000 patients.

Cost: ICO investigation and £240,000 fine. Breach notification and credit monitoring: £56,000. Emergency security audit and remediation: £85,000. Legal and PR costs: £42,000. Patient trust damage (unmeasured). Total cost: £423,000+. Regular security appraisals (£12,000 annually) would have identified vulnerability before exploitation.

5. Infrastructure costs spiral without visibility

The scenario: SaaS company's AWS bill has increased from £6,400/month to £18,200/month over 2 years (185% increase). Revenue grew only 40% in same period. No one understands why costs are growing disproportionately. CFO is concerned but CTO insists costs are "necessary for growth."

Solution: Independent infrastructure appraisal reveals: 60% of EC2 instances are over-provisioned for actual workload (average CPU utilization 8-14%), development and staging environments running 24/7 with same capacity as production (cost: £4,200/month unnecessarily), no Reserved Instance or Savings Plan purchases despite consistent usage (missing 40-60% discount), S3 storage includes 2.4TB of old backups and test data that should be archived or deleted (£56/month wasted), and RDS database significantly oversized for workload (db.r5.4xlarge where db.r5.xlarge sufficient, saving £1,840/month).

Outcome: Appraisal identifies £7,200/month (£86,400 annually) in cost optimization opportunities with no performance impact. Appraisal cost £8,500 pays back in 5 weeks. After implementation, monthly AWS bill reduced to £11,000 (40% reduction).

Core appraisal and reporting services

1. Software system appraisal (codebase and architecture)

Comprehensive assessment of software quality, architecture, and technical debt including codebase review (structure, quality, maintainability), architecture assessment (patterns, scalability, integration points), technical debt quantification (complexity metrics, duplication, test coverage), security vulnerability scanning (OWASP Top 10, dependency vulnerabilities), performance analysis and bottleneck identification, and documentation review (adequacy and currency).

Assessment methodology: Automated code analysis using SonarQube, CodeClimate, Snyk, manual architecture review by senior engineers, dependency vulnerability scanning, database schema analysis, API contract review, and performance profiling under simulated load.

Deliverables: Executive summary (2-4 pages, non-technical), detailed technical findings (20-40 pages with evidence), technical debt quantification (remediation cost and timeline), security vulnerability report with CVSS scores, architecture assessment with recommendations, code quality metrics (complexity, duplication, coverage), and prioritized remediation roadmap.

2. Infrastructure and operations appraisal

Assessment of infrastructure architecture, costs, performance, and operational practices including infrastructure architecture review (AWS/Azure/GCP), cost optimization analysis (right-sizing, pricing models), performance and scalability assessment, high availability and disaster recovery evaluation, security configuration review (IAM, network, encryption), monitoring and alerting adequacy, and backup/restore procedures testing.

Assessment areas: Current architecture documentation and diagram validation, resource utilization analysis (CPU, memory, storage, network), cost breakdown and optimization opportunities, security configuration audit against best practices (CIS benchmarks), availability architecture review (single points of failure), disaster recovery testing and RTO/RPO validation, and operational maturity assessment.

Deliverables: Infrastructure assessment report, architecture diagrams (current state, issues highlighted), cost optimization recommendations with savings estimates, security findings and remediation priorities, HA/DR assessment and recommendations, monthly TCO analysis, and infrastructure improvement roadmap.

3. Technical due diligence for M&A

Comprehensive pre-acquisition assessment to identify technical risks, hidden liabilities, and integration challenges including codebase quality assessment, intellectual property verification (licenses, ownership), infrastructure cost analysis and post-acquisition TCO, scalability assessment for projected growth, security and compliance evaluation, team capability and knowledge risk assessment, and integration complexity analysis.

Due diligence scope: Software architecture and technical debt assessment, infrastructure review and optimization opportunities, security vulnerability and compliance gap analysis, data architecture and migration complexity, third-party dependencies and licensing review, team structure and key person dependencies, development practices and quality processes, and integration requirements and estimated effort/cost.

Deliverables: Executive summary for deal team, comprehensive technical due diligence report, risk assessment matrix with mitigation strategies, post-acquisition integration roadmap and cost estimate, deal valuation adjustment recommendations, technical representations and warranties suggestions, and transition planning framework.

4. Technology strategy and roadmap assessment

Evaluation of technology strategy alignment with business objectives including current technology stack assessment, strategic alignment analysis (technology vs business goals), skills gap and team capability evaluation, vendor and platform risk assessment, emerging technology opportunity analysis, and multi-year technology roadmap development.

