[web007]

I'm curious if Mr. Hunt has ever been through either side of a diligence process.

Everything in his list sounds like what you need to check the audit and compliance boxes at any "real" company. I've been through a dozen audits from prospective _customers_ that are worse than his description, even apart from our internal audits, so if someone was going to buy a company I'd expect essentially a superset of BS from all of those different inquiries. You sometimes answer the audit optimistically, then use that as your framework to write the policies and figure out how you're going to implement them before you submit your response. "How do you sanitize media for disposal?" "Oh shit, I guess we need a document that says how we dispose of media." - problem solved!

Yeah, it's rough. KPMG should have done their own diligence to see that he wasn't serious - if you're not willing to jump through some of those hoops then you're not ready for a big-boy company.

[txcwpalpha]

Agreed. I really feel for Hunt because the process surely is exhausting for anyone, let alone a sole business owner. But I have to wonder what he expected when he started to go down this path. It sounds like KPMG may not have adequately prepared him for this, or (based on my experience with consultants similar to KPMG) they probably assumed that he knew what he was getting himself into (he apparently did not).

That said, I don't put all of the blame on KPMG. It takes only a few minutes searching on the internet or speaking with advisors to learn that shopping for a buyout is a long, extremely hard process. In particular, I couldn't help but audibly laugh at Hunt's seeming incredulity at the request for "Documentation of the Company's technical operations". Hunt is trying to sell a tech company whose primary business value comes from the technical infrastructure, operations, and data. I don't want to sound too blunt, but...no fucking shit the buyers are going to want to know about his technical processes and infrastructure. Did he seriously think someone would even think about buying HIBP without investigating exactly what technical stack and data they are buying? Even for companies where the value isn't as based in the tech processes, nobody wants to buy a pile of steaming spaghetti code.

It should be common sense that this is the type of information that buyers would ask for. This list of tech processes and documentation of infrastructure is something that should have been put together first thing before Hunt even started shopping around.