Strategic assessment: Technology stack evaluation (modern vs legacy, supportability), architectural approach assessment (monolith, microservices, serverless), team capability mapping and skills gap analysis, build vs buy analysis for key capabilities, vendor dependency and lock-in risk, technology lifecycle planning (end-of-life management), and alignment with business growth plans and market opportunities.

Deliverables: Technology strategy assessment report, current capability maturity analysis, gap analysis (current state vs required capabilities), technology roadmap (12-36 months), investment priorities and budget guidance, and team development recommendations.

5. Development practice and team assessment

Evaluation of software development processes, quality practices, and team effectiveness including development workflow and process review (Agile/Scrum maturity), CI/CD pipeline assessment, testing practices and quality assurance, code review processes, documentation practices, team structure and collaboration patterns, and development velocity and predictability analysis.

Assessment areas: Version control and branching strategy, CI/CD maturity (automation, deployment frequency, lead time), testing practices (unit, integration, E2E, test coverage), code review processes and effectiveness, incident response and on-call practices, development environment and tooling, documentation quality and currency, and team collaboration and communication patterns.

Deliverables: Development practice maturity report, process improvement recommendations, tooling and automation opportunities, team effectiveness assessment, development velocity analysis, quality metrics and trends, and process improvement roadmap.

Our appraisal methodology

Phase 1: Scoping and information gathering (Week 1)

We define appraisal scope and objectives, gather initial documentation, and establish access requirements including stakeholder interviews to understand objectives and concerns, documentation review (architecture docs, infrastructure diagrams, business plans), access provisioning (code repositories, cloud accounts, monitoring), and preliminary data gathering (cloud costs, incident history, team structure).

Scoping considerations: What are the key concerns or questions driving this appraisal? What decisions will be made based on findings? What systems/applications are in scope? What level of detail is required? What timeline and budget constraints exist?

Phase 2: Technical assessment and analysis (Week 2-3)

We conduct detailed technical assessment using automated tools and manual review including codebase analysis (automated scanning + manual review), infrastructure review (architecture, costs, security), security vulnerability assessment, performance testing and analysis, documentation review, and stakeholder interviews (developers, operations, leadership).

Assessment activities: Automated code quality scanning (SonarQube, CodeClimate), security vulnerability scanning (Snyk, dependency-check, OWASP ZAP), manual architecture and code review by senior engineers, infrastructure analysis (cost, utilization, architecture), database schema and query analysis, API testing and contract review, performance testing under load, and interviews with technical team members.

Phase 3: Findings synthesis and recommendations (Week 3-4)

We analyze assessment data, quantify issues, prioritize findings, and develop actionable recommendations including findings prioritization (critical, high, medium, low), technical debt quantification and remediation cost estimation, cost-benefit analysis for recommendations, roadmap development with timeline and investment requirements, and report drafting with executive summary.

Outputs: Prioritized findings with severity ratings, technical debt quantification (cost and timeline), security risk assessment with CVSS scores, cost optimization opportunities with savings estimates, remediation roadmap with phases and investment, and executive presentation summarizing key findings and recommendations.

Phase 4: Report delivery and Q&A (Week 4)

We deliver the comprehensive appraisal report and conduct presentation sessions including executive presentation (30-60 minutes, non-technical summary), technical deep-dive session (60-120 minutes with technical team), Q&A and clarification, and follow-up support during decision-making period.

Delivery components: Executive summary (2-4 pages), comprehensive technical report (30-60 pages with evidence), prioritized recommendations and roadmap, presentation to leadership and technical teams, Q&A sessions, and 30-day follow-up support for clarification questions.

Case studies: Appraisal-driven outcomes

Case study 1: M&A technical due diligence prevents £4.2M overvaluation

Client: Private equity firm evaluating £24M acquisition of logistics SaaS company

Challenge: Target company presented strong revenue growth (£8.2M ARR, 45% YoY growth) and healthy customer metrics (420 customers, 95% retention). Financial due diligence completed, but PE firm requested independent technical due diligence before closing. Seller-provided information suggested "modern, scalable architecture on AWS."

Appraisal findings: Comprehensive 3-week technical due diligence revealed significant hidden issues:

Code quality issues: 85,000 LOC PHP monolith with minimal framework structure, cyclomatic complexity averaging 34 (unmaintainable), test coverage 4% (risky to modify), 12,000 lines of duplicated code, 23 TODO comments with notes like "fix this properly later", and estimated technical debt remediation: £620,000 over 12 months.

Security vulnerabilities: 18 high-severity vulnerabilities identified (SQL injection, authentication bypass, XSS), AWS credentials committed to GitHub repository (since rotated but historically exposed), customer data encryption at rest not implemented (GDPR compliance gap), and estimated security remediation: £180,000 emergency + £40k annual security program.

Infrastructure issues: AWS architecture poorly designed: single AZ, no auto-scaling, significant over-provisioning, monthly AWS cost £14,200 but could be £6,400 with proper architecture (52% waste), no disaster recovery capability (backups untested), and estimated infrastructure optimization: £85,000 to redesign architecture properly.

Team and knowledge risk: Critical system knowledge concentrated in 2 developers (founder + early employee), founder planning to leave post-acquisition (contractual 6-month transition inadequate), no documentation of architectural decisions or business logic, development practices immature (no code review, infrequent deploys), and estimated knowledge transfer and team build-up: £240,000 over 18 months.

Scalability concerns: Architecture cannot support projected 3x customer growth without major refactoring, database design issues will cause performance collapse beyond 1,200 customers (currently 420), and estimated re-architecture for scale: £480,000 over 9 months.

Total hidden technical liability: £1.645M in immediate remediation + £2.8M in medium-term architectural investment = £4.445M

Outcome: PE firm renegotiated acquisition price down £4.2M based on technical findings. Deal closed at £19.8M instead of £24M. Technical due diligence cost £28,000 but delivered £4.2M value (15,000% ROI). Post-acquisition remediation plan informed by appraisal findings prevented surprises and enabled proper budgeting.

Case study 2: Technology appraisal guides £2.4M platform investment decision

Client: Financial services company, legacy trading platform aging, leadership considering 3 options: (1) continue maintaining legacy, (2) modernize/refactor existing platform, (3) replace with new build or COTS

Challenge: Leadership lacked objective analysis to make informed decision. Internal estimates ranged from £400k ("just refactor the problematic bits") to £6M ("complete rebuild"). Board wanted independent assessment and recommendation before committing capital.

Appraisal approach: Comprehensive 5-week assessment including current platform technical assessment, infrastructure cost and performance analysis, regulatory compliance review (FCA requirements), integration complexity analysis (12 upstream/downstream systems), three-option analysis with cost, risk, and timeline estimates, and total cost of ownership (TCO) comparison over 5 years.

Findings:

Option 1: Maintain legacy platform

• Feasible for 2-3 years but escalating risk
• Annual maintenance cost: £420,000 (increasing 15% YoY)
• Technical debt growing faster than remediation
• Regulatory compliance increasingly difficult
• 5-year TCO: £2.8M + high risk of forced emergency replacement
• Recommendation: Not viable beyond 2-3 years

Option 2: Modernize/refactor existing platform

• Partial rewrite of core modules, containerize, cloud migration
• Upfront cost: £1.2M, timeline: 14 months
• Retains some legacy technical debt but reduces significantly
• Annual maintenance reduces to £180,000
• 5-year TCO: £2.1M
• Recommendation: Viable if budget-constrained, moderate risk

Option 3A: New build (custom development)

• Ground-up rebuild with modern architecture
• Upfront cost: £2.4M, timeline: 18 months
• Zero technical debt, optimized architecture
• Annual maintenance: £140,000
• 5-year TCO: £3.1M
• Recommendation: Highest upfront cost but best long-term position

Option 3B: Replace with COTS (Commercial Off-The-Shelf)

• Evaluated 3 COTS vendors
• Upfront cost (licenses, customization, migration): £880,000
• Annual licensing and support: £240,000
• Limited customization capability, vendor lock-in
• 5-year TCO: £2.08M
• Recommendation: Lowest upfront cost but ongoing license costs and limited control

Recommendation: Option 3A (new build) despite highest upfront cost, because:

• Regulatory environment increasingly stringent (FCA requirements)
• Business strategy requires platform flexibility and speed
• Legacy platform at end of maintainable life
• 5-year TCO difference vs Option 2 is only £1M, offset by reduced risk and increased capability
• Funding available and business can absorb 18-month timeline

Outcome: Board approved £2.4M investment for new build based on evidence-based analysis. Project commenced with clear requirements and realistic timeline. Appraisal cost £42,000 but provided confidence for £2.4M decision and prevented potential £4M+ cost of wrong choice (e.g., attempting refactor that fails, requiring subsequent rebuild).

Assessment pricing and engagement models

Software system appraisal (single application)

£8,000 - £18,000 | 2-3 week engagement Codebase quality assessment, architecture review, technical debt quantification, security vulnerability scan, performance analysis, documentation review, prioritized recommendations. Typical scope: single application (50,000-200,000 LOC).

Infrastructure appraisal

£10,000 - £22,000 | 2-4 week engagement Infrastructure architecture review, cost optimization analysis, security assessment, HA/DR evaluation, performance analysis, operational maturity review, improvement roadmap. Typical scope: AWS/Azure/GCP account supporting single platform (15-50 resources).

Technical due diligence (M&A)

£25,000 - £65,000 | 3-6 week engagement Comprehensive pre-acquisition assessment covering code, infrastructure, security, team, technical debt, integration complexity, risk analysis, valuation adjustment recommendations. Pricing depends on portfolio size and depth required. Typical scope: target company with 1-3 main applications, £5M-£50M valuation range.

Technology strategy assessment

£18,000 - £38,000 | 3-5 week engagement Technology stack assessment, strategic alignment analysis, capability maturity review, roadmap development, investment priorities, vendor risk assessment. Typical scope: organization with 5-15 applications, 15-40 technical staff.

Development practice assessment

£12,000 - £24,000 | 2-4 week engagement Development process review, CI/CD maturity assessment, testing practices evaluation, team effectiveness analysis, process improvement recommendations, tooling opportunities. Typical scope: development team of 8-25 engineers.

Comprehensive technology appraisal

£45,000 - £95,000 | 6-10 week engagement Full technology estate assessment including all applications, infrastructure, development practices, team capability, technology strategy, comprehensive roadmap with investment priorities. Typical scope: mid-sized organization with 8-20 applications, 25-60 technical staff.

Rapid assessment (focused scope)

£5,000 - £9,000 | 1 week engagement Focused assessment on specific concern (e.g., security only, infrastructure costs only, single critical application). Executive summary with key findings and high-level recommendations. Ideal for quick decision support or problem triage.

When you need technology appraisal

You need appraisal services if:

1. M&A due diligence — Acquiring or investing in company with significant technology assets
2. Unclear technical health — Lack visibility into code quality, technical debt, or infrastructure costs
3. Major investment decision — Considering significant technology investment (rebuild, refactor, COTS replacement) and need objective analysis
4. New technical leadership — New CTO/CIO wants baseline assessment of inherited technology estate
5. Performance or reliability concerns — Experiencing issues but root causes unclear
6. Regulatory or security concerns — Need independent assessment of security posture or compliance gaps
7. Vendor dispute — Disagreement with vendor over system quality or deliverables, need independent assessment
8. Rising costs — Infrastructure or maintenance costs increasing disproportionately, need visibility into drivers

Why iCentric for technology appraisal

Independent and unbiased: We have no financial incentive to recommend expensive solutions or particular vendors. Appraisals are evidence-based, objective assessments focused on your best interests.

Technical depth: Appraisals conducted by senior engineers and architects (10-20 years experience) — not junior consultants following checklists. We understand nuance and can identify issues that automated tools miss.

Business context: We assess technology in business context — not just "is this code good?" but "does this technology support business objectives at acceptable cost and risk?" Recommendations are pragmatic and cost-benefit justified.

Evidence-based reporting: Findings supported by evidence (metrics, screenshots, code examples, test results) — not vague opinions. Technical debt quantified with remediation cost estimates. Recommendations prioritized by impact and urgency.

Experience across sectors: Conducted appraisals for healthcare (clinical systems, HIPAA compliance), finance (trading platforms, FCA requirements), e-commerce (high-traffic platforms), SaaS (multi-tenant applications), professional services, and manufacturing. Experience with legacy systems (mainframe, COBOL, on-premises) and modern cloud architectures.

M&A due diligence expertise: Completed 40+ pre-acquisition technical due diligence engagements for private equity, venture capital, and corporate acquirers. Understand deal dynamics and information needs of investment committees.

Confidentiality and discretion: Understand sensitive nature of appraisals (especially M&A due diligence). Strict NDAs, secure handling of sensitive information, and discretion in stakeholder interactions.

Next steps: Appraisal consultation

Start with a complimentary scoping consultation to understand your appraisal objectives, scope requirements, and timeline constraints.

Scoping consultation includes:

• Appraisal objectives and decision context discussion
• Scope definition (applications, infrastructure, focus areas)
• Access requirements and logistics
• Estimated timeline and pricing
• Sample appraisal report from similar engagement
• Team composition and expertise areas

Get started: Contact us to schedule an appraisal scoping consultation or request a detailed proposal.